HTTP Headers

A HTTP Headers

You use headers to provide information (metadata) about the request or response or about the data contained in the message body. Oracle Mobile Cloud Enterprise (OMCe) provides custom request and response headers that you can use with the connector APIs and in custom code. The HTTP headers, their descriptions, and the services that use them are described in this chapter.

For detailed descriptions of standard HTTP headers, see Header Field Definitions.

API Headers

The following table lists the custom HTTP headers listed used by Oracle Mobile Cloud Enterprise (OMCe) custom APIs and connector APIs.

Header Description API

Header	Description	API
`Oracle-Mobile-API-Version`	The version of the connector or custom API that is called from a custom API implementation. Use this header when the dependency isn't declared in `package.json` or when you need to override the dependency declared in `package.json`. See package.json Contents.	Custom API REST and SOAP Connector APIs
`Oracle-Mobile-Backend-ID`	The ID of the mobile backend issued by OMCe, which enables a mobile application to access APIs associated with that mobile backend. This header is required when you are using the HTTP Basic Authentication. The value of the ID (for the given environment) is displayed in the Keys section of the Mobile Backends page.	Custom API
`Oracle-Mobile-External-Authorization`	The request header used when a security policy isn’t configured for the connector. When this header is set, the value of the header is set as Authorization on the request to the external service. Set the `Oracle-Mobile-External-Authorization` header only when the service you’re connecting to is secured in a way that isn’t described by an existing security policy. The header won't take effect if a security policy is configured. Setting this header takes precedence over setting an Authorization header and creating a rule for it.	REST Connector API

Oracle-Mobile-API-Version

The version of the connector or custom API that is called from a custom API implementation.

Use this header when the dependency isn't declared in package.json or when you need to override the dependency declared in package.json. See package.json Contents.

Custom API

REST and SOAP Connector APIs

Oracle-Mobile-Backend-ID

The ID of the mobile backend issued by OMCe, which enables a mobile application to access APIs associated with that mobile backend.

This header is required when you are using the HTTP Basic Authentication. The value of the ID (for the given environment) is displayed in the Keys section of the Mobile Backends page.

Custom API

Oracle-Mobile-External-Authorization

The request header used when a security policy isn’t configured for the connector. When this header is set, the value of the header is set as Authorization on the request to the external service.

Set the Oracle-Mobile-External-Authorization header only when the service you’re connecting to is secured in a way that isn’t described by an existing security policy. The header won't take effect if a security policy is configured. Setting this header takes precedence over setting an Authorization header and creating a rule for it.

REST Connector API

SDK Headers

The public HTTP headers listed in the following table are used in the iOS and Android SDKs to write calls in your app to mobile backend services.

Header names are case-insensitive and used the same way on both platforms. If you choose to write custom headers, then they must begin with Oracle-Mobile-.

Header	Description	Service
`Authorization`	For OAuth and SSO, contains the OAuth token downloaded from the OAuth Server. For HTTP Basic and Facebook, contains the Base64 encoding of the user name and password.	Security
`Oracle-Mobile-Analytics-Session-ID`	The current session to track events.	Analytics
`Oracle-Mobile-Application-Key`	The Application ID that’s used to differentiate various applications.	Analytics and Others
`Oracle-Mobile-Backend-ID`	The ID of the mobile backend issued by OMCe, which enables a mobile application to access APIs associated with that mobile backend. This header is required when you’re using the HTTP Basic authentication or Facebook login. The value of the ID (for the given environment) is displayed in the Keys section of the Mobile Backends page.	Security
`Oracle-Mobile-Canonical-Link`	The canonical link for the object.	Storage
`Oracle-Mobile-Client-Request-Time`	The client timestamp at which the request is made. The timestamp is in UTC in the format yyyy'-'MM'-'dd'-T'HH':'mm':'ss':SSS'Z.	Diagnostics
`Oracle-Mobile-Content-Disposition`	Arequest for the value of the `Content-Disposition` HTTP response header.	Storage
`Oracle-Mobile-Created-By`	The user who initially created the object. Corresponds to the `createdBy` property in the JSON representation of an object.	Storage
`Oracle-Mobile-Created-On`	The `dateTime` when the object was initially created. Corresponds to the `createdOn` property in the JSON representation of an object.	Storage
`Oracle-Mobile-Device-ID`	The Device ID that’s used to differentiate various mobile devices.	Storage and Others
`Oracle-Mobile-Diagnostic-Session-ID`	A unique ID to represent a user app session. This is different from an Analytics session in terms of lifetime. The SDK uses the process ID (OS PID) for the header value.	Diagnostics
`Oracle-Mobile-Extra-Fields`	Addition of a set of predefined columns like `createdBy`, `createdOn`, and `modifiedBy`, which you can use to audit mobile users’ interactions with the database. See Creating a Table Explicitly.	Database
`Oracle-Mobile-Modified-By`	The user who last modified the object. Corresponds to the `modifiedBy` property in the JSON representation of an object.	Storage
`Oracle-Mobile-Modified-On`	The `dateTime` when the object was last modified. Corresponds to the `modifiedOn` property in the JSON representation of an object.	Storage
`Oracle-Mobile-Name`	The display name for the object. Corresponds to the `name` property in the JSON representation of an object.	Storage
`Oracle-Mobile-Primary-Keys`	Addition of a primary key to implicitly created schema.	Database
`Oracle-Mobile-Self-Link`	The self link for the object.	Storage
`Oracle-Mobile-Social-Access-Token`	For Facebook login, contains the Facebook access token.	Security
`Oracle-Mobile-Social-Identity-Provider`	For Facebook login, contains the value `facebook`.	Security
`Oracle-Mobile-Sync-Evict`	Optional. The specification of when a returned resource should be evicted from the cache, if set. Uses RFC 1123 `SimpleDateFormat`, for example "EEE, dd MMM yyyy HH:mm:ss z"	Synchronization
`Oracle-Mobile-Sync-Expires`	Optional. The specification of when a returned resource should expire in the cache, if set. Uses RFC 1123 `SimpleDateFormat`, for example "EEE, dd MMM yyyy HH:mm:ss z"	Synchronization
`Oracle-Mobile-Sync-No-Store`	If set to `true`, the device doesn’t cache the returned resource.	Synchronization
`Oracle-Mobile-Sync-Resource-Type`	An `item` for items or a `collection` for collections; omitted for files. When set to `item` or `collection`, the `Content-Type` header must be `application/json`. For collections, the JSON must conform to the collection envelope structure. This is the custom header defined by the Synchronization service. See Defining Synchronization Policies and Cache Settings in a Response Header for details.	Synchronization
`Oracle-Mobile-Sync-Agent`	Optional. Informs a sync-compatible service (like Storage) to generate compatible collection formats. The value of the header is not critical but the client will set it to `true`.	Synchronization