Request and Response Headers

HTTP headers let the client and the server pass additional information with HTTP requests or responses. An HTTP header consists of a case-insensitive name and header value. The colon (:) separates the name and the value of the header.

Request Headers

When you send HTTP requests to the REST API, specify the following header parameters. All headers are required except the Content-Type header, which is required only if you specify a request body.

Header

Sample Value

Description

Authorization

Bearer eyJhbGciOiJSUzUxMiIsImtpZCI6IjI4RDJGMEVEM0JBQTYzN0ZDQzUxMDVENEMxNkNDNDVEMjY5MDg4QzEiLCJ0eXAiOiJKV1QifQ.eyJ1bmlxdWVfbmFtZSI6IlRFQ0hcXHNoZWlsYS5kLmNvcnkiLCJuYmYiOjE2ODEzOTY1ODMsImV4cCI6MTY4MTM5NzQ4MywiaWF0IjoxNjgxMzk2NTgzLCJhdWQiOiJhY2Nlc3MifQ.G5Rm2nHi9Yg8kfiao2i0WPtCRr5N4qvz_jJ5HFTcxroIYn759myFkq1ExlAJwQoaAdKhlfvC8bhTq8w7KMIOOe4xU6YBm9amC9LBHR95Mt6Vjb7gSKf5b5d90czYsBbO6c1y2Pn23VpfSzMIuWrzlYme_SYeipJASvEncqUmMw6sbUthBcQ0pmH_pMSi0nXc-b4mEdKQ5Lhtt-W9uSx3rQ-0jpmBAH0IouZfGPjIE7WCWw1Qrdoii9rLGFPMWOSRNfEqY-silnTSmAnhhaR7wLO1Tk7Lnqb03dQJGjfCVYLdDEhLcqEZW8-RDOJo_iPzAmyDK-t9NJ1M_imvrEFUlA

Authenticates the client that sends the request to the server. The header must contain an access token in the following format: Bearer <access token>.

x-api-version

1.1-rev2

Specifies the version and revision of the REST API.

Content-Type

application/json

Identifies the media type of the request body. The REST API supports the following media types:

  • application/x-www-form-urlencoded — for the Get Access Token request.
  • application/json — for all other requests that contain a request body.

Accept

application/json

Specifies the media type of the response body. The REST API supports only the application/json media type.

Response Headers

In response, the server passes the following header parameters.

Header

Sample Value

Description

Cache-Control

private

Specifies the private caching type (tied to the client) for requests and responses.

Content-Length

20256

Identifies the length of the response body, in bytes.

Content-Type

application/json; charset=utf-8

Identifies the media type and encoding of the response body. The REST API supports only the application/json media type.

X-Frame-Options

SAMEORIGIN

Blocks clickjacking attacks.

X-XSS-Protection

1; mode=block

Prevents reflected cross-site scripting attacks.

Strict-Transport-Security

max-age=31536000

Identifies that the server should only be accessed over HTTPS and specifies the time, in seconds, that the client should remember this requirement.

X-Content-Type-Options

nosniff

Blocks media type sniffing.

Date

Thu, 13 Apr 2023 14:35:46 GMT

The date and time the response was sent.

Page updated 2/15/2024

Page content applies to build 12.2.0.334