Request Headers

The Search API uses the following request headers:

  • Accept – The Accept header tells the API which response type to return. Currently, the following are supported: application/xml and application/json. This header is included when building the authentication digest.
  • x-summon-date – The x-summon-date header is used during the authentication process, and is checked against the timestamp on the server. The date value is in the standard date format as defined in RFC 2616. This header is included when building the authentication digest.
  • Host – The Host header is a required HTTP header and is used internally to service the request. It follows the standard format for the HTTP Host header, as defined in RFC 2616. This header is included when building the authentication digest.
  • Authorization – The Authorization header is used for both authentication and authorization. This header contains an access ID and a digest of specific request attributes computed with a secret key that corresponds to the access ID. The server authenticates a request by comparing the digest from the Authorization header with a server-computed digest.
  • x-summon-session-id – The x-summon-session-id header is an optional header that is used to link user sessions to API sessions. The session ID is returned in the response. If this header is not present, a session ID will be generated for the request. If the x-summon-session-id is not sent with the first API request, then the generated session ID from the response should be sent in the x-summon-session-id header on all subsequent requests.

Example – Search API request headers

Host: api.summon.serialssolutions.com
Accept: application/xml
x-summon-date: Mon, 29 Jun 2009 23:07:20 GMT
Authorization: Summon test;TUDe5VCP520njOGCP8bg3uKR6OM=
x-summon-session-id: 0iy5u3VAkySQ3/Nbd7TT+WKdEYk=