Session-less Services (see OPC 10000-4) may be invoked via HTTPS POST.

The HTTP Authorization header is used to specify the UserIdentity used to determine what permissions are available to the caller. The Authorization header may specify a Basic token with a UserName/Password or a Bearer token (see RFC 6750) with an AccessToken provided by an AuthorizationService.

The HTTP Accept-Language header is used to specify the locales to use for the request. The locales are sorted based on their quality value and then by the order they appear in the header.

The Content-Type header in the HTTP request and response shall specify the DataEncoding of the message. Well known media types should be used to ensure interoperability with standard HTTP infrastructure. The application/opcua+uabinary media type is also defined, however, it is not registered with IANA and is only specified for backward compatibility.

Table 78 – HTTP Content-Type Header

Content-Type	Description
application/octet-streamapplication/opcua+uabinary	The body is encoded using the OPC UA Binary DataEncoding defined in 5.2.
application/soap+xml	The body is encoded using the XML DataEncoding defined in 5.3.
application/json	The body is encoded using the OPC UA JSON Compact DataEncoding defined in 5.4.

XML and JSON messages always use the UTF8 encoding. The charset parameter (i.e. ‘application/json; charset=utf-8’) may be appended to the media type to indicate this.

JSON messages may be compressed with RFC 1952. If compression is used the Content-Encoding HTTP Header is ‘gzip’.