# Headers Sales Layer REST APIs use HTTP headers to authenticate requests and, in some cases, control how request and response content is interpreted. At minimum, every API request must include the `X-API-KEY` header. ## Header summary | Header | Required | Used for | | --- | --- | --- | | `X-API-KEY` | Yes | Authenticates the request with the API key assigned to the Sales Layer account. | | `Accept-Language` | Optional | Requests localized content for supported Catalog API fields. | | `Content-Type` | Required when sending a body | Tells the API the format of the request body. Use `application/json` for JSON requests. | | `Accept` | Optional | Indicates the preferred response format. Use `application/json` when you want JSON responses explicitly. | ## X-API-KEY `X-API-KEY` is mandatory for all Sales Layer REST API requests. ```http X-API-KEY: YOUR_API_KEY ``` Replace `YOUR_API_KEY` with the key provided for your Sales Layer account. Do not expose API keys in frontend code, public repositories, screenshots, or logs. See [Authentication](/guides/authentication) for API key access and security recommendations. ## Accept-Language `Accept-Language` can be used to request localized content when an API supports localized fields. ```http Accept-Language: en-us ``` If omitted, the API may return content using the default language configured for the Sales Layer account. This header is especially relevant for Catalog API resources that include multilanguage fields. For example, a catalog integration may use it to request product, variant, category, or custom entity values in a specific language. Examples: ```http Accept-Language: en Accept-Language: en-us Accept-Language: es ``` Use the exact language or locale values supported by the account and the API operation. > **Note:** Q-factor weighting (for example, `en-US;q=0.9`) and the wildcard (`*`) are not supported. Use exact language or locale codes only. ## Content-Type Use `Content-Type` when sending a request body. For JSON request bodies: ```http Content-Type: application/json ``` This is relevant for operations such as creating or updating DAM images, products, variants, categories, or custom entity items. Requests without the expected `Content-Type` may be rejected or parsed incorrectly. ## Accept Use `Accept` when the client wants to explicitly request a response format. For JSON responses: ```http Accept: application/json ``` Most API clients can omit this header when JSON is the default response format, but including it can make integrations easier to inspect and debug. ## Example GET request ```bash curl -X GET 'https://api2.saleslayer.com/catalog/rest/Catalog/Products?$top=10' \ -H 'X-API-KEY: YOUR_API_KEY' \ -H 'Accept-Language: en-us' \ -H 'Accept: application/json' ``` ## Common mistakes Avoid these common header issues: * Sending the API key in a query parameter instead of the `X-API-KEY` header. * Misspelling `X-API-KEY`. * Sending an empty API key value. * Forgetting `Content-Type: application/json` when sending a JSON body. * Assuming `Accept-Language` changes all fields; it only affects localized content supported by the API operation. * Logging full request headers in production without masking the API key. ## Support For technical support, API questions, or help getting access to an API key, contact Sales Layer support or your account representative.