# Custom headers
# About this guide
Follow this guide to learn how to use the X-TrustedTwin custom header to enhance the rule functionality through using variables passed by the user in the request.
This guide contains the following sections:
| Section | Contents |
|---|---|
X-TrustedTwin custom header | Introduction to the X-TrustedTwin custom header. |
| Introduction | Context and goals of the scenario. |
| Preparation | In this section we create a role, a user, and a Twin which we will use in the following section to illustrate how the X-TrustedTwin custom header works. |
| Scenarios | Example scenarios using the `X-TrustedTwin header |
In this tutorial we use cURL to provide examples. For more information about cURL, please consult the introduction to our cURL quickstart guide.
# X-TrustedTwin custom header
The X-TrustedTwin header enhances the rule functionality through using variables passed by the user in the request to the Trusted Twin API. To learn more about this custom header, please consult the Custom headers section.
# About the scenarios
In our scenarios, we want a user only to be able to access a Twin if the Twin serial number in the description of a Twin is equal to the serial number passed in the X-TrustedTwin header in the request. This way there is no need to create multiple users (one per Twin) to allow for this level of access granularity.
# Preparation
First, let's create a role that allows to access a given Twin only if the serial number passed in the X-TrustedTwin header (DICT.serial) is equal to the serial number of the Twin (TWIN.serial):
Next, let's create a user with this role:
And let's create a Twin with the serial number 123 ({"serial": "123"}):
# Scenario
Let's test what the user can see depending on the X-TrustedTwin header passed in the request to retrieve the Twin.
# No X-TrustedTwin header in the request
Let's start with a request where we don't pass the X-TrustedTwin header:
The response returns a 403 status code and information that the Twin is not accessible:
# Request with X-TrustedTwin header {"serial": "123"}
Next, let's pass the encoded {"serial": "123"} dictionary in the X-TrustedTwin header (eyJzZXJpYWwiOiAiMTIzIn0=):
The response returns the details of the Twin:
# Request with X-TrustedTwin header {"serial": "345"}
Next, let's try to pass the encoded {"serial": "345"} dictionary in the X-TrustedTwin header (eyJzZXJpYWwiOiAiMzQ1In0=):
The response returns a 403 status code with information that the Twin is not accessible to the user:
# Resources
Please consult the Custom headers section for more information on the X-TrustedTwin custom header.