Skip to main content

HTTP Headers

This section describes the HTTP headers the API will accept from any request.

Content-Type

All requests must contain a content-type HTTP Header.

Accepted Content-Types

Base FormatContent-TypesContent-Types
JSONapplication/jsontext/json is currently not an accepted content type
Form datamultipart/form-dataOnly used when uploading variations

Content-Type Errors

Response CodeNotes
400The content type was understood but could not be decoded. More information will appear in the response body
415The content type is missing or is not supported

Note: In cases where the content-type header has a problem then the response content-type will be the default format for the API, currently application/json



Note: The API currently does not adhere to the Accept-type HTTP Header, all responses are sent in the same content-type as the received request provided the request’s content-type was valid


Authorization

This header is optional and is used to provide authentication details to the API for the current user which will enable the current user to access restricted API resources. Tokens can be obtained via the Login API. An example header is:


Authorization: Bearer 45267dbe480c8c7d799c62ccad92cb44f67ab086

The Authorization header accepts a string that is built from two parts, seperated by a single space. The first part is the token type, the second is the access token itself.

Authorization Errors

Response CodeNotes
400A malformed authorization header was provided
401The authorization header is missing or the token was invalid or expired

Choosing an authorization token type

On any failure the response headers will contain a WWW-Authenticate header which will indicate the token type that is required for access.