Fetch static content

Fetch default content from a browser or device.

POST
https://api.croct.io/client/web/static-content

Retrieves the default content of a slot without applying audience targeting, experience evaluation, or experiment assignment. Use it for predictable, cacheable responses when personalization context is not available.

This is the client-side variant, intended for calls originating from a browser or device. It authenticates with the public application ID, enforces CORS checks against the application’s trusted origins, and applies rate limits tuned for browser traffic. For calls from your backend, use the server-side variant instead.

Example

Here is an example of how to fetch static content:

12345678910111213141516
const response = await fetch('https://api.croct.io/client/web/static-content', {  method: 'POST',  headers: {    'Content-Type': 'application/json',    'X-App-Id': '<APP ID>',    'X-Client-Id': '<CLIENT ID>',  },  body: JSON.stringify({    slotId: 'home-hero',    version: '1',    preferredLocale: 'en-us',    includeSchema: true,  }),});
const {content, metadata} = await response.json();

Request headers

This endpoint accepts the following HTTP headers:

Content-Type
string

Must be application/json.

X-App-Id
string

The public application ID to use for client-side requests.

X-Client-Id(optional)
string

The ID of the client, in the form of a UUID.

This must be a persistent identifier that uniquely identifies the browser or device across sessions.

Either X-Client-Id or X-Token must be present.

X-Token(optional)
string

A base64-encoded JSON Web Token (JWT) that identifies the user.

When the application enforces signed tokens, the JWT must be signed using an API key with the Issue user tokens permission, or the request fails with an authorization error.

Either X-Client-Id or X-Token must be present.

X-Client-Library(optional)
string

The SDK name and version, such as Croct SDK JS v0.20.0.

Used for usage statistics and feature switching to preserve backward compatibility across SDK versions.

Origin(optional)
string

The origin of the request.

Must match one of the application’s trusted origins. Browsers set this header automatically.

Parameters

This endpoint accepts the following JSON body parameters:

slotId
string

The ID of the slot to fetch, such as hero-banner.

version(optional)
string

The schema version of the slot to fetch, in major or major.minor format, such as 1 or 1.2.

Defaults to the latest version when omitted.

preferredLocale(optional)
string|null

The locale code of the content to fetch.

The code consists of a two-part string that specifies the language and, optionally, the country. For example, en represents English, en-us stands for English (United States), and pt-br for Portuguese (Brazil). It is case-insensitive and supports both hyphens and underscores as separators to accommodate the different conventions used by browsers, libraries, and other systems.

Falls back to the slot’s default locale when the preferred locale is unsupported or omitted. Pass null to explicitly use the default.

includeSchema(optional)
boolean

Whether to include the slot’s content schema in metadata.schema.

Default:false

Response

The service can respond with either 200 OK or 202 Accepted status code.

200 OK

Returns the requested content in a JSON body with the following properties:

content
object

The slot’s default content.

The shape is defined by the slot’s content schema, plus a reserved _component field.

_component
string|null

The component identifier and major version, such as hero-banner@1.

Is null when no component is associated with the slot.

metadata
object

Metadata describing the returned content.

version
string

The resolved slot schema version.

contentSource
string

Always slot for static content requests, since neither audience targeting nor experiments are applied.

schema(optional)

The slot’s content schema definition.

Human-readable labels and descriptions are omitted from the returned schema for security reasons, since they may contain sensitive business information.

This property is included only when the request set includeSchema to true.

Example response

Here is an example of a JSON response from this endpoint:

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849
{  "content": {    "_component": "home-hero@1",    "heading": "Welcome to Acme",    "cta": {      "label": "Get started",      "link": "https://example.com/signup"    }  },  "metadata": {    "version": "1.0",    "contentSource": "slot",    "schema": {      "root": {        "type":"structure",        "title":"Hero",        "attributes": {          "heading": {            "position":0,            "type": {              "type":"text"            }          },          "cta": {            "position":1,            "type": {              "type":"structure",              "attributes": {                "label":{                  "position":0,                  "type":{                    "type":"text"                  }                },                "link": {                  "position":1,                  "type": {                    "type":"text"                  }                }              }            }          }        }      },      "definitions": {}    }  }}

202 Accepted

The request is accepted but the service is suspended and returns no content. Clients should treat this as a traffic control signal, not an error, and fall back to default behavior. The suspension reason is indicated by the X-Suspension-Reason header:

X-Suspension-Reason(optional)
string

The reason the API returned an empty response. The possible values are:

ValueDescription
tracking_and_personalization_suspendedThe workspace has suspended services.