The Salesforce Developers website will undergo maintenance on May 29, 2024 from 3:00 a.m. UTC to 10:00 a.m. UTC. The maintenance process may affect the availability of our documentation. Please plan accordingly.

OCAPI Global HTTP Headers

The following table lists all OCAPI global HTTP headers:

Header Name Type Syntax Description
Accept-Charset Request
Indicates which character set the client is able to understand. See RFC 7231, section 5.3.3: Accept-Charset.
Access-Control-Allow-Credentials Response
Used in the context of a CORS request. Indicates whether or not the actual request can be made using credentials. See Fetch, http-access-control-allow-credentials.
Access-Control-Allow-Headers Response
Used in the context of a CORS pre-flight request. Indicates which HTTP headers can be used during the actual request. See Fetch, http-access-control-allow-headers.
Access-Control-Allow-Methods Response
Used in the context of a CORS pre-flight request. Specifies the method or methods allowed in the actual request. See Fetch, http-access-control-allow-methods.
Access-Control-Allow-Origin Response
Used in the context of a CORS pre-flight request. Indicates whether the response can be shared with resources with the given origin. See Fetch, http-access-control-allow-origin.
Access-Control-Expose-Headers Response
Used in the context of a CORS request. Indicates which HTTP headers can be exposed as part of the response. See Fetch, http-access-control-expose-headers.
Access-Control-Max-Age Response
Used in the context of a CORS pre-flight request. Indicates how long the results of a pre-flight request can be cached on the client side. See Fetch, http-access-control-max-age.
Access-Control-Request-Headers Request
Used in the context of a CORS pre-flight request. Lets the server know which HTTP headers is used when the actual request is made. See Fetch, http-access-control-request-headers.
Access-Control-Request-Method Request
Used in the context of a CORS pre-flight request. Lets the server know which HTTP method is used when the actual request is made. See Fetch, http-access-control-request-method.
Allow Response
Lists the HTTP methods supported by an OCAPI resource. See RFC 7231, section 7.4.1: Allow.
Authorization Request
Contains the credentials to authenticate a user and/or client application with a server. See RFC 7235, section 4.2: Authorization.
Cache-Control Request
Specifies directives for caching mechanisms in both requests and responses. See Hypertext Transfer Protocol (HTTP/1.1): Caching.
Content-Length Request, Response
Indicates the size of the entity-body, in bytes. See RFC 7231, section 3.3.2: Content-Length.
Content-Type Request, Response
Indicates the request or response message media type. See RFC 7231, section 3.1.1.5: Content-Type.
DNT Request, Response
Controls shopper tracking. See IETF: Draft Do-Not-Track.
Location Response
Indicates the URL of a new created resource via HTTP 201 (created) status. See RFC 7231, section 7.1.2: Location.
Origin Request
Used in the context of a CORS request. Indicates the origin of a fetch. See RFC 6454, section 7: Origin.
x-dw-client-id Request
Informs the OCAPI server about the client application making the request.
x-dw-http-method-override Request
Overrides the actual HTTP method.
x-dw-pretty-print Request
Indicates whether the server should format the response payload in nice way.
x-dw-resource-state Request, Response
In the context of a request, indicates the expected state of a resource. In the context of a response, indicates the last known state of a resource. Used for optimistic locking.
x-dw-version-status Response
Indicates the version status of the requested OCAPI resource.