This version is in beta - expect some breaking changes.
|Available in Sandbox||Yes|
|Sandbox base URL||https://test-api.service.hmrc.gov.uk|
|Available in Production||No|
The Test Fraud Prevention Headers API allows you to check that the fraud prevention headers submitted by your application are formatted correctly and meet the requirements of HMRC's fraud prevention specification. Check the data you need to send.
Do not send HMRC your Test API logs. We use your most recent submissions to the sandbox to check your fraud prevention headers.
What are fraud prevention headers?
Fraud prevention headers are HTTP headers that help us monitor and audit transactions to protect taxpayers' data from fraudulent activities.
It is mandatory to supply fraud prevention header information for all applications calling the VAT (MTD) API endpoints.
What can I do with this API?
Use this API to ensure your application is able to produce correctly formatted fraud prevention headers. It can be used during the initial development phase and as part of your regular quality assurance checks.
What does this API do?
This API performs basic checks on the values and formats of the fraud prevention header values sent by your application
- is the value for Gov-Client-Public-IP an IP address?
- is the IP address value for Gov-Client-Public-IP a public IP?
Feedback provided is based on data that you provide in a single request but does not guarantee that all your requests in production will meet the requirements of the fraud prevention specification. Responses from the VAT (MTD) API are currently not affected by the presence of fraud prevention headers.
When an API changes in a way that is backwards-incompatible, we increase the version number of the API. See our reference guide for more on versioning.
We use standard HTTP status codes to show whether an API request succeeded or not. They are usually in the range:
- 200 if request has been processed and feedback has been provided
- 400 to 499 if it failed because of a client error by your application
- 500 to 599 if it failed because of an error on our server
Errors specific to each API are shown in the Endpoints section, under Response. See our reference guide for more on errors.