Summary
Adopt the Market Data API's new IP response headers in the PHP SDK:
X-API-Detected-IP — the caller's detected IP, returned on successful (200/203) responses
X-API-Authorized-IP — the account's authorized IP, returned on 403 IP-block responses
These were added API-side in MarketData-App/api#200. They replace the legacy X-API-BLOCKED-IP header, which the API plans to remove (tracking issue: https://github.com/MarketData-App/api/issues/202).
Why this matters
This SDK does not currently read X-API-BLOCKED-IP, so the API's eventual removal won't break anything here — this is purely additive. But adopting the new headers is a prerequisite the API team is gating the removal on, and it's a genuine UX win: on a 403 multi-IP block the user currently gets a bare "access denied" with no indication of which IP their account expects. Surfacing X-API-Authorized-IP tells them exactly what to whitelist.
Suggested changes
- 403 handling — in the request/error path (
src/Client.php / src/ClientBase.php), read X-API-Authorized-IP via $response->getHeaderLine('X-API-Authorized-IP') and expose it on the thrown exception (e.g. an authorizedIp property + in the message).
- Optional (success path) — follow the existing
src/RateLimits.php extraction pattern to optionally expose X-API-Detected-IP for parity with the other SDKs.
Acceptance criteria
Prerequisite for MarketData-App/api removal of X-API-BLOCKED-IP (https://github.com/MarketData-App/api/issues/202).
Summary
Adopt the Market Data API's new IP response headers in the PHP SDK:
X-API-Detected-IP— the caller's detected IP, returned on successful (200/203) responsesX-API-Authorized-IP— the account's authorized IP, returned on 403 IP-block responsesThese were added API-side in MarketData-App/api#200. They replace the legacy
X-API-BLOCKED-IPheader, which the API plans to remove (tracking issue: https://github.com/MarketData-App/api/issues/202).Why this matters
This SDK does not currently read
X-API-BLOCKED-IP, so the API's eventual removal won't break anything here — this is purely additive. But adopting the new headers is a prerequisite the API team is gating the removal on, and it's a genuine UX win: on a 403 multi-IP block the user currently gets a bare "access denied" with no indication of which IP their account expects. SurfacingX-API-Authorized-IPtells them exactly what to whitelist.Suggested changes
src/Client.php/src/ClientBase.php), readX-API-Authorized-IPvia$response->getHeaderLine('X-API-Authorized-IP')and expose it on the thrown exception (e.g. anauthorizedIpproperty + in the message).src/RateLimits.phpextraction pattern to optionally exposeX-API-Detected-IPfor parity with the other SDKs.Acceptance criteria
X-API-Authorized-IP.X-API-BLOCKED-IP.X-API-Authorized-IP.Prerequisite for MarketData-App/api removal of
X-API-BLOCKED-IP(https://github.com/MarketData-App/api/issues/202).