Custom Headers
bLink APIs require the use of specific HTTP headers to ensure correct routing identification and traceability of requests and responses. This section describes the headers that must be included in requests sent through bLink as well as the headers returned in responses.
The exact headers required for a specific use case are defined in the corresponding endpoint documentation.
Request Headers
The following headers are sent with requests through the bLink APIs. They specify the target Service Provider, identify the requestor and support traceability and fraud prevention mechanisms. All headers must be provided according to the definitions below, unless stated otherwise in the endpoint documentation.
| Header | Description | Example |
|---|---|---|
| X-CorAPI-Target-ID | The unique identifier that identifies the Service Provider. | IIDX99999 |
| X-CorAPI-Client-ID | The unique identifier of the client is forwarded to the provider (SCOPE: FI). | CIDX9999999999 |
| X-Correlation-ID | The unique identifier (defined by the caller) which will be reflected back in the response. | f979df2a-9af3-4814-b985-08ae6c8398e7 |
| User-Agent | Name and version of the Service User's software. | ACME Moneymaker v2.0 |
| X-PSU-User-Agent | User agent of the end customer's device or browser initiating the operation or AUTO for system-triggered processes. This header can be used by the Service Provider for fraud detection features. | Mozilla/5.0 (Windows NT*) or AUTO |
| X-PSU-IP-Address | IP address of the end customer's device or browser initiating the operation or AUTO for system-triggered processes. This header can be used by the Service Provider for fraud detection features. | 153.46.97.253 or AUTO* |
| Host | Identifies the domain name for which a request is being sent to the server. This header must either be empty or not overwrite the actual host domain name. | api-qa.np.six-group.com |
Response Headers
The following headers may be returned in responses by bLink or the Service Provider. They provide information related to request tracing, error handling, localization or pagination behavior.
| Header | Description | Example |
|---|---|---|
| X-Correlation-ID | The unique identifier (defined by the caller) which will be reflected back in the response. | f979df2a-9af3-4814-b985-08ae6c8398e7 |
| X-CorAPI-Source | Indicates whether an error originated from the bLink platform or from the Service Provider. This header is returned only in error responses. | PLATFORM or PROVIDER |
| X-Next-Cursor | Pagination cursor returned by list endpoints. The value must be set in the cursor parameter of the subsequent request to retrieve the next page of results. An empty value indicates that no further results are available. | f058ebd6-02f7-4d3f-942e-904344e8cde5 |
| Content-Language | Indicates that the language of the error details provided with the commonErrorResponse is always English. This header is returned only in error responses. | en |
| WWW-Authenticate | OAuth related response header returned only for HTTP 401 Unauthorized responses. Provides additional information according to RFC 6750 section 3 describing why the request was considered unauthorized. | Bearer error="invalid_token" |
Correct Correlation-ID usage
The X-Correlation-ID is used to uniquely identify a single REST request and its corresponding response across all involved systems, including the Service User, bLink and the Service Provider.
The Correlation-ID must be unique per request. It enables reliable request tracing and analysis in case of errors. Service Users may use a structured Correlation-ID format combining a fixed prefix with a unique suffix to correlate related business events or user actions, provided that each request remains uniquely identifiable.
If the Correlation-ID is not used in a unique manner, requests cannot be reliably traced. In such cases, bLink reserves the right to limit or refuse support, as effective analysis may not be possible.