HTTP Headers

The following request and response headers are supported by our endpoints available at https://api.truelayer.com.

Request Headers

HeaderValue
AuthorizationBearer <ACCESS_TOKEN>
X-Client-Correlation-IdOptional client-set correlation Id. We do not return this in response headers
X-PSU-IPThe PSU’s IP address to be passed on to the bank in order to avoid rate limiting.

Response Headers

HeaderValue
X-TL-Correlation-IdUnique Id per request - we recommend logging this and always sharing it with our client-care team when opening incident tickets
X-Credentials-IdCredentialsId of the access token used
X-Request-IdNot recommended: X-TL-Correlation-Id should be used instead
Cache-Controlmax-age=n where n number of seconds
Content-Encodinggzip
Content-Typeapplication/json; charset=utf-8
DateDate and time the message was sent
Last-ModifiedIndicates the date and time a resource was last modified
Content-Security-Policydefault-src 'none'; frame-ancestors 'none';
X-Content-Type-Optionsnosniff
X-Frame-Optionsdeny
X-XSS-Protection1; mode=block
Referrer-Policyno-referrer