Gateway Headers Reference
All headers injected or expected by the SlaunchX gateway layer on the WEB chain.
Secure Channel Headers
| Header | Required | Description |
|---|---|---|
X-SC-Session-Id | Conditional | Secure Channel session ID. Required for endpoints that accept encrypted payloads. |
X-SC-Version | Conditional | Secure Channel protocol version. Sent alongside X-SC-Session-Id. |
Content-Type for Secure Channel
When Secure Channel is active, the request body contains a binary SCv2 envelope, but the Content-Type header remains application/json;charset=UTF-8. The gateway detects encrypted payloads by inspecting the binary magic bytes, not the Content-Type.
Gateway Headers (WEB Chain)
| Header | Required | Description |
|---|---|---|
X-Request-Id | Required | Unique request identifier (UUID). Used for tracing and idempotency. |
X-PORTAL-ACCESS-CODE | Required | Portal access code. Identifies which portal the request is entering through. |
X-Workspace-Id | Conditional | Workspace context. Required for workspace-scoped operations. |
X-LOCALE | Optional | Response locale override (e.g., en, zh). |
X-Client-Hash | Required | Client device fingerprint. Must remain stable across the session. |
User-Agent | Required | Client user agent string. |
Accept-Language | Optional | Preferred response language. |
Cloudflare Headers
These headers are injected by Cloudflare and forwarded by the gateway. In local development, you must set them manually.
| Header | Required | Description |
|---|---|---|
CF-Connecting-IP | Required | Client IP address (set by Cloudflare). |
cf-ipcountry | Required | Client country code (ISO 3166-1 alpha-2). |
Cf-Ray | Required | Cloudflare ray ID for request tracing. |
X-Forwarded-Proto | Required | Forwarded protocol (https). |
cf-region | Optional | Client region. |
cf-ipcity | Optional | Client city. |
cf-iplatitude | Optional | Client latitude. |
cf-iplongitude | Optional | Client longitude. |
cf-postal-code | Optional | Client postal code. |
cf-timezone | Optional | Client timezone. |
Authentication Headers
| Header | Required | Description |
|---|---|---|
Authorization | Conditional | Bearer <JWT>. Required for authenticated endpoints. |
Exposed-Credential-Check | Optional | Indicates the credential has been checked against breach databases. |