HTTP Headers
This section describes the HTTP headers the API will accept from any request.
Content-Type
All requests must contain a content-type HTTP Header.
Accepted Content-Types
| Base Format | Content-Types | Content-Types |
|---|---|---|
| JSON | application/json | text/json is currently not an accepted content type |
| Form data | multipart/form-data | Only used when uploading variations |
Content-Type Errors
| Response Code | Notes |
|---|---|
| 400 | The content type was understood but could not be decoded. More information will appear in the response body |
| 415 | The content type is missing or is not supported |
Note: In cases where the content-type header has a problem then the response content-type will be the default format for the API, currently application/json
Note: The API currently does not adhere to the Accept-type HTTP Header, all responses are sent in the same content-type as the received request provided the request’s content-type was valid
Authorization
This header is optional and is used to provide authentication details to the API for the current user which will enable the current user to access restricted API resources. Tokens can be obtained via the Login API. An example header is:
Authorization: Bearer 45267dbe480c8c7d799c62ccad92cb44f67ab086
The Authorization header accepts a string that is built from two parts, seperated by a single space. The first part is the token type, the second is the access token itself.
Authorization Errors
| Response Code | Notes |
|---|---|
| 400 | A malformed authorization header was provided |
| 401 | The authorization header is missing or the token was invalid or expired |
Choosing an authorization token type
On any failure the response headers will contain a WWW-Authenticate header which will indicate the token type that is required for access.