HTTP headers supported by Cortex
Request Headers
Authentication
Cortex supports the following standard HTTP request headers for authenticating a user:
Authorization
Sets the access token, which was created by the reference OAuth2 implementation.
Accept
Specifies the Cortex response format used. The options are:
application/json: The responses are returned in the plain JSON formatapplication/hal+json: The responses are returned in the HAL (Hypertext Application Language) format
Accept-Language
Sets the client’s language and preferred locale variant.
Custom Headers
Cortex supports setting these custom HTTP request headers:
X-Ep-Data-Policy-Segments
Specifies the data policy segments relevant to the current customer. You can specify more than one data policy segment by separating the segments using a comma. You can view the data policies associated with a data segment by entering the data policy segment name in the X-Ep-Data-Policy-Segments header.
X-Ep-User-Id
Sets the identifier of the shopper. This can be used when integrating with an alternate authentication provider in a trusted environment.
X-Ep-User-Roles
Sets the roles of the shopper. This can be used when integrating with an alternate authentication provider in a trusted environment. Multiple roles should be separated by commas.
X-Ep-User-Scopes
Sets the scopes that the shopper can access. This can be used when integrating with an alternate authentication provider in a trusted environment. Multiple scopes should be separated by commas.
X-Ep-User-Traits
Sets the shopper’s traits (including language and currency) which are used to personalize the responses returned to client.
X-Forwarded-Base
Sets the alternate base URL for the links returned in a response. This rewrites the links base URL, which is useful when Cortex is deployed behind a proxy server.
Response Headers
Cortex supports setting these standard HTTP response headers:
Cache-Control
Sets the response’s cacheability.
When a resource’s max-age is not set, Cortex sets the following cache control header:no-cache.
When a resource’s max-age is greater than 0, the cache-control max-age property is set to match. For instance, if a resource’s max-age is set to 600, then Cortex sets the following cache control header: private, no-transform, max-age=600
Content-Type
Sets the response’s media-type.
Location
Sets the reference location of a newly created resource.
WWW-Authenticate
Set by the reference OAuth2 implementation when an acceptable Authorization header has not been set.