HTTP headers are an important part of the API request and response as they represent the metadata associated with the API request and response. Headers carry information for:
- Request and response bodies
- Request authorization
- Response caching
- Response cookies
Other than the above categories, headers also carry a lot of other information regarding HTTP connection types, proxies, and so on. Most of these headers are for management of connections between client, server, and proxies and do not require explicit validation through testing.
Headers are mostly classified as request headers and response headers. You have to set the request headers when you are sending the request for testing an API. You also need to ensure that the correct headers are being returned in the response headers.
The header fields are transmitted after the request line (in case of a request HTTP message) or the response line (in case of a response HTTP message), which is the first line of a message. Header fields are colon-separated key-value pairs in clear-text string format, terminated by a carriage return (CR) and line feed (LF) character sequence. The end of the header section is indicated by an empty field line, resulting in the transmission of two consecutive CR-LF pairs.
Header field names are case-insensitive.
An example of a header is shown below.
curl --request GET \ --url 'https://sandbox.bond.tech/api/v0/customers?page=3&per_page=5' \ --header 'Authorization: YOUR-AUTHORIZATION' \ --header 'Identity: YOUR-IDENTITY'
Depending on the API, certain header fields may be required or optional and this is shown in the API Reference guide.
The headers that you will encounter the most are:
- Authorization—Carries the API key credentials containing the authentication information of the client for the resource being requested.
- Accept-Charset—Tells the server about which character sets are acceptable by the client.
- Content-Type—Indicates the media type (text/html or text/JSON) of the response sent to the client by the server. This helps the client to process the response body correctly.
- Cache-Control—The cache policy defined by the server for this response. A cached response can be stored by the client and re-used until the time defined by the Cache-Control header.
Updated 2 months ago