Request Headers & WAF
Part of the BioT platform's protection is Amazon's Web Application Firewall (WAF) which is the first to monitor every web request that is directed to the platform.
WAF is a rule based filter that examines the request and evaluates it. If the WAF determines that the request is malicious or fraudulent , it will block it and return a 403 HTTPS response.
While BioT makes an effort to fine tune the WAF, it may happen that it flags a legal request as malicious and blocks it.
To prevent these false positive detection we advise the use of appropriate HTTP request headers when making API requests to BioT.
Accept
Use the Accept header to declare that you expect JSON as a response:
Example: Accept: application/json
Content-Type
Use theContent-Type header to indicate the original media type of the resource:
Example: Content-Type: application/json; charset=utf-8
Content-Length
Use the Content-Length header to indicates the size of the message body, in bytes.
Example:Content-Length: 1654
Host
Use the Host header to specify the host of the server to which the request is being sent.
Example: Host: api.dev.biot-med.com
User-Agent
Use the User-Agent header to describe the client making the request; its application, operating system, vendor, and/or version.
Example: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0
If you require further information about the WAF or these headers, don't hesitate to contact us.
Updated about 1 year ago