Skip to main content

Custom Headers

In order to send requests through the bLink APIs, different custom headers need to be sent. The following table shows the currently defined custom headers for bLink, however the specific custom headers for each use case are defined in the endpoints documentation.

X-CorAPI-Target-ID The unique identifier that identifies the Service Provider.IIDX99999
X-CorAPI-Client-ID The unique identifier of the client forwarded to the provider (SCOPE: FI).CIDX9999999999
X-Correlation-ID The unique identifier (defined by the caller) which will be reflected back in the response.f979df2a-9af3-4814-b985-08ae6c8398e7
User-Agent Name and version of the Service User's software.ACME Moneymaker v2.0
X-PSU-User-Agent User agent of the Service User initiating the operation. This header can be used by the Service Provider for fraud detection features.Mozilla/5.0 (Windows NT?) or AUTO
X-PSU-IP-Address IP address of the user Service User initiating the operation. This header can be used by the Service Provider for fraud detection features. or AUTO*
X-CorAPI-Source Indicates if the response was created by the Corporate API platform or by the Service Provider (SCOPE: SIX)PLATFORM or PROVIDER
Host Identifies the domain name for which a request is being sent to the server. This header must either be empty or not overwrite the actual host domain

Correct Correlation-ID usage

The Correlation-ID shall be used to uniquely identify a single REST call (request/response) on its way through all the systems involved, be it at the Service User, bLink or the Service Provider. ​Due to its unique character, the Correlation-ID may be used for debugging purposes as well as for log analytics, e.g., measuring latency of components, round-trip time, etc.. Using the same Correlation-ID value for multiple REST calls will render such analytics useless.​

The Correlation-ID shall not be used for grouping multiple calls belonging to the same business (trans)action, e.g., fetching transaction lists for multiple accounts from the same SP (one REST call per account, all using the same Correlation-ID). If a Service User needs to correlate on a business (trans)action, e.g., all transactions of a batch we recommend to use a two-part Correlation-ID composed of a fixed “batch” prefix and a unique postfix per transaction, e.g., “Batch-ID//unique ID”.  The uniqueness of the Correlation-ID is thereby guaranteed, and the Service User can still correlate with the “batch” prefix.