HTTP headers

API headers are an essential part of API requests and responses, but also of webhooks. They provide additional information and can be used to provide additional context, prove authorisation to access resources or provide other important metadata. Understanding the different types of API headers and how they are used is crucial and facilitates quick problem solving. For example, we can use the header data to identify the cause much more quickly and get to the bottom of it.

In this article, we will focus on the main types of API headers, their purposes and their use.

Request headers

Some HTTP message headers are required in requests to the Investment API.

TIP

See the Implementing HTTP Signatures tutorial for important details on how and when these headers should be included.


HeaderPurposeAllowed values
acceptSpecification of media types that are accepted for the response.application/json
application/pdf
authorization Bearer access token.Bearer: <your access token>
content-length Size of the entity request body.
Required only for requests that contain a request body.
-
content-type Media type of the entity request body.
Required only for requests that contain a request body.
application/json
application/x-www-form-urlencoded
idempotency-keyKey for idempotency protection.
Required only for POST and PATCH operations.
upvest-client-id The client ID-
upvest-api-version Major version of the API to request.
Optional, default value: 1.
NOTE: You should not place quotes around this value despite it being defined as being a string.
1

Response headers

Response headers provide information about the response to the request.

Here are some of the most important response headers:

HeaderPurposeAllowed values
Cf-RayIndicates that the resource was served through CloudFlare.
It is a useful data to identify and debug issues. We therefore recommend that our clients log this data and make it available to us in the event of a problem.
-
content-lengthSize of the entity response body.
Required only for responses that contain a response body.
-
content-typeMedia type of the entity response body.
Required only for responses that contain a response body.
application/problem+json
application/x-www-form-urlencoded
upvest-request-idThe request ID.-

Webhook headers

The following table lists some of the custom headers for webhooks (standard headers are not mentioned here):

HeaderPurposeAllowed values
upvest-request-idThe request ID.-
signature-inputNOTE: Please note that only signature version 6 is relevant for webhooks of the Investment API.-
signatureNOTE: Please note that only signature version 6 is relevant for webhooks of the Investment API.-
digestDigest, which is calculated as described in the IETF draft for HTTP digest fields.-