> ## Documentation Index
> Fetch the complete documentation index at: https://docs.gate.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Institution Headers

> Explains the required headers for institution APIs and how to use X-GatePay-On-Behalf-Of.

Institution APIs include dedicated institution endpoints and a full set of institution merchant APIs exposed under institution-prefixed paths. For the signature algorithm and verification rules, see [Security and Signature](/api-reference/version/100/en/common/securityAndSignature).

## Request headers

| Header                         | Required                              | Description                                                                                                                                                                                                                                                              |
| ------------------------------ | ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| X-GatePay-Certificate-ClientId | Yes                                   | The clientId assigned when the merchant registers an application in the Gate merchant console                                                                                                                                                                            |
| X-GatePay-Timestamp            | Yes                                   | UTC timestamp in milliseconds when the request is generated. GatePay will not process requests whose time difference from receipt exceeds 10 seconds                                                                                                                     |
| X-GatePay-Nonce                | Yes                                   | Random string. Recommended length within 32 characters, composed of digits and letters                                                                                                                                                                                   |
| X-GatePay-Signature            | Yes                                   | Request signature. GatePay uses this signature to verify whether the request is valid                                                                                                                                                                                    |
| X-GatePay-On-Behalf-Of         | Required on selected institution APIs | The initiating account ID for the current request. Institution merchant APIs typically use the target sub-account ID; charge and transfer APIs can use either an institution account ID or a sub-account ID. It is not used by the account APIs or the fee-setting APIs. |

## Endpoints that do NOT require X-GatePay-On-Behalf-Of

The following dedicated institution APIs are **institution master-account–scoped**. Do **not** send **X-GatePay-On-Behalf-Of** in the request header; the first four common headers are sufficient:

**Accounts**

* Create sub-account
* Query sub-account
* List sub-accounts (paginated)

Charge APIs, transfer APIs, and institution merchant APIs **must** include **X-GatePay-On-Behalf-Of**. Institution merchant APIs typically use the target sub-account ID; charge and transfer APIs can use the initiating account ID for the current transaction (either an institution account ID or a sub-account ID). Account APIs and fee-setting APIs do not use this header.