It happened again. This is how I'm calling the API (in Javascript):
markMultipleArticlesRead: function(articles, success, failure) {
this._getEditToken(
function(token) {
var params = ["T="+escape(token)];
for (var i = articles.length; i--;) {
params.push("i=" + escape(articles[i].id));
params.push("s=" +
escape(articles[i].subscriptionId));
params.push("a=user/-/state/com.google/read");
params.push("r=user/-/state/com.google/kept-unread");
}
var postParams = params.join("&");
var boundFunc = this.markMultipleArticlesRead.bind(this,
articles, success, failure);
var authFailure = this.failureCheck.bind(this,
boundFunc, failure);
new Ajax.Request(Api.BASE_URL + "edit-tag", {
method: "post",
parameters: postParams,
requestHeaders: this._requestHeaders(),
onSuccess: success,
onFailure: authFailure
})
}.bind(this),
failure
)
},
You can see that basically it gets the edit token, then the relevant
information for each article, puts all of that into the POST
parameters, and sends it. _requestHeaders returns the auth header to
use with OAuth 2.0.