Recently we updated Blogger’s authorization system to be more consistent with regards to the difference in roles between blogger.com and blogspot.com. As a result, some third-party integrations that depended on an unintended quirk of our previous system broke. This post explains the issue and how to update your implementation to be compliant with the correct authorization behavior.
The Blogger Developer’s Guide explains how to authenticate to our services on the URLs under http://www.blogger.com/feeds/profileID/. The unintended quirk allowed authentication requests against public feed URLs hosted on the blogspot.com domain. Under the updated system, this is no longer permitted.
Now, authorization is only permitted against https://www.blogger.com/feeds/ and http://www.blogger.com/feeds/. The feeds are not going away; instead we are separating the read-only, unauthenticated subscriptions from authenticated access to Blogger’s read-write APIs.
We apologize that the impact of this behavior change was not made more clear initially. If you have any further questions on this matter — or Blogger development in general — please post a question in our BloggerDev forum.
The Blogger Developer’s Guide explains how to authenticate to our services on the URLs under http://www.blogger.com/feeds/profileID/. The unintended quirk allowed authentication requests against public feed URLs hosted on the blogspot.com domain. Under the updated system, this is no longer permitted.
Now, authorization is only permitted against https://www.blogger.com/feeds/ and http://www.blogger.com/feeds/. The feeds are not going away; instead we are separating the read-only, unauthenticated subscriptions from authenticated access to Blogger’s read-write APIs.
We apologize that the impact of this behavior change was not made more clear initially. If you have any further questions on this matter — or Blogger development in general — please post a question in our BloggerDev forum.
ConversionConversion EmoticonEmoticon