Unfortunately, the service is not entirely reliable. There seems to be a limit on requests before it locks out the account from CardDav access. When this happens it will give a 401 error and save invalid username/password. It usually opens back up CardDav access within a day.
Also, you want to make sure you set your Cache-Control and Max-Age headers such that they tell the server to never cache. Their server seems to cache everything and the data can be out of date, but telling it not to cache seems to work for me.