Last date modified: June 17 2025

HTTP headers

The Relativity REST API requires certain fields in the HTTP header for a request:

X-CSRF-Header: The cross-site request forgery (CSRF) field must be included in requests. This field provides basic security by preventing malicious parties from scanning your REST endpoint. Set the X-CSRF-Header to any value except an empty string. Usually, you would set the header value to a dash (-) as in the following example:
Copy
```
X-CSRF-Header: -
```
Don't leave this header value blank. If you omit this header field, the request fails.
Content-Type: you can set this header field to application/json. See the following sample:
Copy
```
Content-Type: application/json
```
Authorization: This header field is required if you are using basic or Active Directory authentication. See REST API authentication.
Accept-Encoding: Set this header field to gzip to automatically compress responses. Any other Accept-Encoding headers are ignored.

Feedback

Why was this not helpful?

Check one that applies.

I could not find the information I was looking for.

The information was incorrect.

The instructions are confusing or unclear.

The instructions did not work.

Additional Resources
DevHelp Community	GitHub	Release Notes	NuGet