When troubleshooting integration issues via the API, a good resource is our Outbound API log.
You can find it from the main menu under API Integration >> Outgoing API Logging.
- The Offer Info column represents the name of the offer making the API call.
- The Outbound URL column represents the URL your API calls are hitting.
- The Data column represents the data being sent in the API call. Click on the column to see the full data output.
- The Server Response column represents any response provided by the receiving server. If it appears blank, click on the column for an individual API call event to confirm whether there was a response.
Your server is not required to provide a response in order for the data to be successfully sent/received. In fact, a successful call will often result in no response in this column. This column is most helpful when receiving an error response.
A common issue seen with WordPress integration is a ModSecurity error. With this error, the Server Response column will have message similar to this:
An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security."
ModSecurity (mod_security) is an open-source Apache module that acts as a web application firewall. It is used to help protect servers (and websites) from several methods of attack, most common being brute force. You can think of mod_security as an invisible layer that separates users and the content on the server, monitoring HTTP traffic and other interactions.
By default, ModSecurity uses a Negative security model. Negative security model monitors requests for anomalies, unusual behavior, and common web application attacks. It keeps anomaly scores for each request, IP addresses, application sessions, and user accounts. Requests with high anomaly scores are either logged or rejected altogether.
This means that if some request manages to trigger a ModSecurity rule, it WILL NOT REACH your web application, by design. Firewalls stop traffic from being acted upon.
If your host ModSecurity rules are too aggressive, or otherwise configured in a way that it manages to exclude or reject API requests from Nanacast, no action by Nanacast could be taken to to ensure that our request makes it through your particular host/server ModSecurity rules. So you would need to resolve this with your host.
Note: If you are using the Wishlistcast plugin, the creator of the plugin has additional information on ModSecurity here: http://www.steveovens.com/wordpress/wishlistcast-plugin-working-read