Headers sent by the Proxy

Mashape adds additional headers to both the request and the response. It is important as a consumer or a provider to understand what headers are being sent by the proxy. Being aware of these details, outlined below, will save you a lot of time when coding functionalities on your end.


Table of Contents

  1. Headers sent as response (consuming)
  2. Headers sent to the request (providing)

Headers sent as response

When consuming an API through Mashape, you will always receive the following headers appended to the response:

X-Mashape-Version
The current version of the proxy used by Mashape.

X-Mashape-Proxy-Response
Set to "true" when the response has beenentirelygenerated by Mashape and not by the API. You will see this header, for example, when the API is temporary down or when you use invalid Mashape credentials.

Headers sent to the request

If you are an API provider, you will receive some additional headers appended in the request:

X-Mashape-Proxy-Secret
This is a secret unique key for every API that is appended by the proxy on every request. For high security, you can validate this secret server-side and check if it equals the key shown in the API Admin (under the Settings tab).

X-Mashape-User
The name of the user that's making the request.

X-Mashape-Subscription
The name of the subscription (if any). The values can be:

  • FREE
  • BASIC
  • PREMIUM
  • ULTRA
  • CUSTOM (if the user is subscribed to a custom plan.)

X-Mashape-Version
The version of the proxy.

X-Forwarded-For
The IP address of the client making the request. It could be shown in a comma separated format like "184.73.132.126, 23.23.103.207" where the first IP address belongs to the client and any subsequent IP represents a proxy.