Resource URL:
HEAD https://api.ft.com/access/{contentPath}
For security reasons requests must be made over HTTPS.
Header | Value | Required |
OriginHost | Host from which to retrieve the access metadata as described here. Examples that are currently in use: www.ft.com, blogs.ft.com, ftalphaville.ft.com,presscuttings.ft.com,ft-next-classification-api-eu.herokuapp.com,ft-next-classification-api-us.herokuapp.com |
Yes |
x-api-key | This is the key that is required to authenticate API clients that access the particular resource. | Yes |
True-Client-IP | The user agents ip address | Yes |
User-Agent | The original user agent | No |
Referer | The address of the webpage that linked to the resource being requested | No |
Pragma | An optional Pragma header which instructs Access to respond with the authorisation decision within the response header FT-Access-Decision. Value: FT-Access-Remote-Auth |
No |
Cookie | Cookie used to identity a user. If present, an authorisation decision is made for the user identified by this cookie (provided the session token is valid). Value: FTSession={SessionTokenValue} |
No |
Cookie | The FCF (First Click Free) cookie provided by the browser. FCF is an access policy that allows limited time-based access to paid-for FT content. The cookie is created at first request and updated on every successful request afterwards. Resulting in content acceptance through the FCF policy. The cookie expires after 24 hours after the last successful request, at which point the user’s FCF count is reset for access through all privileged domains on that browser. Example value: ft_access_c={FCFValue} |
No |
FT-First-Click-Free | An alternative to passing the full ft_access_c cookie you can supply the ft_access_c cookie value in this request header instead of the ft_access_c cookie. | No |
X-FT-Content-Classification |
The Content Classification (if known). Should be used with the X-FT-UID header below. Access will not make a metadata request if this is provided. A metadata request contains the regex of the content path and it’s corresponding Content Classification. More information here.
|
No |
X-FT-UID | The uuid of the content (if known, hence, optional). If this header has been chosen to be supplied, the X-FT-Content-Classification header must also be supplied for this header to take effect. Example value: {UUID} |
No |
Example:
HEAD https://api.ft.com/access/cms/s/0/ae91248c-87e0-11e1-b1ea-00144feab49a.html HTTP/1.1 OriginHost: www.ft.com Pragma: FT-Access-Remote-Auth User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 True-Client-IP: 90.197.159.111 Referer: http://www.ft.com
HTTP Status | Description |
302 Found | Access has made a DENIED authorisation decision and the response contains a Location header pointing to a page that gives user subscription options that may be used to gain access. Example URL: https://subscribe.ft.com/barrier/logic?location={content url}&classification={content classification} |
200 OK | Access has made a GRANTED authorisation decision. Or, If the request contained the Pragma header FT-Access-Remote-Auth, the response will contain a FT-Access-Decision header with the value GRANTED or DENIED. |
Value | Description |
CONDITIONAL_PREMIUM | Content requested is for Premium subscribers ONLY. Content type is Premium articles (/cms/s/3), Presscuttings, FastFT |
CONDITIONAL_PREMIUM_UNCOUNTED | Content requested is for Premium subscribers ONLY |
CONDITIONAL_STANDARD | Content is accessible to Standard and Premium subscribers, can be accessed by registered users for up to 8 UNIQUE counts |
CONDITIONAL_STANDARD_UNCOUNTED | Content is accessible to Standard and Premium subscribers ONLY |
CONDITIONAL_REGISTERED | Content is accessible to anonymous users up to 8 UNIQUE counts |
CONDITIONAL_REGISTERED_UNCOUNTED | Content is accessible to all digital subscribers (Registered, Standard and Premium) |
CONDITIONAL_ALPHAVILLE_LONGROOM | Content is from FT Alphaville |
UNCONDITIONAL | Content is accessible to all (even to anonymous users) |
UNKNOWN | Content requested classification is unknown |
Value | Description |
TEMP_BLOGS_POLICY | As the name suggests, this is a temporary policy added to aid the migration of blogs over to use remote auth. Once blogs are permanently under remote auth and no longer make mockingbird requests directly to access, this policy will be removed. As it currently stands, this policy will GRANT access if a mockingbird call is detected via the request user agent. |
UNCONDITIONAL_CONTENT_POLICY | If the content classification of the resource is found to be unconditional, then access will GRANT. |
GIFT_ARTICLE_POLICY | If the request contains a gift article cookie, which has not expired and has been verified by the gift article public key, access will GRANT. |
CORPORATE_IP_POLICY | An ip address associated with a corporation is linked to a set of products. If the set of products available to the request ip matches the content classification of the article access will GRANT. |
USER_AGENT_POLICY | If the user agent header included in the request matches a white list of user agents used by web crawlers access will GRANT. |
SUBSCRIPTION_POLICY | If the request contains a valid FT_Session cookie and the content classification of the article matches the product the user has a subscription for, access will GRANT. |
PRIVILEGED_REFERER_POLICY | If the request contains a referrer header which is privileged, but is not in the blocked referrer black list, and a privilege referrer cookie either exists with a granted count less than the max number allowed or is absent, then access will GRANT. |
COUNTED_CONTENT_POLICY | If the content classification of the article is counted and the user has an active account (has an activation date) the user’s content views for the current viewing window (A user’s viewing window resets on the 1st of each month (00:00 UTC)) are retrieved from the access database.
|
DENY_POLICY | If the content classification is considered ‘UNKNOWN’ the access decision will remain ‘INDETERMINATE’, otherwise access will DENY. |
DELEGATED_TO_RENDER | If the content classification is considered ‘UNKNOWN’ Decision source will be RENDER. |
CONCURRENCY_POLICY | If session is invalid for concurrency then access will DENY. |
Value | Description |
GRANTED | Access has provided access to resource. |
DENIED | Access has denied access to resource. |
If unsuccessful, this method returns a Location header.
Access Denied
Response Header | Value |
Location | https://subscribe.ft.com/barrier/logic?location={content url}&classification={content classification} |
Example:
HTTP/1.1 302 Location: https://subscribe.ft.com/barrier/logic?location=http%3A%2F%2Fwww.ft.com%2Fcms%2Fs%2F0%2F2d2e6ec0-b39e-11e5-b147-e5e5bba42e51.html&referer=&classification=conditional_standard
If successful, this method returns headers pertaining to the access decision.
Response Header | Possible Values |
FT-Access-Decision | Describes whether the request is authorised to access the content. GRANTED |
FT-Access-Content-Classification | Describes the content classification of the requested resource provided by the content service. Values are described here. CONDITIONAL_PREMIUM, CONDITIONAL_PREMIUM_UNCOUNTED, CONDITIONAL_STANDARD, CONDITIONAL_STANDARD_UNCOUNTED, CONDITIONAL_REGISTERED, CONDITIONAL_REGISTERED_UNCOUNTED, CONDITIONAL_ALPHAVILLE_LONGROOM, UNCONDITIONAL UNKNOWN |
FT-Access-Decision-Policy | Describes the internal access policy that granted or finally denied access to the requested resource. Values are described here. TEMP_BLOGS_POLICY, UNCONDITIONAL_CONTENT_POLICY, GIFT_ARTICLE_POLICY, CORPORATE_IP_POLICY, USER_AGENT_POLICY, SUBSCRIPTION_POLICY, PRIVILEGED_REFERER_POLICY, COUNTED_CONTENT_POLICY, DENY_POLICY DELEGATED_TO_RENDER CONCURRENCY_POLICY |
Example:
HTTP/1.1 200 FT-Access-Decision: GRANTED FT-Access-Content-Classification: CONDITIONAL_STANDARD FT-Access-Decision-Policy: GIFT_ARTICLE_POLICY
If the user session does not have the capability to access supplied content path.
Response Header | Possible Values |
FT-Access-Decision | DENIED |
FT-Access-Content-Classification | Describes the content classification of the requested resource provided by the content service. Values are described here. CONDITIONAL_PREMIUM, CONDITIONAL_PREMIUM_UNCOUNTED, CONDITIONAL_STANDARD, CONDITIONAL_STANDARD_UNCOUNTED, CONDITIONAL_REGISTERED, CONDITIONAL_REGISTERED_UNCOUNTED, CONDITIONAL_ALPHAVILLE_LONGROOM, UNCONDITIONAL UNKNOWN |
FT-Access-Decision-Policy | Describes the internal access policy that granted or finally denied access to the requested resource. Values are described here. TEMP_BLOGS_POLICY, UNCONDITIONAL_CONTENT_POLICY, GIFT_ARTICLE_POLICY, CORPORATE_IP_POLICY, USER_AGENT_POLICY, SUBSCRIPTION_POLICY, PRIVILEGED_REFERER_POLICY, COUNTED_CONTENT_POLICY, DENY_POLICY DELEGATED_TO_RENDER CONCURRENCY_POLICY |
FT-Session-Status | Describes the state of the FTSession if it is supplied in the request and Access responds with a denied decision. ABSENT, EXPIRED, REVOKED, CONCURRENCY, CORRUPT, OTHER |
Example:
HTTP/1.1 200 FT-Access-Decision: DENIED FT-Access-Content-Classification: CONDITIONAL_PREMIUM FT-Access-Decision-Policy: CONCURRENCY_POLICY
If the user sends a request without the Pragma header. The service will return a 200 status code response without a response body. Only default response headers will be returned, without any additional response headers.
Example:
HTTP/1.1 200