Errata exists for this version of the document.

Session-less Services (see OPC 10000-4) may be invoked via HTTPS POST. The HTTP Authorization header in the Request shall have a Bearer token which is an Access Token provided by the Authorization Service. The Content-type of the HTTP request shall specify the encoding of the body. If the Content-type is application/opcua+uabinary then the body is encoded using the OPC UA Binary encoding (see 7.4.4). If the Content-type is application/opcua+uajson then body is encoded using the reversible form of the JSON encoding (see 7.4.5).

Note that the Content-type for OPC UA Binary encoded bodies for Session-less Services is different from the Content-type for Session-based Services specified in 7.4.4.