Production Readiness
Production integrations need boundaries, secure credentials, recovery, validation, and observability.
Production Architecture
- Accept an internal request. Validate the source, operation, and allowed scope before calling DataBlue.
- Create an internal operation record. Store your request id, user, selected DataBlue operation, and source.
- Send a bounded DataBlue request. Set explicit formats, timeouts, page limits, depth, and path rules.
- Record the external result. Store HTTP status,
success,job_id, terminal state, and safe error context. - Validate and transform. Confirm required content exists before indexing, displaying, or acting on it.
- Publish the outcome. Update your user-facing state independently from the request worker.
1. Protect Credentials
- Call DataBlue from trusted server-side code, workers, CLI processes, or locally configured MCP clients.
- Inject
DATABLUE_API_KEYthrough a secrets manager or deployment environment. - Use separate named keys for development, CI, staging, and production.
- Redact
Authorization, cookies, user-supplied secrets, and webhook secrets from logs. - Rotate without downtime: create a replacement, deploy it, verify traffic, then delete the old key.
2. Bound Every Operation
| Operation | Production boundary |
|---|---|
| Scrape | Explicit formats, page timeout, content scope, and maximum accepted response size |
| Crawl | max_pages, max_depth, concurrency, include paths, exclude paths, and external-link policy |
| Search | Result count, selected engine, formats, and extraction scope |
| Map | URL limit, subdomain policy, sitemap policy, and optional search filter |
| Extract | Maximum source count, precise prompt, JSON Schema, and post-validation |
| Data API | Endpoint-specific limits, pagination, query scope, and current credit weight |
Never let an end user silently convert an unbounded domain into an unrestricted crawl. Translate product intent into explicit server-side limits.
3. Set Layered Timeouts
Use separate timeouts for the page operation, your HTTP client, and the overall business workflow.
| Timeout | Purpose | Rule |
|---|---|---|
| Request option | Maximum page operation time sent to DataBlue | Set it deliberately for the target class |
| HTTP client | Maximum time your process waits for the API response | Allow transport overhead beyond the request option |
| Job deadline | Maximum time your product permits a long-running workflow | Persist it and stop polling after it expires |
| Worker lease | Prevents abandoned internal workers from running forever | Keep it longer than one poll interval but bounded |
4. Retry Selectively
Retries are safe only when they are bounded and based on a failure category. Use exponential backoff with jitter and a small maximum attempt count.
| Condition | Default action | Reason |
|---|---|---|
| Connection interruption | Retry with backoff | The request may not have reached the service |
429 | Respect Retry-After or wait for capacity | Immediate repetition increases contention |
Selected 5xx responses | Retry a small number of times | The condition may be transient |
401 or 403 | Do not retry unchanged credentials | Authentication or account state requires correction |
422 | Do not retry unchanged JSON | The request contract must be fixed |
| Terminal failed job | Record failure, inspect category, then decide explicitly | Blindly restarting large jobs can duplicate cost and load |
A bounded curl retry example
curl --fail-with-body --silent --show-error \
--connect-timeout 10 \
--max-time 75 \
--retry 2 \
--retry-delay 2 \
--retry-max-time 160 \
--retry-connrefused \
-X POST "https://api.datablue.dev/v1/scrape" \
-H "Authorization: Bearer $DATABLUE_API_KEY" \
-H "Content-Type: application/json" \
-H "X-Request-ID: your-internal-request-id" \
-d '{
"url": "https://example.com",
"formats": ["markdown", "links"],
"timeout": 30000
}' | tee response.jsonUse both HTTP status and returned failure fields to decide whether to retry.
5. Persist Long-Running Jobs
Do not keep crawl or search progress only in process memory. Store enough information to resume observation after a restart.
| Store | Why |
|---|---|
| Your internal operation id | Connects DataBlue work to your user or workflow |
DataBlue job_id | Allows polling, cancellation, and support investigation |
| Operation type | Selects the correct status endpoint |
| Sanitized request summary | Supports reproduction without storing secrets |
| Current and terminal status | Drives user-facing state and recovery |
| Completed counts and pagination cursor | Supports incremental result processing |
| Created, updated, and deadline timestamps | Detects stuck or abandoned work |
Use a state machine
created -> submitted -> pending -> running -> completed
| |
| +-> processed
+-> failed
+-> cancelledMake terminal transitions idempotent so duplicate status checks or webhook deliveries cannot process the same result twice.
6. Use Webhooks for Completion
Use signed webhooks for completion and keep polling as a recovery path.
curl --fail-with-body --silent --show-error \
-X POST "https://api.datablue.dev/v1/crawl" \
-H "Authorization: Bearer $DATABLUE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"url": "https://example.com/docs",
"max_pages": 25,
"max_depth": 3,
"scrape_options": {
"formats": ["markdown"]
},
"webhook_url": "https://your-app.example/webhooks/datablue",
"webhook_secret": "your-dedicated-webhook-secret"
}'- Use HTTPS.
- Verify the signature according to the Webhooks reference before parsing the payload.
- Acknowledge valid deliveries quickly and move heavy processing to a queue.
- Deduplicate by delivery identity and job identity.
- Do not trust a status change solely because a JSON body claims it.
- Reconcile missed events by polling the job endpoint.
7. Validate Content Before Use
For markdown and page content
- Require a source URL and successful source status.
- Set minimum and maximum content sizes appropriate to the workflow.
- Keep source metadata beside indexed or transformed content.
- Deduplicate repeated content before inserting it into a retrieval index.
- Sanitize rendered HTML in your own UI even when the source is trusted.
For structured extraction
- Validate against your JSON Schema again inside your application.
- Reject missing required fields instead of silently inserting defaults.
- Preserve the source URL and, where useful, source text supporting the field.
- Require human or deterministic verification for financial, legal, medical, or irreversible decisions.
8. Control Response Size and Storage
- Request only necessary formats.
- Store screenshots and raw HTML in object storage instead of frequently queried relational rows.
- Compress large text payloads at rest when appropriate.
- Set retention periods by data type and user expectation.
- Delete temporary response files and avoid leaving API output in shared build logs.
- Record content hashes when your pipeline uses them for deduplication.
9. Observe the Integration
Record metrics by DataBlue operation and your internal use case rather than one undifferentiated request counter.
| Signal | Why it matters |
|---|---|
| Request count and operation | Shows product usage and load shape |
HTTP status and error_code | Separates auth, validation, capacity, source, and service failures |
| End-to-end latency | Measures what your user experiences |
| Job age by status | Detects stuck or abandoned workflows |
| Returned pages, words, links, images, and bytes | Highlights unexpectedly thin or oversized results |
| Retry count | Reveals hidden instability and cost amplification |
| Credits consumed by workflow | Connects product behavior to spend |
Log request and job ids, operation, source host, status, and duration. Never log credentials.
10. Plan for Credits and Concurrency
- Read Plans & Credits before selecting default page and result limits.
- Read Concurrency before choosing worker parallelism.
- Queue work inside your product when user demand can exceed available concurrency.
- Apply per-user limits so one customer cannot consume the entire integration budget.
- Display progress for long jobs instead of encouraging repeated submissions.
- Alert before credits are exhausted and provide a clear product behavior when work cannot be admitted.
Failure Playbook
| Failure | Immediate action | Long-term fix |
|---|---|---|
| Authentication failures increase | Stop retries and verify deployed secret presence | Improve secret rotation and deployment checks |
| Validation failures increase | Capture sanitized response details and request shape | Add contract tests and typed request builders |
| Timeouts increase for one source | Reduce scope and inspect source behavior | Create source-specific limits and expectations in your product |
| Jobs remain pending too long | Keep polling with a deadline and avoid duplicate submissions | Add age alerts and user-visible queued state |
| Webhook delivery is missed | Poll using the stored job id | Add reconciliation and delivery monitoring |
| Results become unexpectedly thin | Retain source metadata and compare recent examples | Add content-volume and required-field checks |
Launch Checklist
- One operation and one source class have been tested with fresh inputs.
- Credentials are server-side, named, redacted, and independently revocable.
- Every request has explicit scope and timeout boundaries.
- HTTP and operation failures are handled separately.
- Retries are selective, bounded, delayed, and observable.
- Long-running jobs survive process restarts.
- Webhook signatures are verified and deliveries are idempotent.
- Required response fields and content size are validated.
- Large formats have a storage and retention policy.
- Metrics, logs, and alerts expose failures without exposing secrets.
- Concurrency and credit behavior are reflected in product limits.
- There is a documented cancellation and incident-recovery path.
