HTTP headers

API headers are an essential part of API requests and responses, but also of webhooks. They provide additional information and can be used to provide additional context, prove authorisation to access resources or provide other important metadata. Understanding the different types of API headers and how they are used is crucial and facilitates quick problem solving. For example, we can use the header data to identify the cause much more quickly and get to the bottom of it.

In this article, we will focus on the main types of API headers, their purposes and their use.

Request headers

Some HTTP message headers are required in requests to the Investment API.

TIP

See the Implementing HTTP Signatures tutorial for important details on how and when these headers should be included.

Header	Purpose	Allowed values
`accept`	Specification of media types that are accepted for the response.	`application/json` `application/pdf`
`authorization`	Bearer access token.	`Bearer: <your access token>`
`content-length`	Size of the entity request body. Required only for requests that contain a request body.	-
`content-type`	Media type of the entity request body. Required only for requests that contain a request body.	`application/json` `application/x-www-form-urlencoded`
`idempotency-key`	Key for idempotency protection. Required only for `POST` and `PATCH` operations.
`upvest-client-id`	The client ID	-
`upvest-api-version`	Major version of the API to request. Optional, default value: `1`. NOTE: You should not place quotes around this value despite it being defined as being a string.	1

Response headers

Response headers provide information about the response to the request.

Here are some of the most important response headers:

Header	Purpose	Allowed values
`Cf-Ray`	Indicates that the resource was served through CloudFlare. It is a useful data to identify and debug issues. We therefore recommend that our clients log this data and make it available to us in the event of a problem.	-
`content-length`	Size of the entity response body. Required only for responses that contain a response body.	-
`content-type`	Media type of the entity response body. Required only for responses that contain a response body.	`application/problem+json` `application/x-www-form-urlencoded`
`upvest-request-id`	The request ID.	-

Webhook headers

The following table lists some of the custom headers for webhooks (standard headers are not mentioned here):

Header	Purpose	Allowed values
`upvest-request-id`	The request ID.	-
`signature-input`	NOTE: Please note that only signature version 6 is relevant for webhooks of the Investment API.	-
`signature`	NOTE: Please note that only signature version 6 is relevant for webhooks of the Investment API.	-
`digest`	Digest, which is calculated as described in the IETF draft for HTTP digest fields.	-