REST APIs: custom HTTP headers vs URL parameters

Question

When do you use custom HTTP headers in the request part of a REST API ?

Example:

Would you ever use

GET /orders/view 
(custom HTTP header)          


        

Answer 1

When do you use...HTTP headers in the request part of a REST API?

Authentication: GUIDs, basic authentication, custom tokens, etc. e.g., Basic Authentication with a Guid token for REST api instead of username/password

If you get involved in passing tokens or other authentication-like information between domains covered by PCI-DSS or other security rules you may also have to bury parameters because some regulations explicitly require authentication elements to stay out of URLs that could be trivially replayed (from browser histories, proxy logs, etc.).