See below the request headers and response codes of Youforce API.

Request headers

Header Name Description
Cache-Control The Cache-Control general-header field is used to specify directives that MUST be obeyed by all caching mechanisms along the request/response chain. In our authentication request the header is mandatory with the value. Cache-Control: no-cache
Content-Type The content type of the resource in case the request has content in the body. Example: Content-Type:multipart/form-data;boudary=<calculated when request is sent>
Authorization A valid access token required for authorization
Accept The Accept request-header can be used to specify the media types which are acceptable for the response. Example: Accept:application/json

Response codes

Type Responses Situation
Success Codes 200 OK Synchronous read, update, and delete operations
201 Created Synchronous create requests  
202 Accepted A-synchronous operations  
204 No Content Referring to non-existing entity (e.g. after delete)  
Invalid Request Errors 400 Bad request Bad Request (e.g. validation errors)
401 Unauthorized Not Authorized: Missing or invalid access token  
403 Forbidden Not Authorized: Authenticated, but user has no access to the API  
404 Not Found Invalid URL: Item does not exist (anymore). The canonical identifier (collection/{canonical id}) cannot be found. Not Authorized: Authenticated, access to api, but user has no access to to the resource (data authorization). From a security standpoint we don’t expose the reason why the object could not be found because an attacker can use this to figure out the internals of our system.  
409 Conflict Concurrency problem: Record changed by another user  
Server Errors 500 Internal server error Server Error (e.g. database failure, event could not be send)
503 Service unavailable Server Error (resource temporary not available)