This version is in beta - expect some breaking changes.

Test Fraud Prevention Headers API

Version and status	Select version and status
Available in Sandbox	Yes
Sandbox base URL	https://test-api.service.hmrc.gov.uk
Available in Production	No

Overview

When you use some of our APIs, you need to submit fraud prevention headers. This API checks the fraud prevention headers on individual requests. It checks the value and format and gives you feedback on any issues. For example, is the value for Gov-Client-Public-IP a public IP address?

How to use this API

Use this API to check headers submitted by your application meet the latest version of the fraud prevention headers specification.

In the initial stages of development, use the validate endpoint to get immediate feedback for a single request.

Once you have implemented headers on your API requests, run tests in sandbox. Then, use the validation-feedback endpoint to get feedback on the last request made to each endpoint.

You need to fix all errors and check any advisories. In responses, advisories are referred to as warnings.

We refer to your software architecture as a connection method. To use this API, you need to select the correct connection method for your application.

What not to do

Make sure that you:

do not use this API as a guarantee that requests in production will meet the specification
do not send HMRC your logs from this API. We use your most recent submissions to the sandbox to check fraud prevention headers

Errors

We use standard HTTP status codes to show whether an API request succeeded or not. They are usually in the range:

200 to 299 if it succeeded, including code 202 if it was accepted by an API that needs to wait for further action
400 to 499 if it failed because of a client error by your application
500 to 599 if it failed because of an error on our server

Errors specific to each API are shown in the Endpoints section, under Response. See our reference guide for more on errors.

Testing

Test Data section is not applicable for this API.

Versioning

When an API changes in a way that is backwards-incompatible, we increase the version number of the API. See our reference guide for more on versioning.

Endpoints

View API endpoints

Why do these endpoints look different?

The endpoints for this API now use the Open API Specification (OAS).

The API has not changed. You do not need to make any updates to your application if you already use this API.

Is this page not working properly? (opens in new tab)