Mandatory Response Headers

[sachinvodafone]

I would like to confirm if we have explicitly defined certain response headers as mandatory, which must be present in each API response and that can be validated during our OpenAPI Specification (OAS) spectral validation that we are in the process of defining. I have reviewed the API documentation, but I couldn't find any mention of mandatory response headers.

[eric-murray]

From the Design Guidelines

To avoid cluttering the CAMARA OAS (Swagger) definition files, the above headers must not be included explicitly in the API definition files even when supported, as it can be assumed that developers will already be familiar with their use.

So it is expected that developers will generally understand which of the standard headers to expect in the response and how to treat them. Several of these are mandatory because of HTTP specifications, not CAMARA specifications. Only "non-standard" headers whose existence somehow affects the use case need be documented, but this will be API dependent, and so will only be reflected in that specific API definition.

Headers "required" by a specific client implementation (for example, if they want to use a standard web browser) are not a concern for CAMARA, but rather for the specific API implementor, who can add the required headers to their own implementation. Providing additional response headers does not make the implementation "non-compliant".

[rartych]

Closed as agreed