All requests shall use HTTP methods as defined in the HTTP specification.
Pre-requisite: All Web Services must configure CORS to allow for cross-domain requests (an example of how to do this in .Net WebServices can be found in the CORS section of this document).
| Header Name and Value | Header Type | Mandatory | Description |
Origin: <client origin> |
Request | x | Required by CORS, populated automatically. See CORS appendix section for more information. |
| Content-Type:text/xml; charset=utf8 | Request | x | Content type of request is XML using utf8 |
| Access-Control-Request-Method: POST, GET, PUT, DELETE, OPTIONS | Request | x | Required by CORS pre-flight check, see links in CORS appendix section for more information. The minimal is POST, GET, OPTIONS. |
| Access-Control-Request-Headers: Content-Type, SOAPAction | Request | x | Required by CORS pre-flight check, see links in CORS appendix section for more information. |
| Cache-Control:no-cache | Response | x | Indicates that the response shall not be cached by any intermediate. |
| Content-Type:text/xml; charset=utf8 | Response | x | Content type of the response is XML. |
| Access-Control-Allow-Origin: * | Response | x | Pre-flight response indicating allowed origins. |
| Access-Control-Request-Method: POST, GET, PUT, DELETE, OPTIONS | Response | x | Required by CORS, see links in CORS appendix section for more information. The minimal is POST, GET, OPTIONS. |
| Access-Control-Request-Headers: Content-Type, SOAPAction | Response | x | Required by CORS, see links in CORS appendix section for more information. |