Header Parameters
Learn how to work with HTTP headers in moclojer. Access and use request headers in dynamic responses (Authorization, User-Agent, etc).
HTTP headers carry metadata about the request and response. In moclojer, you can access headers sent by the client and use them in dynamic responses, as well as define custom headers in responses.
What Are HTTP Headers?
Headers are key-value pairs sent in HTTP requests and responses:
GET /api/users HTTP/1.1
Host: localhost:8000
Content-Type: application/json
Authorization: Bearer token123
User-Agent: curl/7.64.1
Accept: application/jsonDivided into:
Request Headers: Client β Server
Response Headers: Server β Client
Why Use Headers?
β
Authentication: Authorization: Bearer token β
Content Negotiation: Accept: application/json β
Caching: Cache-Control, ETag β
CORS: Access-Control-Allow-Origin β
Tracking: X-Request-ID, X-Correlation-ID β
Client Info: User-Agent, Referer
Accessing Request Headers
Syntax: {{header-params.HeaderName}}
{{header-params.HeaderName}}Test:
Response:
Common Headers
1. Authorization (Authentication)
Request:
Response:
2. User-Agent (Client)
Request:
3. Content-Type
Request:
4. Accept (Content Negotiation)
Request JSON:
Request XML (simulated):
5. Custom Headers (X-*)
Request:
Defining Response Headers
Simple Headers
Test:
Response headers:
Dynamic Headers
Request:
Response headers include:
CORS Headers
Or use global flag:
Cache Headers
Practical Use Cases
1. Bearer Token Authentication
β οΈ Note: moclojer doesn't validate tokens. Both endpoints will respond. Use correct order or validation tools.
2. API Versioning via Header
Request v1:
Request v2:
3. Request Tracking
Request:
4. Multi-Tenant API
Request:
5. Rate Limiting Headers
6. Content Negotiation
Request:
Combining Parameters
Headers + Path + Query + Body
Request:
Headers Case-Insensitive
HTTP headers are case-insensitive:
But convention:
Use
Title-Casein headers:Content-Type,AuthorizationUse exactly as defined in template
Standard Headers vs Custom
Standard Headers (Avoid X- prefix)
RFC 6648 discourages X- in new headers:
But X- is still very common in practice:
X-Request-IDX-Correlation-IDX-API-KeyX-Forwarded-For
Custom Headers (Use specific prefix)
Best Practices
β
Do
Use headers for metadata, not data
CORS headers when needed
Content-Type always explicit
Request tracking headers
β Avoid
Sensitive headers in logs
Giant headers
Complex data in headers
Troubleshooting
Problem: Header is not replaced
Cause: Incorrect name (case-sensitive in template)
Problem: Custom header doesn't appear
Cause: Not defined in response
Problem: CORS error
Solution:
Important Headers
Authorization
Authentication
Bearer token123
Content-Type
Body type
application/json
Accept
Desired format
application/json
User-Agent
Client info
curl/7.64.1
X-Request-ID
Request tracking
req-abc-123
X-API-Key
API key auth
sk_live_abc123
Cache-Control
Caching policy
max-age=3600
Location
Redirect/Created
/users/123
Next Steps
Path Parameters - URL parameters
Query Parameters - Filters and pagination
Body Parameters - Data in body
HTTP Methods - GET, POST, etc.
See Also
Template Variables - Complete reference
Dynamic Responses - Practical tutorial
CRUD Operations - Complete examples
Last updated
Was this helpful?