Skip to content

Common HTTP Request Headers

The BTQ API includes a set of custom headers that are used for authentication, tracking, and testing of the endpoints. Each of these headers are described below.

X-Billtrust-Api-Key

This header is used to provide the API key used to verify that the caller has access to the API. This key can be generated using the Authentication API. If the key is invalid, or if the user permissions associated with the key do not allow access to the API, a 403 FORBIDDEN will be returned.

One of X-Billtrust-Api-Key or X-Billtrust-Auth is required for most of the BTQ APIs outside of authentication.

X-Billtrust-Auth

This header is used to provide the access token used to verify that the caller has access to the API. This token can be obtained using the Authentication API. If the token is invalid, or if the user permissions associated with the token do not allow access to the API, a 403 FORBIDDEN will be returned.

One of X-Billtrust-Api-Key or X-Billtrust-Auth is required for most of the BTQ APIs outside of authentication.

X-BT-Corr-Id

This header contains a correlation ID for the API call. This ID can be used to track the lifespan of a call. Generally this header is reserved for internal use. If it is not provided, the BTQ API will automatically generate one.