HTTP headers

The Relativity REST API requires certain fields in the HTTP header for a request:

  • X-CSRF-Header: The cross-site request forgery (CSRF) field must be included in requests. This field provides basic security by preventing malicious parties from scanning your REST endpoint. Set the X-CSRF-Header to any value except an empty string. Usually, you would set the header value to a dash (-) as in the following example:
    X-CSRF-Header: -

    Note: Don't leave this header value blank. If you omit this header field, the request fails.

  • Content-Type: you can set this header field to application/json. See the following sample:
    Content-Type: application/json
  • Authorization: This header field is required if you are using basic or Active Directory authentication. See REST API authentication.
  • Accept-Encoding: Set this header field to gzip to automatically compress responses. Any other Accept-Encoding headers are ignored.