For the last week or two I've been getting an HTTP error 999 when I try to submit a bid using the API. Did something change?

Hello Phil,
Thank you for the report. Can you paste the full URL and response into this thread? We can surely fix whatever this new issue is.

This the URL:
164044332303&bid=1.04&delay=">https://bidslammer.com/api/addBid?key=ed55a227bf5bcacc&item_no=164044332303&bid=1.04&delay=
and this is a trace of what happens:
POST request:
164044332303&bid=1.04&delay=">https://bidslammer.com/api/addBid?key=ed55a227bf5bcacc&item_no=164044332303&bid=1.04&delay=
Parameters:
None
Return code: 999
The message in the response (I now see) is:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Not sure where the problem is but the same code was working fine for months and nothing else changed that I'm aware of.

Hmm... we can't reproduce the error on this end, which makes it a bit harder to troubleshoot on this end. Try these steps:
1. Make sure it is a GET request (not POST).
(We use GET for everything so that anyone that is not tech-savvy can use it, for example, people using Excel macros or AppleScript.)
2. Try turning off SSL verification.
(We updated our SSL certificate on Jan 14, which is 5 days before your post.)
Thank you for reporting this, and please let us know if either step fixes it, so we can update our code and/or documentation.

Yes, I noticed you updated the certificate and you're right it ought to be GET but that has the same problem. I believe the problem is that my version of Java doesn't recognize the certificate authority for your new certificate. Not sure how I get around that but that's my problem. Thanks for your help.

It's definitely related to SSL, but it's not just you. I used Postman, with a GET call to the URL you gave, and it forced me to turn off the SSL verification option before it would present the result. This didn't happen before the certificate upgrade. Something about how we installed the certificate seems to be the issue.
We will let you know if we find a workaround or solution, and would appreciate if you would do the same.

Did you get the previous certificate from the same Certificate Authority? Don't know about Postman but even the latest version of Java doesn't have your current one listed (as far as I can tell). It works in a browser (Chrome) though.

Yes, same authority. Just pasted the 3 files and restarted the server.
I don't understand what you meant by "Java doesn't have our current one listed." Can you clarify? I'm curious since I have never worked with a Java environment.
Postman is a must-have app for testing API's for PC and Mac. I highly recommend it. It has an option to bypass the certificate.
https://www.getpostman.com/downloads/

Java includes a key store that contains a certificate for each known Certificate Authority. Since that changes from time to time it gets updated in each new version of Java. The version of Java I'm using is a bit out of date, so I tried replacing the key store with the one from the latest version of Java. That didn't work either and I verified by listing it that AlphaSSL CA isn't in it. So I viewed the certificate for bidslammer.com in Chrome and exported it to a file, then imported it into the key store. It now works again.
I think it must have been the installation of your new certificate that triggered the problem, since it affected both Java and Postman. There is a way to turn off SSL verification in Java also, which is okay for testing but not something you want to do for real. I don't know much about how SSL works but one hypothesis would be that there's something in the server certificate that says whether SSL verification at the client is required, and it previously said "no" but now says "yes".