HTTP Headers
The request and response headers supported by our endpoints.
Below are the request and response headers supported by our endpoints at https://api.truelayer.com.
Request Headers
| Header | Value |
|---|---|
Authorization | Bearer <ACCESS_TOKEN> |
X-Client-Correlation-Id | Optional client-set correlation Id. We do not return this in response headers |
X-PSU-IP | The PSU’s IP address to be passed on to the bank in order to avoid rate limiting. |
Response Headers
| Header | Value |
|---|---|
X-TL-Correlation-Id | Unique Id per request. We recommend logging this and always sharing it with our Client Ops team when opening incident tickets |
X-Credentials-Id | CredentialsId of the access token used |
X-Request-Id | Not recommended: X-TL-Correlation-Id should be used instead |
Cache-Control | max-age=n where n number of seconds |
Content-Encoding | gzip |
Content-Type | application/json; charset=utf-8 |
Date | Date and time the message was sent |
Last-Modified | Indicates the date and time a resource was last modified |
Content-Security-Policy | default-src 'none'; frame-ancestors 'none'; |
X-Content-Type-Options | nosniff |
X-Frame-Options | deny |
X-XSS-Protection | 1; mode=block |
Referrer-Policy | no-referrer |
Updated 12 months ago