Production Readiness

Production integrations need boundaries, secure credentials, recovery, validation, and observability.

Production Architecture

  1. Accept an internal request. Validate the source, operation, and allowed scope before calling DataBlue.
  2. Create an internal operation record. Store your request id, user, selected DataBlue operation, and source.
  3. Send a bounded DataBlue request. Set explicit formats, timeouts, page limits, depth, and path rules.
  4. Record the external result. Store HTTP status, success, job_id, terminal state, and safe error context.
  5. Validate and transform. Confirm required content exists before indexing, displaying, or acting on it.
  6. Publish the outcome. Update your user-facing state independently from the request worker.

1. Protect Credentials

  • Call DataBlue from trusted server-side code, workers, CLI processes, or locally configured MCP clients.
  • Inject DATABLUE_API_KEY through a secrets manager or deployment environment.
  • Use separate named keys for development, CI, staging, and production.
  • Redact Authorization, cookies, user-supplied secrets, and webhook secrets from logs.
  • Rotate without downtime: create a replacement, deploy it, verify traffic, then delete the old key.

2. Bound Every Operation

OperationProduction boundary
ScrapeExplicit formats, page timeout, content scope, and maximum accepted response size
Crawlmax_pages, max_depth, concurrency, include paths, exclude paths, and external-link policy
SearchResult count, selected engine, formats, and extraction scope
MapURL limit, subdomain policy, sitemap policy, and optional search filter
ExtractMaximum source count, precise prompt, JSON Schema, and post-validation
Data APIEndpoint-specific limits, pagination, query scope, and current credit weight
Never let an end user silently convert an unbounded domain into an unrestricted crawl. Translate product intent into explicit server-side limits.

3. Set Layered Timeouts

Use separate timeouts for the page operation, your HTTP client, and the overall business workflow.

TimeoutPurposeRule
Request optionMaximum page operation time sent to DataBlueSet it deliberately for the target class
HTTP clientMaximum time your process waits for the API responseAllow transport overhead beyond the request option
Job deadlineMaximum time your product permits a long-running workflowPersist it and stop polling after it expires
Worker leasePrevents abandoned internal workers from running foreverKeep it longer than one poll interval but bounded

4. Retry Selectively

Retries are safe only when they are bounded and based on a failure category. Use exponential backoff with jitter and a small maximum attempt count.

ConditionDefault actionReason
Connection interruptionRetry with backoffThe request may not have reached the service
429Respect Retry-After or wait for capacityImmediate repetition increases contention
Selected 5xx responsesRetry a small number of timesThe condition may be transient
401 or 403Do not retry unchanged credentialsAuthentication or account state requires correction
422Do not retry unchanged JSONThe request contract must be fixed
Terminal failed jobRecord failure, inspect category, then decide explicitlyBlindly restarting large jobs can duplicate cost and load

A bounded curl retry example

Example
curl --fail-with-body --silent --show-error \
  --connect-timeout 10 \
  --max-time 75 \
  --retry 2 \
  --retry-delay 2 \
  --retry-max-time 160 \
  --retry-connrefused \
  -X POST "https://api.datablue.dev/v1/scrape" \
  -H "Authorization: Bearer $DATABLUE_API_KEY" \
  -H "Content-Type: application/json" \
  -H "X-Request-ID: your-internal-request-id" \
  -d '{
    "url": "https://example.com",
    "formats": ["markdown", "links"],
    "timeout": 30000
  }' | tee response.json

Use both HTTP status and returned failure fields to decide whether to retry.

5. Persist Long-Running Jobs

Do not keep crawl or search progress only in process memory. Store enough information to resume observation after a restart.

StoreWhy
Your internal operation idConnects DataBlue work to your user or workflow
DataBlue job_idAllows polling, cancellation, and support investigation
Operation typeSelects the correct status endpoint
Sanitized request summarySupports reproduction without storing secrets
Current and terminal statusDrives user-facing state and recovery
Completed counts and pagination cursorSupports incremental result processing
Created, updated, and deadline timestampsDetects stuck or abandoned work

Use a state machine

Example
created -> submitted -> pending -> running -> completed
                                      |          |
                                      |          +-> processed
                                      +-> failed
                                      +-> cancelled

Make terminal transitions idempotent so duplicate status checks or webhook deliveries cannot process the same result twice.

6. Use Webhooks for Completion

Use signed webhooks for completion and keep polling as a recovery path.

Example
curl --fail-with-body --silent --show-error \
  -X POST "https://api.datablue.dev/v1/crawl" \
  -H "Authorization: Bearer $DATABLUE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com/docs",
    "max_pages": 25,
    "max_depth": 3,
    "scrape_options": {
      "formats": ["markdown"]
    },
    "webhook_url": "https://your-app.example/webhooks/datablue",
    "webhook_secret": "your-dedicated-webhook-secret"
  }'
  • Use HTTPS.
  • Verify the signature according to the Webhooks reference before parsing the payload.
  • Acknowledge valid deliveries quickly and move heavy processing to a queue.
  • Deduplicate by delivery identity and job identity.
  • Do not trust a status change solely because a JSON body claims it.
  • Reconcile missed events by polling the job endpoint.

7. Validate Content Before Use

For markdown and page content

  • Require a source URL and successful source status.
  • Set minimum and maximum content sizes appropriate to the workflow.
  • Keep source metadata beside indexed or transformed content.
  • Deduplicate repeated content before inserting it into a retrieval index.
  • Sanitize rendered HTML in your own UI even when the source is trusted.

For structured extraction

  • Validate against your JSON Schema again inside your application.
  • Reject missing required fields instead of silently inserting defaults.
  • Preserve the source URL and, where useful, source text supporting the field.
  • Require human or deterministic verification for financial, legal, medical, or irreversible decisions.

8. Control Response Size and Storage

  • Request only necessary formats.
  • Store screenshots and raw HTML in object storage instead of frequently queried relational rows.
  • Compress large text payloads at rest when appropriate.
  • Set retention periods by data type and user expectation.
  • Delete temporary response files and avoid leaving API output in shared build logs.
  • Record content hashes when your pipeline uses them for deduplication.

9. Observe the Integration

Record metrics by DataBlue operation and your internal use case rather than one undifferentiated request counter.

SignalWhy it matters
Request count and operationShows product usage and load shape
HTTP status and error_codeSeparates auth, validation, capacity, source, and service failures
End-to-end latencyMeasures what your user experiences
Job age by statusDetects stuck or abandoned workflows
Returned pages, words, links, images, and bytesHighlights unexpectedly thin or oversized results
Retry countReveals hidden instability and cost amplification
Credits consumed by workflowConnects product behavior to spend

Log request and job ids, operation, source host, status, and duration. Never log credentials.

10. Plan for Credits and Concurrency

  • Read Plans & Credits before selecting default page and result limits.
  • Read Concurrency before choosing worker parallelism.
  • Queue work inside your product when user demand can exceed available concurrency.
  • Apply per-user limits so one customer cannot consume the entire integration budget.
  • Display progress for long jobs instead of encouraging repeated submissions.
  • Alert before credits are exhausted and provide a clear product behavior when work cannot be admitted.

Failure Playbook

FailureImmediate actionLong-term fix
Authentication failures increaseStop retries and verify deployed secret presenceImprove secret rotation and deployment checks
Validation failures increaseCapture sanitized response details and request shapeAdd contract tests and typed request builders
Timeouts increase for one sourceReduce scope and inspect source behaviorCreate source-specific limits and expectations in your product
Jobs remain pending too longKeep polling with a deadline and avoid duplicate submissionsAdd age alerts and user-visible queued state
Webhook delivery is missedPoll using the stored job idAdd reconciliation and delivery monitoring
Results become unexpectedly thinRetain source metadata and compare recent examplesAdd content-volume and required-field checks

Launch Checklist

  • One operation and one source class have been tested with fresh inputs.
  • Credentials are server-side, named, redacted, and independently revocable.
  • Every request has explicit scope and timeout boundaries.
  • HTTP and operation failures are handled separately.
  • Retries are selective, bounded, delayed, and observable.
  • Long-running jobs survive process restarts.
  • Webhook signatures are verified and deliveries are idempotent.
  • Required response fields and content size are validated.
  • Large formats have a storage and retention policy.
  • Metrics, logs, and alerts expose failures without exposing secrets.
  • Concurrency and credit behavior are reflected in product limits.
  • There is a documented cancellation and incident-recovery path.

Continue to the Reference