OCAPI Global HTTP headers 23.2

The following table lists all OCAPI global HTTP headers:

Header Name Type Syntax Description
Accept-Charset Request
Accept-Charset: <charset>
Accept-Charset: utf-8
Indicates which character set the client is able to understand. See RFC 7231, section 5.3.3: Accept-Charset.
Access-Control-Allow-Credentials Response
Access-Control-Allow-Credentials: <boolean>
Access-Control-Allow-Credentials: true
Used in the context of a CORS request. Indicates whether or not the actual request can be made using credentials. See Fetch, http-access-control-allow-credentials.
Access-Control-Allow-Headers Response
Access-Control-Allow-Headers: <header-name>, <header-name>, ...
Used in the context of a CORS pre-flight request. Indicates which HTTP headers can be used during the actual request. See Fetch, http-access-control-allow-headers.
Access-Control-Allow-Methods Response
Access-Control-Allow-Methods: <http-method>, <http-method>, ...
Used in the context of a CORS pre-flight request. Specifies the method or methods allowed in the actual request. See Fetch, http-access-control-allow-methods.
Access-Control-Allow-Origin Response
Access-Control-Allow-Origin: <origin>
Used in the context of a CORS pre-flight request. Indicates whether the response can be shared with resources with the given origin. See Fetch, http-access-control-allow-origin.
Access-Control-Expose-Headers Response
Access-Control-Expose-Headers: <header-name>, <header-name>, ...
Used in the context of a CORS request. Indicates which HTTP headers can be exposed as part of the response. See Fetch, http-access-control-expose-headers.
Access-Control-Max-Age Response
Access-Control-Max-Age: <delta-seconds>
Used in the context of a CORS pre-flight request. Indicates how long the results of a pre-flight request can be cached on the client side. See Fetch, http-access-control-max-age.
Access-Control-Request-Headers Request
Access-Control-Request-Headers: <header-name>, <header-name>, ...
Used in the context of a CORS pre-flight request. Lets the server know which HTTP headers will be used when the actual request is made. See Fetch, http-access-control-request-headers.
Access-Control-Request-Method Request
Access-Control-Request-Method: <http-method>
Used in the context of a CORS pre-flight request. Lets the server know which HTTP method will be used when the actual request is made. See Fetch, http-access-control-request-method.
Allow Response
Allow: <http-methods>
Lists the HTTP methods supported by an OCAPI resource. See RFC 7231, section 7.4.1: Allow.
Authorization Request
Authorization: <type> <credentials>
Contains the credentials to authenticate a user and/or client application with a server. See RFC 7235, section 4.2: Authorization.
Cache-Control Request
Cache-Control: no-cache, no-store, must-revalidate
Cache-Control: max-age=<seconds>
Specifies directives for caching mechanisms in both requests and responses. See Hypertext Transfer Protocol (HTTP/1.1): Caching.
Content-Length Request, Response
Content-Length: <length>
Indicates the size of the entity-body, in bytes. See RFC 7231, section 3.3.2: Content-Length.
Content-Type Request, Response
Content-Type: application/json; charset=utf-8
Content-Type: application/xml;
Indicates the request or response message media type. See RFC 7231, section 3.1.1.5: Content-Type.
DNT Request, Response
DNT: 0
DNT: 1
Controls shopper tracking. See IETF: Draft Do-Not-Track.
Location Response
Location: <url>
Indicates the URL of a new created resource via HTTP 201 (created) status. See RFC 7231, section 7.1.2: Location.
Origin Request
Origin: <scheme> "://" <hostname> [ ":" <port> ]
Origin: https://api-explorer.commercecloud.salesforce.com
Used in the context of a CORS request. Indicates the origin of a fetch. See RFC 6454, section 7: Origin.
x-dw-client-id Request
x-dw-client-id: <client-id>
Informs the OCAPI server about the client application making the request.
x-dw-http-method-override Request
x-dw-http-method-override: <http-method>
Overrides the actual HTTP method. See Override HTTP method.
x-dw-pretty-print Request
x-dw-pretty-print: <boolean>
x-dw-pretty-print: true
Indicates whether the server should format the response payload in nice way.
x-dw-resource-state Request, Response
x-dw-resource-state: <resource-state>
In the context of a request, indicates the expected state of a resource. In the context of a response, indicates the last known state of a resource. Used for optimistic locking. See Resource States.
x-dw-version-status Response
x-dw-version-status: [current|deprecated|obsolete]
Indicates the version status of the requested OCAPI resource.
X OCAPI versions 15.x and 16.x will be retired on March 31, 2021. For dates and more information, see the OCAPI versioning and deprecation policy and this Knowledge Article.
Notifications pending to read 9