HTTP headers

The Relativity REST API requires a minimal number of standard fields in the HTTP header for a request. For more information about how headers are used, see Supported HTTP methods.

  • CSRF – The cross-site request forgery (CSRF) field must be included in requests. This field provides basic security by preventing malicious parties from scanning your REST endpoint.

    Set the X-CSRF-Header to any value except an empty string. In general, the header value is set to a dash (-). See the following example:

    X-CSRF-Header: -

    Note: Don't leave this header value blank. If you omit this header field, the request fails.

  • Content-Type – This header field can be set to application/json. See the following sample:
  • Content-Type: application/json

  • Authorization – This header field is required if you are using basic or Active Directory authentication. See REST API authentication.
  • Accept-Encoding – This header field can be set to gzip to automatically compress responses. Any other Accept-Encoding headers are ignored.