# Request Headers

## Authentication Headers

Most requests to the Dfns API need to be authenticated, and will need to include the following additional headers:

<table><thead><tr><th width="267.36734693877554">Header</th><th>Description</th></tr></thead><tbody><tr><td><code>Authorization: Bearer &#x3C;token></code></td><td>An authentication token (see <a data-mention href="../authentication-authorization#get-an-authentication-token">#get-an-authentication-token</a>)</td></tr></tbody></table>

## User Action Signature Header

Most requests that change the state within the Dfns system (non-GET requests basically) need to be signed (see [user-action-signing](https://docs-legacy.dfns.co/d/api-docs/authentication/user-action-signing "mention")) by the user's credential, and require the following additional header:

<table><thead><tr><th width="289">Header</th><th>Description</th></tr></thead><tbody><tr><td><code>X-DFNS-USERACTION: &#x3C;user-action-signature></code></td><td>A one time token you got after the <a data-mention href="../../api-docs/authentication/user-action-signing">user-action-signing</a> flow</td></tr></tbody></table>

## Registration Headers

Similar to authenticated endpoints, the `Complete User Registration` endpoint needs an authentication token. This token is passed in the `Authentication` header:

<table><thead><tr><th width="267.36734693877554">Header</th><th>Description</th></tr></thead><tbody><tr><td><code>Authorization: Bearer &#x3C;token></code></td><td>The temporary authentication token returned from <a data-mention href="../../../api-docs/authentication/registration/inituserregistration#responses">#responses</a></td></tr></tbody></table>