Fetch static content

Fetch default content from a browser or device.

POST
https://api.croct.io/client/web/static-content

Retrieves the default content of a slot without applying audience targeting, experience evaluation, or experiment assignment. Use it for predictable, cacheable responses when personalization context is not available.

This is the client-side variant, intended for calls originating from a browser or device. It authenticates with the public application ID, enforces CORS checks against the application's trusted origins, and applies rate limits tuned for browser traffic. For calls from your backend, use the server-side variant instead.

Example

Here is an example of how to fetch static content:

12345678910111213141516
const response = await fetch('https://api.croct.io/client/web/static-content', {  method: 'POST',  headers: {    'Content-Type': 'application/json',    'X-App-Id': '<APP ID>',    'X-Client-Id': '<CLIENT ID>',  },  body: JSON.stringify({    slotId: 'home-hero',    version: '1',    preferredLocale: 'en-us',    includeSchema: true,  }),});
const {content, metadata} = await response.json();

Request headers

This endpoint accepts the following HTTP headers:

Content-Type
string

Must be application/json.

X-App-Id
string

The public application ID to use for client-side requests.

X-Client-Id(optional)
string

The ID of the client, in the form of a UUID.

This must be a persistent identifier that uniquely identifies the browser or device across sessions.

Either X-Client-Id or X-Token must be present.

X-Token(optional)
string

A base64-encoded JSON Web Token (JWT) that identifies the user.

When the application enforces signed tokens, the JWT must be signed using an API key with the Issue user tokens permission, or the request fails with an authorization error.

Either X-Client-Id or X-Token must be present.

X-Client-Library(optional)
string

The SDK name and version, such as Croct SDK JS v0.20.0.

Used for usage statistics and feature switching to preserve backward compatibility across SDK versions.

Origin(optional)
string

The origin of the request.

Must match one of the application's trusted origins. Browsers set this header automatically.

Parameters

This endpoint accepts the following JSON body parameters:

slotId
string

The ID of the slot to fetch, such as hero-banner.

version(optional)
string

The schema version of the slot to fetch, in major or major.minor format, such as 1 or 1.2.

Defaults to the latest version when omitted.

preferredLocale(optional)
string|null

The locale code of the content to fetch.

The code consists of a two-part string that specifies the language and, optionally, the country. For example, en represents English, en-us stands for English (United States), and pt-br for Portuguese (Brazil). It is case-insensitive and supports both hyphens and underscores as separators to accommodate the different conventions used by browsers, libraries, and other systems.

Falls back to the slot's default locale when the preferred locale is unsupported or omitted. Pass null to explicitly use the default.

includeSchema(optional)
boolean

Whether to include the slot's content schema in metadata.schema.

Default:false

Response headers

X-Suspension-Reason(optional)
string

The reason the API returned an empty response.

When the workspace has suspended services, the API returns 202 Accepted with an empty body and this header. Clients should treat this as a traffic control signal, not an error, and fall back to default behavior.

The possible values are:

ValueDescription
tracking_and_personalization_suspendedThe workspace has suspended services.

Response

This endpoint returns a JSON response with the following properties:

content
object

The slot's default content.

The shape is defined by the slot's content schema, plus a reserved _component field.

_component
string|null

The component identifier and major version, such as hero-banner@1.

Is null when no component is associated with the slot.

metadata
object

Metadata describing the returned content.

version
string

The resolved slot schema version.

contentSource
string

Always slot for static content requests, since neither audience targeting nor experiments are applied.

schema(optional)
Schema

The slot's content schema definition.

Human-readable labels and descriptions are omitted from the returned schema for security reasons, since they may contain sensitive business information.

This property is included only when the request set includeSchema to true.

Example response

Here is an example of a JSON response from this endpoint:

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849
{  "content": {    "_component": "home-hero@1",    "heading": "Welcome to Acme",    "cta": {      "label": "Get started",      "link": "https://example.com/signup"    }  },  "metadata": {    "version": "1.0",    "contentSource": "slot",    "schema": {      "root": {        "type":"structure",        "title":"Hero",        "attributes": {          "heading": {            "position":0,            "type": {              "type":"text"            }          },          "cta": {            "position":1,            "type": {              "type":"structure",              "attributes": {                "label":{                  "position":0,                  "type":{                    "type":"text"                  }                },                "link": {                  "position":1,                  "type": {                    "type":"text"                  }                }              }            }          }        }      },      "definitions": {}    }  }}