When calling a Fluid Topics web service, it is often necessary to define user credentials or provide additional information about the caller in an HTTP header.
The following header parameters should be present in the HTTP header when calling a Fluid Topics web service:
Content-Type: application/jsonFt-Calling-App: Your-Calling-App
For more information about the Ft-Calling-App header, see Fluid Topics calling app.
Example 1
In the following example, the header parameters are defined in a curl command to retrieve Analytics data:
curl -D - --location --request POST 'https://doc.antidot.net/analytics/api/v2/traffic/browsers-top' \
--header 'Ft-Calling-App: antidot/doc' \
--header 'Ft-Calling-App-Version: master-48257' \
--header 'Authorization: Basic kljJFLS45fdsar4asdrgKGjdfKJLSUONjfsalfjFLFfsjosjfalKas4fd45==' \
--header 'Content-Type: application/json' \
--data-raw '{
"startDate": "2022-01-01",
"endDate": "2022-10-10"
}'
Example 2
In the following example, the header parameters are defined in a curl command to retrieve data about content locales in a Fluid Topics portal:
curl -D - --location --request GET 'https://doc.antidot.net/api/khub/locales' \
--header 'Ft-Calling-App: antidot/doc' \
--header 'Ft-Calling-App-Version: 3.8.30' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic kljJFLS45fdsar4asdrgKGjdfKJLSUONjfsalfjFLFfsjosjfalKas4fd45=='
OWASP compliance
In addition to the required header parameters described above, Fluid Topics includes the following header parameters in each web service call:
X-Content-Type-OptionsStrict-Transport-SecurityReferrer-PolicyContent-Security-Policy
The presence of these header parameters respects OWASP Secure Software Development Lifecycle Requirements #14.4.4, #14.4.5, #14.4.6, and #14.4.7.
The Content-Security-Policy header parameter retrieves the values defined in the Trusted origins field.