Content-Type with Authorization for Authenticated APIs
Combine Content-Type with Authorization headers for authenticated API requests. Covers Bearer tokens, API keys, and common header combinations.
Best Practices
Detailed Explanation
Content-Type with Authentication
Most API requests require both a Content-Type header and an authentication header. Understanding how they work together is essential for API integration.
Common Header Combination
Content-Type: application/json; charset=utf-8
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
Authentication Header Patterns
| Pattern | Header Format | Common Use |
|---|---|---|
| Bearer Token | Authorization: Bearer <token> |
OAuth 2.0, JWT |
| API Key (header) | X-API-Key: <key> |
REST APIs |
| Basic Auth | Authorization: Basic <base64> |
Simple auth |
| API Key (query) | ?api_key=<key> |
Legacy APIs |
Bearer Token + JSON
curl -X POST \
-H "Content-Type: application/json; charset=utf-8" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
-d '{"title":"New Post","content":"Hello world"}' \
https://api.example.com/posts
fetch() Example
fetch("https://api.example.com/posts", {
method: "POST",
headers: {
"Content-Type": "application/json; charset=utf-8",
"Authorization": "Bearer " + accessToken
},
body: JSON.stringify({ title: "New Post" })
});
axios Example
axios.post("https://api.example.com/posts", {
title: "New Post"
}, {
headers: {
"Content-Type": "application/json; charset=utf-8",
"Authorization": `Bearer ${accessToken}`
}
});
OAuth Token Request
Token endpoints use URL-encoded form data, not JSON:
curl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=xxx&client_secret=yyy" \
https://auth.example.com/oauth/token
Use Case
Use this reference when integrating with any authenticated API. Understanding the correct Content-Type and Authorization header combination prevents common integration errors.