I'm working on a set of web services for a mobile client, and the requirements call for a unique device id to be included with all requests, to be stored in certain requests, and used to filter results in others.
A suggestion was made that it be put in a custom HTTP header since it will be included with all requests, so I began to wonder what criteria might be used to determine if a given piece of data belongs in a header or along with other data in the request body.
Is there any such criteria?
Best Answer
When the information is important, you should put it into the body.
Why?