API Response Header¶
The following is a header data example of an API response from an API request not using Basic Auth:
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 09 Oct 2017 09:57:54 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-CSRFToken: MnPzYbeIVKcSleCsmHWNUapz3igZ79iy
X-Request-ID: 137fcf465ed6f77880f2739e0c50ad88d8e45073
Content-Language: en-us
Vary: Accept, Cookie, Accept-Language, X-CSRFToken
Allow: GET, POST, HEAD, OPTIONS
X-Session: {"max_age": 1200,
"extendable": true,
"expiry": "2017-10-09T10:17:54.542300+00:00"}
Set-Cookie: csrftoken=MnPzYbeItKcSyyysmHWyyypz3igZ79iy;
SameSite=Lax;
httponly;
Path=/
Set-Cookie: sessionid=q150dg1ctpgc1sza3ktggyguo4nsbg5u;
SameSite=Lax;
httponly;
Path=/
Content-Security-Policy:
style-src 'unsafe-inline' 'self';
script-src 'unsafe-eval' 'self';
The
Set-Cookie
header entries withcsrftoken
andsessionid
haveSameSite=Lax;
set to defend against Cross Site Request Forgery (CSRF) attacks.The
X-Session
header entry has the following properties:max_age
: The number of seconds remaining for the session.expiry
: The date at which the session will expire.extendable
: Boolean indicating if the client can extend the length of the session by triggering an API request.
This information is also available from a POST call to the following endpoint:
POST <hostname>/api/session/keep_alive/
An example response JSON payload:
{ max_age: 86296 extendable: false expiry: "2015-03-18T10:24:53.059Z" }
Refer to the section: Time to Live (TTL)
Note
This header is not present in responses from Basic Auth API requests.