Documentation Get Support

Additional headers sent by the Proxy

Mashape adds some additional header to both the request and the response.

Headers sent to the response

When consuming an API through Mashape, you will always receive the following headers appended to the response:

  • X-Mashape-Version: The version of the proxy.
  • X-Mashape-Proxy-Response: Set to "true" when the response has been entirely generated by Mashape and not by the API. You will see this header, for example, when the API is temporary down or when you use invalid Mashape credentials.

Headers sent to the request

If you are an API provider, you will receive some additional headers appended in the request:

  • X-Mashape-Proxy-Secret: This is a secret unique key for every API that is appended by the proxy on every request. For high security, you can validate this secret server-side and check if it equals the key shown in the API Admin (under the Settings tab).
  • X-Mashape-User: The name of the user that's making the request.
  • X-Mashape-Subscription: The name of the subscription (if any). The values can be FREE, BASIC, PREMIUM, ULTRA, or CUSTOM if the user is subscribed to a custom plan.
  • X-Mashape-Version: The version of the proxy.
  • X-Forwarded-For: The IP address of the client making the request. It could be shown in a comma separated format like "184.73.132.126, 23.23.103.207" where the first IP address belongs to the client and any subsequent IP represents a proxy.