2 min read
The four headers that matter
Accept: application/json— guarantees a JSON body even on errors.Content-Type: application/json— required onPOST/PUTbodies.Idempotency-Key: <uuid>— makes a retried POST safe to send twice (see idempotency).User-Agent: my-app/1.4 (+https://example.com)— lets support correlate your calls.
Set them once
Centralise headers in one place — a base client, an interceptor or a wrapper function — so every call is consistent:
const base = (extra = {}) => ({
Accept: 'application/json',
'User-Agent': 'my-app/1.4',
...extra,
});
// GET
fetch(url, { headers: base() });
// POST
fetch(url, {
method: 'POST',
headers: base({ 'Content-Type': 'application/json', 'Idempotency-Key': crypto.randomUUID() }),
body: JSON.stringify(payload),
});
Frequently asked questions
What if I forget the Accept header?
The API still returns JSON for API routes, but sending Accept: application/json is the contract and protects you if content negotiation ever changes.
Is Idempotency-Key needed on GET?
No. GETs are already idempotent. Add the key to POSTs that create or submit something, such as enquiries.
Why a custom User-Agent?
When you contact support, a descriptive User-Agent plus the request_id lets the team find your exact call quickly. Default library agents are anonymous.
Related reading

Quickstart: use idempotency keys on write requests
An Idempotency-Key header makes a POST safe to retry. Generate one UUID per logical operation, send it with…
Read →
Quickstart: choose the right base URL — sandbox vs production
Every Credicorp API integration should read its base host from configuration, never hard-code it. Development…
Read →
Quickstart: handle Credicorp API error responses
Every Credicorp API error uses the same envelope: { error: { type, code, message, request_id } }. Branch on…
Read →
Quickstart: call the Credicorp public API from Node.js
Node 18+ ships a global fetch, so you can call the Credicorp public API with zero dependencies. This…
Read →Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.