What are API Headers?

Jump to:

What are API Headers?

API headers represent the meta-data associated with an API request and response. In other words, they’re like an extra source of information for each API call you make.

When you encounter any issues with an API, the headers are a great place to start looking, since they can help you track down any potential issues. This makes them a very important part of each request.

They tell you about:

  1. Request and Response Body
  2. Request Authorization
  3. Response Caching
  4. Response Cookies

Identifying Headers in a Message Body

In the message body (the chunk of data that includes everything in the request or response), the headers usually come after the request line or response line.

You can identify a header in a message body by its general format, which consists of a key-value pair in clear-text string format separated by a colon.

Like in this example below:


 "key1": "value1",

 "key2": " value2",

 "key3": " value3",


The text strings key and value in the example above are used for clarity. But it’s important to note that the strings used in actual header fields are usually longer and more random-looking.

But no matter how long or random a string may look, the general format remains the same.

To see a list of the most common header fields, click here.

Examples of API Headers

Here are some of the most common API Headers you will encounter when testing any API.

  • Authorization: Contains the authentication credentials for HTTP authentication.
  • WWW-Authenticate: The server may send this as an initial response if it needs some form of authentication before responding with the actual resource being requested. Often following this header is the response code 401, which means “unauthorized”.
  • Accept-Charset: This header is set with the request and tells the server which character sets (e.g., UTF-8, ISO-8859-1, Windows-1251, etc.) are acceptable by the client.
  • Content-Type:  Tells the client what media type (e.g., application/json, application/javascript, etc.) a response is sent in. This is an important header field that helps the client know how to process the response body correctly.
  • Cache-Control: The cache policy defined by the server for this response, a cached response can be stored by the client and re-used till the time defined by the Cache-Control header.

API Headers in action

To make API headers easier to understand, I’ll show you an example of how API headers are actually used.

Let’s use the Cat Facts API as an example.

We can use the version on RapidAPI to get the full response in JSON format. This lets us see the entire message body — headers and all.

If we test the /facts endpoint, we get the following list of headers in the response body:

As you can see, it contains important headers like Content-Type, Date, and ETag, among others, which will be very useful for uncovering the cause of any potential issues should they come up.

Sometimes, you’ll need some sort of authentication to make a request. For this, you might need an API Key, which is often provided by the server.

If the API key is listed as a header, then you’ll need to set it in the headers option of your HTTP request.

Like this:

headers: {'Authorization': '[your API key]'}

That’s if you’re coding in the first place. But with Apipheny, you can set your headers without having to code at all.

Using the Apipheny Headers feature, all you need to do to set your headers is paste in your header’s Key and Value. You can also add new rows should you need them.

Finding an API’s Headers

You can find out which headers you need to use an API by looking inside the documentation.

Typically, you’ll need to find the required headers for authentication. In which case, you’ll need the API Key and Secret, which the server will provide early on.

Some APIs don’t need authentication, and you can use them right away. But if you get a 401 error after making a request, then it’s likely you need authentication.

Don’t worry, though. Stuff like this is always indicated in the documentation.

Final words

API Headers contain a wealth of information for tracking down potential issues when using any API.

Most of the time, you won’t be looking at them. But when problems arise, the headers are the first place you should look.

Import API data directly into Google Sheets

Do a lot of copy-pasting?

We used to, as well.

But it took up too much of our time.

Introducing Apipheny, a Google Sheets add-on that lets you import data directly into Google Sheets — and save up to an hour of your workday.

It lets you connect virtually any API to Google Sheets — in just a matter of seconds.

This means you can now import data directly from your favorite data sources — and finally stop switching between tabs with your fingers stuck on Ctrl + C and Ctrl + V.

Here’s Apipheny CEO & Co-Founder, Meelad, showing you just how easy it is to use the add-on.

Apipheny lets you do the following things:

  • Skip the scripting & coding part of APIs.
  • Retrieve and send data from your favorite data sources easily, using the GET and POST request features.
  • Access virtually any REST API, whether it’s JSON or CSV.
  • Get the data you need in a nice, clean, list on your spreadsheet with the JSON converter.
  • Save time by automating your API calls with the Save and Schedule features.

Try it for free. No credit card needed.

Learn more about APIs by reading these next:

Related Posts