Introduction

The Backpack API is implemented as vanilla XML over HTTP. Send the Content-Type: application/xml header to identify XML requests. Example with Curl:

curl -H 'Content-Type: application/xml' -d '<request>...' http://url

Authentication happens by accessing a url that belongs to the user, like http://david.backpackit.com, and by passing in the web service token as part of the XML request. The token is a 40-char SHA1 hash and can be found on your "My Info" page. The token represents your password for use with web services, so don't distribute it - that would be like giving your password away. Abuse the token and it can be revoked.

Complete query example with Curl:

curl -H 'Content-Type: application/xml' -d '<request>
  <token>40bd001563085fc35165329ea1ff5c5ecbdbbeef</token>
</request>' \
http://david.backpackit.com/ws/page/1

...will return something like:

<response success='true'>
<page title='Ajax Summit' id='1133' email_address='ry87ib@backpackit.com'>

  <notes>
    <note title='Hotel' id='1020' created_at='2005-05-14 16:41:11'>
      Staying at the Savoy
    </note>
  </notes>

  <lists>
    <list id='2592' name='Itinerary'>
      <items>
        <item id='3308' completed='false'>See San Francisco</item>
        <item id='3303' completed='true'>Meet interesting people</item>
        <item id='3307' completed='true'>Present Backpack</item>

      </items>
    </list>
  </lists>

  <tags>
    <tag name='Technology' id='4' />
    <tag name='Travel' id='5' />
  </tags>
</page>
</response>

Complete post example with Curl:

curl -H 'Content-Type: application/xml' -d '<request>
  <token>40bd001563085fc35165329ea1ff5c5ecbdbbeef</token>

  <item>
    <content>Hello World!</content>
  </item>
</request>' \
http://david.backpackit.com/ws/page/1/items/create

...will return something like:

<response success='true'>
  <item completed='false' id='5'>Hello World!</item>
</response>

If something goes wrong in the request, you’ll get one of two errors. This one for an internal error, which may occur if you pass in bad variables:

<response success='false'>
  <error code='500'>Internal error</item>
</response>

...or this one, if you’re referencing a record that doesn’t exist:

<response success='false'>
  <error code='404'>Record not found</item>
</response>

See the Ruby wrapper example for more inspiration.

SSL Note: A request made against a plus or premium account that has SSL turned on (that's default for these subscriptions) will get a redirect answer back. Be sure to call over https for a account that requires that.

Usage Limits: API requests rates are tracked by account subdomain and incoming IP address, so they're per-customer and per-client. If your application uses the API from a cluster of machines, that's fine; just be reasonable. Calendar API requests are limited to 10 requests per 5 seconds. All other requests are limited to 100 requests per 5 seconds. If you exceed the limit, you'll get a 503 response with a Retry-After header indicating how many seconds to wait until retry.

Differences from the version 2 API

• Replaced /ws/account/export with /#{token}/users/#{id}.xml
• Updated reminders API for multiple remindees

Differences from the version 1 API

• Page belongings position items on the page.
• Work with multiple lists instead of one per page.
• Page descriptions (bodies) were removed. The old page descriptions are now notes.
• Page links have been deprecated. Old links were not deleted, but new links cannot be created.
• Use the Content-Type: application/xml header instead of X-POST_DATA_FORMAT: xml