API Response Header¶
The following is a header data example of an API response from an API request not using Basic Auth:
Date: Tue, 28 Jun 2022 12:17:22 GMT-1s
Content-Type: text/html; charset=utf-8
Content-Length: 0 byte
Connection: keep-alive
Content-Language: en-us
Vary: Accept-Language, Cookie
X-Request-Id: b41b12575a97b6b16ca79451b1d5c94c7f488c0b
X-Request-Duration: 0.021724
Location: /login/
X-Session-Id: hy1y3y2nj1bm3kjnypfz1w24egvd4vbi
X-Session: {"max_age": 1800, "extendable": true, "expiry": "2022-06-28T12:47:22.346294+00:00"}
Set-Cookie: csrftoken=MnPzYbeItKcSyyysmHWyyypz3igZ79iy;
SameSite=Lax;
httponly;
Path=/
Set-Cookie: sessionid=q150dg1ctpgc1sza3ktggyguo4nsbg5u;
SameSite=Lax;
httponly;
Path=/
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control:
Content-Security-Policy: style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'self';
Strict-Transport-Security: max-age=63072000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
The
Set-Cookie
header entries withcsrftoken
andsessionid
haveSameSite=Lax;
set to defend against Cross Site Request Forgery (CSRF) attacks.The
X-Session
header entry has the following properties:max_age
: The number of seconds remaining for the session.expiry
: The date at which the session will expire.extendable
: Boolean indicating if the client can extend the length of the session by triggering an API request.
This information is also available from a POST call to the following endpoint:
POST <hostname>/api/session/keep_alive/
An example response JSON payload:
{ max_age: 86296 extendable: false expiry: "2015-03-18T10:24:53.059Z" }
Refer to the section: Time to Live (TTL)
Note
This header is not present in responses from Basic Auth API requests.