API Response Header¶

The following is a header data example of an API response from an API request not using Basic Auth:

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 09 Oct 2017 09:57:54 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-CSRFToken: MnPzYbeIVKcSleCsmHWNUapz3igZ79iy
X-Request-ID: 137fcf465ed6f77880f2739e0c50ad88d8e45073
Content-Language: en-us
Vary: Accept, Cookie, Accept-Language, X-CSRFToken
Allow: GET, POST, HEAD, OPTIONS
X-Session: {"max_age": 1200,
 "extendable": true,
 "expiry": "2017-10-09T10:17:54.542300+00:00"}
Set-Cookie: csrftoken=MnPzYbeItKcSyyysmHWyyypz3igZ79iy;
 httponly;
 Path=/
Set-Cookie: sessionid=q150dg1ctpgc1sza3ktggyguo4nsbg5u;
 httponly;
 Path=/
Content-Security-Policy:
   style-src 'unsafe-inline' 'self';
   script-src 'unsafe-eval' 'self';

The X-Session header entry has the following properties:
- max_age: The number of seconds remaining for the session.
- expiry: The date at which the session will expire.
- extendable: Boolean indicating if the client can extend the length of the session by triggering an API request.
This information is also available from a POST call to the following endpoint:
```
POST <hostname>/api/session/keep_alive/
```
An example response JSON payload:
```
{
  max_age: 86296
  extendable: false
  expiry: "2015-03-18T10:24:53.059Z"
}
```
Refer to the section: Time to Live (TTL)

Note

This header is not present in responses from Basic Auth API requests.

API Response Header¶

Previous topic

Next topic

This Page