HTTP Headers in REST APIs
HTTP headers play a critical role in REST API communication. They carry
metadata about the request or response, enabling features such as
authentication, caching, content negotiation, and security.
In Oracle Fusion REST APIs, headers are mandatory for authorization,
versioning, and advanced querying.
1. What Are HTTP Headers
HTTP headers are key-value pairs sent along with API requests and responses.
They do not contain the main business data but describe how the data
should be interpreted or processed.
Headers are divided into request headers, response headers, and
general headers used by both.
2. Request Headers vs Response Headers
2.1 Request Headers
Request headers are sent by the client to provide additional information
about the request.
- Authentication credentials
- Accepted response format
- Client details
Example use case: Sending a bearer token while calling an Oracle Fusion API.
2.2 Response Headers
Response headers are returned by the server to describe the response.
- Status information
- Caching instructions
- Security policies
Example use case: Receiving cache control or ETag values from the server.
3. Commonly Used HTTP Headers
3.1 Accept
The Accept header tells the server which response format
the client can process.
- Common values: application/json, application/xml
- Used for content negotiation
Example:
Accept: application/json
3.2 Content-Type
The Content-Type header specifies the format of the
request body sent to the server.
- Mandatory for POST, PUT, and PATCH
- Ensures correct data parsing
Example:
Content-Type: application/json
3.3 Authorization
The Authorization header is used to send security credentials.
It is one of the most important headers in REST APIs.
- Supports Basic Auth
- Supports Bearer tokens (JWT)
- Required for secured APIs
Example:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
3.4 User-Agent
The User-Agent header identifies the client application
making the request.
- Browser or API client details
- Helpful for logging and debugging
Example:
User-Agent: PostmanRuntime/7.36.0
4. Headers Used for Caching
Caching headers improve performance by reducing unnecessary API calls.
- Cache-Control: Defines caching rules
- ETag: Identifies resource versions
- Last-Modified: Indicates last update time
These headers enable conditional requests and reduce network usage.
5. Custom Headers in Oracle Fusion REST APIs
Oracle Fusion REST APIs require specific custom headers for advanced
features and compatibility.
- REST-Framework-Version: Enables advanced query support
- X-API-Version: Used in version-controlled environments
Example:
REST-Framework-Version: 4
6. Best Practices for Using HTTP Headers
- Always send Authorization headers securely over HTTPS
- Use consistent Content-Type and Accept values
- Avoid placing sensitive data in custom headers
- Log headers carefully to prevent credential exposure
Conclusion
HTTP headers are a foundational part of REST API communication.
They enable security, performance optimization, and compatibility.
Mastering HTTP headers is essential for building robust and scalable
Oracle Fusion integrations.