# Custom headers
# About this guide
Follow this guide to learn how to use the X-TrustedTwin custom header to enhance the rule functionality through using variables passed by the user in the request.
The guide contains the following sections:
| Section | Contents |
|---|---|
X-TrustedTwin custom header | Introduction to the X-TrustedTwin custom header. |
| Introduction | Context and goals of the scenario. |
| Preparation | In this section we create a role, a user, and a Twin. We will use these objects to illustrate how the X-TrustedTwin custom header works. |
| Scenarios | Example scenarios using the X-TrustedTwin header. |
In this guide we use cURL to provide examples. For more information about cURL, please see our cURL quickstart guide.
# X-TrustedTwin custom header
The X-TrustedTwin header enhances the rule functionality through using variables passed by the user in the request to the Trusted Twin API. To learn more about the X-TrustedTwin custom header, please consult the Custom headers section.
# About the scenarios
In our scenarios, we want a user only to be able to access a Twin if the Twin serial number in the description of a Twin is equal to the serial number passed in the X-TrustedTwin header in the request. This way there is no need to create multiple users (one per Twin) to allow for this level of access granularity.
# Preparation
First, let's create a role. The role should allow to access a given Twin only if the serial number passed in the X-TrustedTwin header (DICT.serial) is equal to the serial number of the Twin (TWIN.serial):
Next, let's create a user with this role:
And let's create a Twin with the serial number 123 ({"serial": "123"}):
# Scenarios
Let's test what the user can see depending on the X-TrustedTwin header passed in the request to retrieve the Twin.
# No X-TrustedTwin header in the request
Let's start with a request where we don't pass the X-TrustedTwin header:
The response returns a 403 status code and information that the Twin is not accessible:
# Request with X-TrustedTwin header {"serial": "123"}
Next, let's pass the encoded {"serial": "123"} dictionary in the X-TrustedTwin header (eyJzZXJpYWwiOiAiMTIzIn0=):
The response returns the details of the Twin:
# Request with X-TrustedTwin header {"serial": "345"}
Next, let's try to pass the encoded {"serial": "345"} dictionary in the X-TrustedTwin header (eyJzZXJpYWwiOiAiMzQ1In0=):
The response returns a 403 status code with information that the Twin is not accessible to the user:
# Resources
Please consult the Custom headers section for more information on the X-TrustedTwin custom header.
Was this article helpful?