# Cookie API
> Parse and build HTTP cookies. The parse endpoint reads a Set-Cookie header into its name, value and structured attributes — Domain, Path, Expires, Max-Age, Secure, HttpOnly, SameSite, Priority and Partitioned — or, with mode=cookie, splits a request Cookie header like "a=1; b=2; c=3" into an ordered list and a name→value map. The serialize endpoint builds a correct Set-Cookie string from simple fields, with sensible defaults (Path=/), proper date formatting for Expires, optional URL-encoding of the value, and validation of the cookie name, the date and the enum attributes — and it automatically adds Secure when SameSite=None, as browsers require. Everything is computed locally and deterministically, so it is instant and private. Ideal for web frameworks and middleware, API debugging and proxies, session and consent tooling, testing and security review. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. This parses and builds cookie strings; it does not fetch a URL — to inspect a live site's response headers use a security-headers or HTTP API.

## Authentication
All requests require your oanor API key in the `x-oanor-key` header. Get one at https://www.oanor.com/developer/keys.

```bash
curl -H "x-oanor-key: oanor_live_…" "https://api.oanor.com/cookie-api/..."
```

## Pricing
- **Free** (Free) — 2,235 calls/Mo, 2 req/s
- **Starter** ($4/Mo) — 11,750 calls/Mo, 8 req/s
- **Pro** ($24/Mo) — 168,500 calls/Mo, 20 req/s
- **Mega** ($62/Mo) — 885,000 calls/Mo, 50 req/s

## Endpoints

### Cookie

#### `GET /v1/parse` — Parse a cookie

**Parameters:**
- `cookie` (query, required, string) — The Set-Cookie string (or a Cookie header) Example: `sid=abc; Path=/; Secure; HttpOnly; SameSite=Lax`
- `mode` (query, optional, string) — 'set' (default) or 'cookie' for a request Cookie header

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/cookie-api/v1/parse?cookie=sid%3Dabc%3B+Path%3D%2F%3B+Secure%3B+HttpOnly%3B+SameSite%3DLax"
```

**Response:**
```json
{
    "data": {
        "mode": "set",
        "name": "sid",
        "value": "abc",
        "secure": true,
        "http_only": true,
        "same_site": "Lax",
        "attributes": {
            "path": "/",
            "secure": true,
            "httpOnly": true,
            "sameSite": "Lax"
        }
    },
    "meta": {
        "timestamp": "2026-06-03T09:25:04.586Z",
        "request_id": "33d14055-80f2-4700-bb40-9157bcb95394"
    },
    "status": "ok",
    "message": "Parse a cookie",
    "success": true
}
```

#### `GET /v1/serialize` — Build a Set-Cookie

**Parameters:**
- `name` (query, required, string) — Cookie name Example: `sid`
- `value` (query, optional, string) — Cookie value Example: `abc`
- `domain` (query, optional, string) — Domain
- `path` (query, optional, string) — Path (default /)
- `max_age` (query, optional, string) — Max-Age in seconds Example: `3600`
- `expires` (query, optional, string) — Expires date
- `same_site` (query, optional, string) — Strict | Lax | None Example: `Lax`
- `priority` (query, optional, string) — Low | Medium | High
- `secure` (query, optional, string) — true to add Secure
- `http_only` (query, optional, string) — true to add HttpOnly
- `partitioned` (query, optional, string) — true to add Partitioned
- `encode` (query, optional, string) — true to URL-encode the value

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/cookie-api/v1/serialize?name=sid&value=abc&max_age=3600&same_site=Lax"
```

**Response:**
```json
{
    "data": {
        "name": "sid",
        "value": "abc",
        "set_cookie": "sid=abc; Path=/; Max-Age=3600; SameSite=Lax"
    },
    "meta": {
        "timestamp": "2026-06-03T09:25:04.665Z",
        "request_id": "5122de44-639a-4023-80ba-6d183d6a1049"
    },
    "status": "ok",
    "message": "Build a Set-Cookie",
    "success": true
}
```

### Meta

#### `GET /v1/meta` — Spec

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/cookie-api/v1/meta"
```

**Response:**
```json
{
    "data": {
        "name": "Cookie API",
        "notes": "Parsing is lenient (it does not reject malformed input); serializing validates the name, dates and enum attributes, and adds Secure automatically when SameSite=None. Nothing is stored.",
        "version": "v1",
        "endpoints": [
            {
                "path": "/v1/parse",
                "params": {
                    "mode": "'set' (default) for Set-Cookie, or 'cookie' for a request Cookie header",
                    "cookie": "the Set-Cookie string (or a Cookie header)"
                },
                "returns": "the parsed name, value and attributes (or the cookie list/map)"
            },
            {
                "path": "/v1/serialize",
                "params": {
                    "name": "cookie name (required)",
                    "path": "Path (default /)",
                    "value": "cookie value",
                    "domain": "Domain",
                    "encode": "true to URL-encode the value",
                    "secure": "true to add Secure",
                    "expires": "Expires date",
                    "max_age": "Max-Age in seconds",
                    "priority": "Low | Medium | High",
                    "http_only": "true to add HttpOnly",
                    "same_site": "Strict | Lax | None",
                    "partitioned": "true to add Partitioned"
                },
                "returns": "the Set-Cookie header string"
            },
            {
…(truncated, see openapi.json for full schema)
```


---
Marketplace page: https://www.oanor.com/api/cookie-api
OpenAPI spec: https://www.oanor.com/api/cookie-api/openapi.json