Test Fraud Prevention Headers API
Available in Sandbox | Yes |
---|---|
Sandbox base URL | https://test-api.service.hmrc.gov.uk |
Available in Production | No |
Overview
When you use some of our APIs, you need to submit fraud prevention headers. This API checks the fraud prevention headers on individual requests. It checks the value and format and gives you feedback on any issues. For example, is the value for Gov-Client-Public-IP a public IP address?
How to use this API
Use this API to check headers submitted by your application meet the latest version of the fraud prevention headers specification.
In the initial stages of development, use the validate
endpoint to get immediate feedback for a single request.
Once you have implemented headers on your API requests, run tests in sandbox. Then, use the validation-feedback
endpoint to get feedback on the last request made to each endpoint.
warnings
.
We refer to your software architecture as a connection method. To use this API, you need to select the correct connection method for your application.
What not to do
Make sure that you:
- do not use this API as a guarantee that requests in production will meet the specification
- do not send HMRC your logs from this API. We use your most recent submissions to the sandbox to check fraud prevention headers
Errors
We use standard HTTP status codes to show whether an API request succeeded or not. They are usually in the range:
- 200 to 299 if it succeeded, including code 202 if it was accepted by an API that needs to wait for further action
- 400 to 499 if it failed because of a client error by your application
- 500 to 599 if it failed because of an error on our server
Errors specific to each API are shown in the Endpoints section, under Response. See our reference guide for more on errors.
Testing
Test Data section is not applicable for this API.
Versioning
When an API changes in a way that is backwards-incompatible, we increase the version number of the API. See our reference guide for more on versioning.
Endpoints
View API endpointsWhy do these endpoints look different?
The endpoints for this API now use the Open API Specification (OAS).
The API has not changed. You do not need to make any updates to your application if you already use this API.