API headers

What are request and response API headers and what do they contain.

HTTP headers are an important part of the API request and response as they represent the metadata associated with the API request and response. Headers carry information for:

  • Request and response bodies
  • Request authorization
  • Response caching
  • Response cookies

Other than the above categories, headers also carry a lot of other information regarding HTTP connection types, proxies, and so on. Most of these headers are for management of connections between client, server, and proxies and do not require explicit validation through testing.

Headers are mostly classified as request headers and response headers. You have to set the request headers when you are sending the request for testing an API. You also need to ensure that the correct headers are being returned in the response headers.

The header fields are transmitted after the request line (in case of a request HTTP message) or the response line (in case of a response HTTP message), which is the first line of a message. Header fields are colon-separated key-value pairs in clear-text string format, terminated by a carriage return (CR) and line feed (LF) character sequence. The end of the header section is indicated by an empty field line, resulting in the transmission of two consecutive CR-LF pairs.

📘

Note

Header field names are case-insensitive.

An example of a header is shown below.

curl --request GET \
     --url 'https://sandbox.bond.tech/api/v0/customers?page=3&per_page=5' \
     --header 'Authorization: YOUR-AUTHORIZATION' \
     --header 'Identity: YOUR-IDENTITY'

Depending on the API, certain header fields may be required or optional and this is shown in the API Reference Guide.

The following table describes the headers that you will encounter the most.

HeaderDescription
AuthorizationCarries the API key credentials containing the authentication information of the client for the resource being requested.
Accept-CharsetTells the server about which character sets are acceptable by the client.
Content-TypeIndicates the media type (text/html or text/JSON) of the response sent to the client by the server. This helps the client to process the response body correctly.
Cache-ControlThe cache policy defined by the server for this response. A cached response can be stored by the client and re-used until the time defined by the Cache-Control header.