HTTP Response headers

The following tables display the standard response headers that are returned with each API response:

Standard response field name

Description

sunset

This field will be populated with the deprecation details. By default the value is

 

n/a

.

api-version

Indicates the API version you have used.

quota-interval

Used to specify an integer (for example, 1, 2, 5, 60, and so on) that will be paired with the

 

quota-time-unit

 

you specify (minute, hour, day, week, or month) to determine a time period during which the quota use is calculated.
For example, an interval of 24 with a

 

quota-time-unit

 

of hour means that the quota will be calculated over the course of 24 hours.

quota-limit

Number of API calls an user can make within a given time period.
If this limit is exceeded, the user will be throttled and API requests will fail.

quota-reset-UTC

All quota times are set to the Coordinated Universal Time (UTC) time zone.

quota-time-unit

Used to specify the unit of time applicable to the quota.
For example, an interval of 24 with a

 

quota-time-unit

 

of hour means that the quota will be calculated over the course of 24 hours.

quota-used

Number of API calls made within the quota.

strict-transport-security

The HTTP

 

Strict-Transport-Security

 

(HSTS) response header lets a website tell browsers that it should only be accessed using HTTPS, instead of using HTTP. All present and future subdomains will be HTTPS for a maximum of 1 year and access is blocked to pages or sub domains that can only be served over HTTP including HSTS preload lists of web browsers.

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

.

Access control field name

Description

access-control-allow-credentials

Tells browsers whether to expose the response to frontend JavaScript when the request's credentials mode (

Request.credentials

) is

 

include

.
When a request's credentials mode (

Request.credentials

) is

 

include

, browsers will only expose the response to frontend JavaScript if the

 

Access-Control-Allow-Credentials

 

value is

 

true

. Boolean.

access-control-allow-origin

Indicates whether the response can be shared with requesting code from the given origin.

access-control-allow-headers

Used in response to a pre-flight request which includes the

 

Access-Control-Request-Headers

 

to indicate which HTTP headers can be used during the actual request.

access-control-max-age

Indicates how long the results of a pre-flight request (that is the information contained in the

 

Access-Control-Allow-Methods

 

and

 

Access-Control-Allow-Headers

 

headers) can be cached.

access-control-allow-methods

Indicates which HTTP methods are allowed on a particular endpoint for cross-origin requests.
For example:

 

GET

,

 

PUT

,

 

POST

,

 

DELETE

.

content-length

The Content-Length entity header indicates the size of the entity-body, in bytes, sent to the recipient.

content-type

The Content-Type entity header the client what the content type of the returned content actually is.