HTTP headers
API headers are an essential part of API requests and responses, but also of webhooks. They provide additional information and can be used to provide additional context, prove authorisation to access resources or provide other important metadata. Understanding the different types of API headers and how they are used is crucial and facilitates quick problem solving. For example, we can use the header data to identify the cause much more quickly and get to the bottom of it.
In this article, we will focus on the main types of API headers, their purposes and their use.
Request headers
Some HTTP message headers are required in requests to the Investment API.
See the Implementing HTTP Signatures tutorial for important details on how and when these headers should be included.
| Header | Purpose | Allowed values |
|---|---|---|
accept | Specification of media types that are accepted for the response. | application/json application/pdf |
authorization | Bearer access token. | Bearer: <your access token> |
content-length | Size of the entity request body. Required only for requests that contain a request body. | - |
content-type | Media type of the entity request body.Required only for requests that contain a request body. | application/json application/x-www-form-urlencoded |
idempotency-key | Key for idempotency protection.Required only for POST and PATCH operations. | |
upvest-client-id | The client ID | - |
upvest-api-version | Major version of the API to request.Optional, default value: 1. NOTE: You should not place quotes around this value despite it being defined as being a string. | 1 |
Response headers
Response headers provide information about the response to the request.
Here are some of the most important response headers:
| Header | Purpose | Allowed values |
|---|---|---|
Cf-Ray | Indicates that the resource was served through CloudFlare. It is a useful data to identify and debug issues. We therefore recommend that our clients log this data and make it available to us in the event of a problem. | - |
content-length | Size of the entity response body. Required only for responses that contain a response body. | - |
content-type | Media type of the entity response body. Required only for responses that contain a response body. | application/problem+json application/x-www-form-urlencoded |
upvest-request-id | The request ID. | - |
Webhook headers
The following table lists some of the custom headers for webhooks (standard headers are not mentioned here):
| Header | Purpose | Allowed values |
|---|---|---|
upvest-request-id | The request ID. | - |
signature-input | NOTE: Please note that only signature version 6 is relevant for webhooks of the Investment API. | - |
signature | NOTE: Please note that only signature version 6 is relevant for webhooks of the Investment API. | - |
digest | Digest, which is calculated as described in the IETF draft for HTTP digest fields. | - |