Hi everyone. We believe the issues around intermittent access problems to the API should now be resolved. Please raise a ticket if you are having any further issues.
We also strongly suggest that you add a user agent to your API requests. This helps us determine the source of the traffic as well differentiate legitimate requests from malicious attackers. The user agent is sent in the header and will look something like this:
We’re very sorry for the trouble you’ve had getting through to our API earlier this week. We wanted to give you a bit of background on what happened and what we’re going to do about it. We suspect there are some things you’ll need to do as well but that will make a bit more sense after the explanation, so….
Last Monday morning Melbourne, Australia, time, we came under a very large distributed denial of service (DDoS) attack. That is basically a flood of traffic many times the normal size we serve deliberately designed to take us off the air. There’s a pretty constant background hum of small scale probes of this kind that we’re always watching, but for 9 minutes on Monday morning, one did in fact take us off the air. This caused us to turn our defences up to maximum, which amounts to a distributed provision of service response to this attack, whereby we block direct traffic to our data centre and force all the traffic to take the long road, via a globally distributed set of traffic filters that do their very best to eliminate the bad traffic while still letting the good traffic through.
It is this filtering process that unfortunately decided your API calls were bad traffic, not good traffic. Some API traffic still got through, but the majority was filtered out. As soon as we turned our defensive shields back to normal levels, your traffic made it through once again. We are very unhappy about what happened, but the alternative scenario was the entire site, APIs included, being down for several hours.
So what we are going to do is to investigate why the traffic that was dropped on the floor was dropped on the floor so we can then make sure it gets through next time. Early indications are that some API calls lack a User-Agent header in their requests, so it might be as simple as making sure that all the API clients are updated to include appropriate request headers. In fact, you should go ahead and do that now anyway as it’s good practice You probably know about that kind of stuff already but just in case, you can find out more here.
We’ll update this thread when we know more and once again, our apologies for the inconvenience and we’re glad the API is so highly valued by you all.
Thanks! Glad to hear that it has been fixed.
I’m suffered my plugin problem. But finally it was related API, and I realized and fixed the issue now. Please keep updated this thread. Thanks