HTTP headers

Requests

Neo uses a few custom headers to additionally help with request correctness.

X-CorpContext

Users can be a member of many tenants ("corps"), so it is important to make sure that requests are being made to the expected one.
Every response includes a X-SessionCorpContext header with the current tenant ID. If a session changes context between requests, this header will change, providing the new tenant ID.

The X-CorpContext header can be provided on requests to ensure that the request is being made to the expected current tenant.
If the expectation does not match the current context, the server will reject the request with 403 Forbidden and details of the current context.

If this protection is not required, to prevent unwanted response warning headers, send the X-CorpContext: ignore header with each request.

Example: Incorrect context check

Example: Opt-out of context checks

Responses

Neo uses a few custom response headers to help with diagnosis and tracing.

X-SessionExpiry

The timestamp that the session will expire at.
This value will automatically extend while the session is in use.

X-TraceIdentifier

A GUID for tracking the request.

In general, this value is for information only, but may be requested by support when investigating a reported issue.

Example

Requests#

X-CorpContext#

Responses#

X-SessionExpiry#

X-TraceIdentifier#

Requests

X-CorpContext

Responses

X-SessionExpiry

X-TraceIdentifier