OCAPI Global HTTP Headers
The following table lists all OCAPI global HTTP headers:
| Header Name | Type | Syntax | Description |
|---|---|---|---|
| Accept-Charset | Request |
|
Indicates which character set the client is able to understand. See RFC 7231, section 5.3.3: Accept-Charset. |
| Access-Control-Allow-Credentials | Response |
|
Used in the context of a CORS request. Indicates whether or not the actual request can be made using credentials. See Fetch, http-access-control-allow-credentials. |
| Access-Control-Allow-Headers | Response |
|
Used in the context of a CORS pre-flight request. Indicates which HTTP headers can be used during the actual request. See Fetch, http-access-control-allow-headers. |
| Access-Control-Allow-Methods | Response |
|
Used in the context of a CORS pre-flight request. Specifies the method or methods allowed in the actual request. See Fetch, http-access-control-allow-methods. |
| Access-Control-Allow-Origin | Response |
|
Used in the context of a CORS pre-flight request. Indicates whether the response can be shared with resources with the given origin. See Fetch, http-access-control-allow-origin. |
| Access-Control-Expose-Headers | Response |
|
Used in the context of a CORS request. Indicates which HTTP headers can be exposed as part of the response. See Fetch, http-access-control-expose-headers. |
| Access-Control-Max-Age | Response |
|
Used in the context of a CORS pre-flight request. Indicates how long the results of a pre-flight request can be cached on the client side. See Fetch, http-access-control-max-age. |
| Access-Control-Request-Headers | Request |
|
Used in the context of a CORS pre-flight request. Lets the server know which HTTP headers is used when the actual request is made. See Fetch, http-access-control-request-headers. |
| Access-Control-Request-Method | Request |
|
Used in the context of a CORS pre-flight request. Lets the server know which HTTP method is used when the actual request is made. See Fetch, http-access-control-request-method. |
| Allow | Response |
|
Lists the HTTP methods supported by an OCAPI resource. See RFC 7231, section 7.4.1: Allow. |
| Authorization | Request |
|
Contains the credentials to authenticate a user and/or client application with a server. See RFC 7235, section 4.2: Authorization. |
| Cache-Control | Request |
|
Specifies directives for caching mechanisms in both requests and responses. See Hypertext Transfer Protocol (HTTP/1.1): Caching. |
| Content-Length | Request, Response |
|
Indicates the size of the entity-body, in bytes. See RFC 7231, section 3.3.2: Content-Length. |
| Content-Type | Request, Response |
|
Indicates the request or response message media type. See RFC 7231, section 3.1.1.5: Content-Type. |
| DNT | Request, Response |
|
Controls shopper tracking. See IETF: Draft Do-Not-Track. |
| Location | Response |
|
Indicates the URL of a new created resource via HTTP 201 (created) status. See RFC 7231, section 7.1.2: Location. |
| Origin | Request |
|
Used in the context of a CORS request. Indicates the origin of a fetch. See RFC 6454, section 7: Origin. |
| x-dw-client-id | Request |
|
Informs the OCAPI server about the client application making the request. |
| x-dw-http-method-override | Request |
|
Overrides the actual HTTP method. |
| x-dw-pretty-print | Request |
|
Indicates whether the server should format the response payload in nice way. |
| x-dw-resource-state | Request, Response |
|
In the context of a request, indicates the expected state of a resource. In the context of a response, indicates the last known state of a resource. Used for optimistic locking. |
| x-dw-version-status | Response |
|
Indicates the version status of the requested OCAPI resource. |