This version is in beta - expect some breaking changes.
|Available in Sandbox||Yes|
|Sandbox base URL||https://test-api.service.hmrc.gov.uk|
|Available in Production||No|
When you use some of our APIs, you need to submit fraud prevention headers. This API checks the fraud prevention headers on individual requests. It checks the value and format and gives you feedback on any issues. For example, is the value for Gov-Client-Public-IP a public IP address?
How to use this API
Use this API to check headers submitted by your application meet the latest version of the fraud prevention headers specification.
In the initial stages of development, use the
validate endpoint to get immediate feedback for a single request.
Once you have implemented headers on your API requests, run tests in sandbox. Then, use the
endpoint to get feedback on the last request made to each endpoint.
We refer to your software architecture as a connection method. To use this API, you need to select the correct connection method for your application.
What not to do
Make sure that you:
- do not use this API as a guarantee that requests in production will meet the specification
- do not send HMRC your logs from this API. We use your most recent submissions to the sandbox to check fraud prevention headers
When an API changes in a way that is backwards-incompatible, we increase the version number of the API. See our reference guide for more on versioning.
We use standard HTTP status codes to show whether an API request succeeded or not. They are usually in the range:
- 200 if request has been processed and feedback has been provided
- 400 to 499 if it failed because of a client error by your application
- 500 to 599 if it failed because of an error on our server
Errors specific to each API are shown in the Endpoints section, under Response. See our reference guide for more on errors.