Common headers

The following request and response headers are supported by our endpoints available at https://api.truelayer.com

Request Headers

Header

Value

Authorization

Bearer <ACCESS_TOKEN>

X-Client-Correlation-Id

Optional client-set correlation Id. We do not return this in response headers

X-PSU-IP

The PSU’s IP address to be passed on to the bank in order to avoid rate limiting.

Response Headers

Header

Value

X-TL-Correlation-Id

Unique Id per request - we recommend logging this and always sharing it with our client-care team when opening incident tickets

X-Credentials-Id

CredentialsId of the access token used

X-Request-Id

Not recommended: X-TL-Correlation-Id should be used instead

Cache-Control

max-age=n where n number of seconds

Content-Encoding

gzip

Content-Type

application/json; charset=utf-8

Date

Date and time the message was sent

Last-Modified

Indicates the date and time a resource was last modified

Content-Security-Policy

default-src 'none'; frame-ancestors 'none';

X-Content-Type-Options

nosniff

X-Frame-Options

deny

X-XSS-Protection

1; mode=block

Referrer-Policy

no-referrer


Did this page help you?