The Backpack API is implemented as vanilla XML over HTTP. Send the Content-Type: application/xml
header to identify XML requests. Example with Curl:
curl -H 'Content-Type: application/xml' -d '<request>...' http://url
Authentication happens by accessing a url that belongs to the user, like http://david.backpackit.com, and by passing in the web service token as part of the XML request. The token is a 40-char SHA1 hash and can be found on your "My Info" page. The token represents your password for use with web services, so don't distribute it - that would be like giving your password away. Abuse the token and it can be revoked.
Complete query example with Curl:
curl -H 'Content-Type: application/xml' -d '<request>
<token>40bd001563085fc35165329ea1ff5c5ecbdbbeef</token>
</request>' \
http://david.backpackit.com/ws/page/1
...will return something like:
<response success='true'>
<page title='Ajax Summit' id='1133' email_address='ry87ib@backpackit.com'>
<notes>
<note title='Hotel' id='1020' created_at='2005-05-14 16:41:11'>
Staying at the Savoy
</note>
</notes>
<lists>
<list id='2592' name='Itinerary'>
<items>
<item id='3308' completed='false'>See San Francisco</item>
<item id='3303' completed='true'>Meet interesting people</item>
<item id='3307' completed='true'>Present Backpack</item>
</items>
</list>
</lists>
<tags>
<tag name='Technology' id='4' />
<tag name='Travel' id='5' />
</tags>
</page>
</response>
Complete post example with Curl:
curl -H 'Content-Type: application/xml' -d '<request>
<token>40bd001563085fc35165329ea1ff5c5ecbdbbeef</token>
<item>
<content>Hello World!</content>
</item>
</request>' \
http://david.backpackit.com/ws/page/1/items/create
...will return something like:
<response success='true'>
<item completed='false' id='5'>Hello World!</item>
</response>
If something goes wrong in the request, you’ll get one of two errors. This one for an internal error, which may occur if you pass in bad variables:
<response success='false'>
<error code='500'>Internal error</item>
</response>
...or this one, if you’re referencing a record that doesn’t exist:
<response success='false'>
<error code='404'>Record not found</item>
</response>
See the Ruby wrapper example for more inspiration.
SSL Note: A request made against a plus or premium account that has SSL turned on (that's default for these subscriptions) will get a redirect answer back. Be sure to call over https for a account that requires that.
Usage Limits: API requests rates are tracked by account subdomain and incoming IP address, so they're per-customer and per-client. If your application uses the API from a cluster of machines, that's fine; just be reasonable. Calendar API requests are limited to 10 requests per 5 seconds. All other requests are limited to 100 requests per 5 seconds. If you exceed the limit, you'll get a 503 response with a Retry-After header indicating how many seconds to wait until retry.
Content-Type: application/xml
header instead of X-POST_DATA_FORMAT: xml