CSP origins

CSP origins allow you to configure domains, or origins, that Qlik Sense client visualizations/extensions are allowed to communicate with.

Download specification

List CSPs

Retrieves all content security policies for a tenant.

Facts

Rate limit Tier 1 (1000 requests per minute)
Categories embed

Query Parameters

  • childSrcboolean

    Filter resources by directive 'childSrc', true/false.

  • connectSrcboolean

    Filter resources by directive 'connectSrc', true/false.

  • connectSrcWSSboolean

    Filter resources by directive 'connectSrcWSS', true/false.

  • fontSrcboolean

    Filter resources by directive 'fontSrc', true/false.

  • formActionboolean

    Filter resources by directive 'formAction', true/false.

  • frameAncestorsboolean

    Filter resources by directive 'frameAncestors', true/false.

  • frameSrcboolean

    Filter resources by directive 'frameSrc', true/false.

  • imgSrcboolean

    Filter resources by directive 'imgSrc', true/false.

  • limitnumber

    Maximum number of CSP-Origins to retrieve.

  • mediaSrcboolean

    Filter resources by directive 'mediaSrc', true/false.

  • namestring

    Filter resources by name (wildcard and case insensitive).

  • nextstring

    Cursor to the next page.

  • objectSrcboolean

    Filter resources by directive 'objectSrc', true/false.

  • originstring

    Filter resources by origin (wildcard and case insensitive).

  • prevstring

    Cursor to previous next page.

  • scriptSrcboolean

    Filter resources by directive 'scriptSrc', true/false.

  • sortstring

    Field to sort by, prefix with -/+ to indicate order.

    Can be one of: "name""-name""origin""-origin""createdDate""-createdDate""modifiedDate""-modifiedDate"

  • styleSrcboolean

    Filter resources by directive 'styleSrc', true/false.

  • workerSrcboolean

    Filter resources by directive 'workerSrc', true/false.

Responses

200

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • dataarray of objects
      Show data properties
      • namestring

        The name for this entry.

      • imgSrcboolean

        Specifies valid sources of images and favicons.

      • originstring
        Required

        The origin that the CSP directives should be applied to.

      • fontSrcboolean

        Specifies valid sources for loading fonts.

      • childSrcboolean

        Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iFrame.

      • frameSrcboolean

        Specifies valid sources for loading nested browsing contexts using elements such as frame and iFrame.

      • mediaSrcboolean

        Specifies valid sources for loading media using the audio and video elements.

      • styleSrcboolean

        Specifies valid sources for stylesheets.

      • objectSrcboolean

        Specifies valid sources for the object, embed, and applet elements.

      • scriptSrcboolean

        Specifies valid sources for JavaScript.

      • workerSrcboolean

        Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

      • connectSrcboolean

        Restricts the URLs that can be loaded using script interfaces.

      • formActionboolean

        Allow forms to be submitted to the origin.

      • createdDatestring

        The UTC timestamp when the CSP entry was created.

      • descriptionstring

        The reason for adding this origin to the Content Security Policy.

      • modifiedDatestring

        The UTC timestamp when the CSP entry was last modified.

      • connectSrcWSSboolean

        Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://').

      • frameAncestorsboolean

        Specifies valid sources for embedding the resource using frame, iFrame, object, embed and applet.

      • idstring

        The CSP entry's unique identifier.

    • linksobject
      Show links properties
      • nextobject
        Show next properties
        • hrefstring
          Required

          URL to a resource request.

      • prevobject
        Show prev properties
        • hrefstring
          Required

          URL to a resource request.

      • selfobject
        Show self properties
        • hrefstring
          Required

          URL to a resource request.

400

application/json

Bad Request

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

401

application/json

Unauthorized

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

403

application/json

Forbidden

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

503

application/json

Service Unavailable

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

GET /v1/csp-origins
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins" \
-H "Authorization: Bearer <access_token>"

Response

{
"data": [
{
"name": "string",
"imgSrc": true,
"origin": "string",
"fontSrc": true,
"childSrc": true,
"frameSrc": true,
"mediaSrc": true,
"styleSrc": true,
"objectSrc": true,
"scriptSrc": true,
"workerSrc": true,
"connectSrc": true,
"formAction": true,
"createdDate": "2018-10-30T07:06:22Z",
"description": "string",
"modifiedDate": "2018-10-30T07:06:22Z",
"connectSrcWSS": true,
"frameAncestors": true,
"id": "string"
}
],
"links": {
"next": {
"href": "string"
},
"prev": {
"href": "string"
},
"self": {
"href": "string"
}
}
}

Create a new CSP

Creates a new content security policy for an origin.

Facts

Rate limit Tier 2 (100 requests per minute)
Categories embed

Request Body

Required

application/json

  • application/jsonobject
    Show application/json properties
    • namestring

      The name for this entry.

    • imgSrcboolean

      Specifies valid sources of images and favicons.

    • originstring
      Required

      The origin that the CSP directives should be applied to.

    • fontSrcboolean

      Specifies valid sources for loading fonts.

    • childSrcboolean

      Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iFrame.

    • frameSrcboolean

      Specifies valid sources for loading nested browsing contexts using elements such as frame and iFrame.

    • mediaSrcboolean

      Specifies valid sources for loading media using the audio and video elements.

    • styleSrcboolean

      Specifies valid sources for stylesheets.

    • objectSrcboolean

      Specifies valid sources for the object, embed, and applet elements.

    • scriptSrcboolean

      Specifies valid sources for JavaScript.

    • workerSrcboolean

      Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

    • connectSrcboolean

      Restricts the URLs that can be loaded using script interfaces.

    • formActionboolean

      Allow forms to be submitted to the origin.

    • descriptionstring

      The reason for adding this origin to the Content Security Policy.

    • connectSrcWSSboolean

      Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://').

    • frameAncestorsboolean

      Specifies valid sources for embedding the resource using frame, iFrame, object, embed and applet.

Responses

201

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • namestring

      The name for this entry.

    • imgSrcboolean

      Specifies valid sources of images and favicons.

    • originstring
      Required

      The origin that the CSP directives should be applied to.

    • fontSrcboolean

      Specifies valid sources for loading fonts.

    • childSrcboolean

      Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iFrame.

    • frameSrcboolean

      Specifies valid sources for loading nested browsing contexts using elements such as frame and iFrame.

    • mediaSrcboolean

      Specifies valid sources for loading media using the audio and video elements.

    • styleSrcboolean

      Specifies valid sources for stylesheets.

    • objectSrcboolean

      Specifies valid sources for the object, embed, and applet elements.

    • scriptSrcboolean

      Specifies valid sources for JavaScript.

    • workerSrcboolean

      Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

    • connectSrcboolean

      Restricts the URLs that can be loaded using script interfaces.

    • formActionboolean

      Allow forms to be submitted to the origin.

    • createdDatestring

      The UTC timestamp when the CSP entry was created.

    • descriptionstring

      The reason for adding this origin to the Content Security Policy.

    • modifiedDatestring

      The UTC timestamp when the CSP entry was last modified.

    • connectSrcWSSboolean

      Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://').

    • frameAncestorsboolean

      Specifies valid sources for embedding the resource using frame, iFrame, object, embed and applet.

    • idstring

      The CSP entry's unique identifier.

400

application/json

Bad Request

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

401

application/json

Unauthorized

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

403

application/json

Forbidden

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

503

application/json

Service Unavailable

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

POST /v1/csp-origins
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins" \
-X POST \
-H "Content-type: application/json" \
-H "Authorization: Bearer <access_token>" \
-d '{"name":"string","imgSrc":true,"origin":"string","fontSrc":true,"childSrc":true,"frameSrc":true,"mediaSrc":true,"styleSrc":true,"objectSrc":true,"scriptSrc":true,"workerSrc":true,"connectSrc":true,"formAction":true,"description":"string","connectSrcWSS":true,"frameAncestors":true}'

Request

{
"name": "string",
"imgSrc": true,
"origin": "string",
"fontSrc": true,
"childSrc": true,
"frameSrc": true,
"mediaSrc": true,
"styleSrc": true,
"objectSrc": true,
"scriptSrc": true,
"workerSrc": true,
"connectSrc": true,
"formAction": true,
"description": "string",
"connectSrcWSS": true,
"frameAncestors": true
}

Response

{
"name": "string",
"imgSrc": true,
"origin": "string",
"fontSrc": true,
"childSrc": true,
"frameSrc": true,
"mediaSrc": true,
"styleSrc": true,
"objectSrc": true,
"scriptSrc": true,
"workerSrc": true,
"connectSrc": true,
"formAction": true,
"createdDate": "2018-10-30T07:06:22Z",
"description": "string",
"modifiedDate": "2018-10-30T07:06:22Z",
"connectSrcWSS": true,
"frameAncestors": true,
"id": "string"
}

Get a CSP

Returns details for a specific content security policy.

Facts

Rate limit Tier 1 (1000 requests per minute)
Categories embed

Path Parameters

  • idstring
    Required

    The CSP entry's unique identifier.

Responses

200

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • namestring

      The name for this entry.

    • imgSrcboolean

      Specifies valid sources of images and favicons.

    • originstring
      Required

      The origin that the CSP directives should be applied to.

    • fontSrcboolean

      Specifies valid sources for loading fonts.

    • childSrcboolean

      Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iFrame.

    • frameSrcboolean

      Specifies valid sources for loading nested browsing contexts using elements such as frame and iFrame.

    • mediaSrcboolean

      Specifies valid sources for loading media using the audio and video elements.

    • styleSrcboolean

      Specifies valid sources for stylesheets.

    • objectSrcboolean

      Specifies valid sources for the object, embed, and applet elements.

    • scriptSrcboolean

      Specifies valid sources for JavaScript.

    • workerSrcboolean

      Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

    • connectSrcboolean

      Restricts the URLs that can be loaded using script interfaces.

    • formActionboolean

      Allow forms to be submitted to the origin.

    • createdDatestring

      The UTC timestamp when the CSP entry was created.

    • descriptionstring

      The reason for adding this origin to the Content Security Policy.

    • modifiedDatestring

      The UTC timestamp when the CSP entry was last modified.

    • connectSrcWSSboolean

      Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://').

    • frameAncestorsboolean

      Specifies valid sources for embedding the resource using frame, iFrame, object, embed and applet.

    • idstring

      The CSP entry's unique identifier.

400

application/json

Bad Request

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

401

application/json

Unauthorized

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

403

application/json

Forbidden

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

404

application/json

Not found

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

503

application/json

Service Unavailable

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

GET /v1/csp-origins/{id}
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/{id}" \
-H "Authorization: Bearer <access_token>"

Response

{
"name": "string",
"imgSrc": true,
"origin": "string",
"fontSrc": true,
"childSrc": true,
"frameSrc": true,
"mediaSrc": true,
"styleSrc": true,
"objectSrc": true,
"scriptSrc": true,
"workerSrc": true,
"connectSrc": true,
"formAction": true,
"createdDate": "2018-10-30T07:06:22Z",
"description": "string",
"modifiedDate": "2018-10-30T07:06:22Z",
"connectSrcWSS": true,
"frameAncestors": true,
"id": "string"
}

Update a CSP

Updates a content security policy.

Facts

Rate limit Tier 2 (100 requests per minute)
Categories embed

Path Parameters

  • idstring
    Required

    The CSP entry's unique identifier.

Request Body

Required

application/json

  • application/jsonobject
    Show application/json properties
    • namestring

      The name for this entry.

    • imgSrcboolean

      Specifies valid sources of images and favicons.

    • originstring
      Required

      The origin that the CSP directives should be applied to.

    • fontSrcboolean

      Specifies valid sources for loading fonts.

    • childSrcboolean

      Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iFrame.

    • frameSrcboolean

      Specifies valid sources for loading nested browsing contexts using elements such as frame and iFrame.

    • mediaSrcboolean

      Specifies valid sources for loading media using the audio and video elements.

    • styleSrcboolean

      Specifies valid sources for stylesheets.

    • objectSrcboolean

      Specifies valid sources for the object, embed, and applet elements.

    • scriptSrcboolean

      Specifies valid sources for JavaScript.

    • workerSrcboolean

      Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

    • connectSrcboolean

      Restricts the URLs that can be loaded using script interfaces.

    • formActionboolean

      Allow forms to be submitted to the origin.

    • descriptionstring

      The reason for adding this origin to the Content Security Policy.

    • connectSrcWSSboolean

      Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://').

    • frameAncestorsboolean

      Specifies valid sources for embedding the resource using frame, iFrame, object, embed and applet.

Responses

200

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • namestring

      The name for this entry.

    • imgSrcboolean

      Specifies valid sources of images and favicons.

    • originstring
      Required

      The origin that the CSP directives should be applied to.

    • fontSrcboolean

      Specifies valid sources for loading fonts.

    • childSrcboolean

      Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iFrame.

    • frameSrcboolean

      Specifies valid sources for loading nested browsing contexts using elements such as frame and iFrame.

    • mediaSrcboolean

      Specifies valid sources for loading media using the audio and video elements.

    • styleSrcboolean

      Specifies valid sources for stylesheets.

    • objectSrcboolean

      Specifies valid sources for the object, embed, and applet elements.

    • scriptSrcboolean

      Specifies valid sources for JavaScript.

    • workerSrcboolean

      Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

    • connectSrcboolean

      Restricts the URLs that can be loaded using script interfaces.

    • formActionboolean

      Allow forms to be submitted to the origin.

    • createdDatestring

      The UTC timestamp when the CSP entry was created.

    • descriptionstring

      The reason for adding this origin to the Content Security Policy.

    • modifiedDatestring

      The UTC timestamp when the CSP entry was last modified.

    • connectSrcWSSboolean

      Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://').

    • frameAncestorsboolean

      Specifies valid sources for embedding the resource using frame, iFrame, object, embed and applet.

    • idstring

      The CSP entry's unique identifier.

400

application/json

Bad Request

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

401

application/json

Unauthorized

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

403

application/json

Forbidden

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

404

application/json

Not found

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

503

application/json

Service Unavailable

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

PUT /v1/csp-origins/{id}
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/{id}" \
-X PUT \
-H "Content-type: application/json" \
-H "Authorization: Bearer <access_token>" \
-d '{"name":"string","imgSrc":true,"origin":"string","fontSrc":true,"childSrc":true,"frameSrc":true,"mediaSrc":true,"styleSrc":true,"objectSrc":true,"scriptSrc":true,"workerSrc":true,"connectSrc":true,"formAction":true,"description":"string","connectSrcWSS":true,"frameAncestors":true}'

Request

{
"name": "string",
"imgSrc": true,
"origin": "string",
"fontSrc": true,
"childSrc": true,
"frameSrc": true,
"mediaSrc": true,
"styleSrc": true,
"objectSrc": true,
"scriptSrc": true,
"workerSrc": true,
"connectSrc": true,
"formAction": true,
"description": "string",
"connectSrcWSS": true,
"frameAncestors": true
}

Response

{
"name": "string",
"imgSrc": true,
"origin": "string",
"fontSrc": true,
"childSrc": true,
"frameSrc": true,
"mediaSrc": true,
"styleSrc": true,
"objectSrc": true,
"scriptSrc": true,
"workerSrc": true,
"connectSrc": true,
"formAction": true,
"createdDate": "2018-10-30T07:06:22Z",
"description": "string",
"modifiedDate": "2018-10-30T07:06:22Z",
"connectSrcWSS": true,
"frameAncestors": true,
"id": "string"
}

Delete a CSP

Deletes a specific content security policy.

Facts

Rate limit Tier 2 (100 requests per minute)
Categories embed

Path Parameters

  • idstring
    Required

    The CSP entry's unique identifier.

Responses

204

No Content response.

400

application/json

Bad Request

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

401

application/json

Unauthorized

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

403

application/json

Forbidden

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

404

application/json

Not found

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

503

application/json

Service Unavailable

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

DELETE /v1/csp-origins/{id}
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/{id}" \
-X DELETE \
-H "Authorization: Bearer <access_token>"

Retrieve CSP header

Retrieves the full content security policy header (including all configured policies and origins) for the tenant.

Facts

Rate limit Tier 1 (1000 requests per minute)
Categories embed

Header Parameters

  • Acceptstring

    The Accept request HTTP header indicates which content types, expressed as MIME types, the client is able to understand

    Can be one of: "application/json""text/plain"

Responses

200

text/plain

OK Response

  • text/plainstring

200

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • Content-Security-Policystring

      The compiled CSP header.

401

application/json

Unauthorized

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

406

application/json

Not Acceptable

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

503

application/json

Service Unavailable

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
        Required

        The unique code for the error.

      • titlestring
        Required

        A summary of what went wrong.

      • detailstring

        May be used to provide additional details.

GET /v1/csp-origins/actions/generate-header
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/actions/generate-header" \
-H "Authorization: Bearer <access_token>"

Response

"string"