From 8b97d933b952038b3b1ed38121cfb0e921356fc3 Mon Sep 17 00:00:00 2001
From: Lusa Zhan <101276749+lusayaa@users.noreply.github.com>
Date: Thu, 23 Jan 2025 14:56:11 -0500
Subject: [PATCH] Include section on cleartext req/resp headers (#1377)

* Include section on cleartext req/resp headers

To match IETF spec

* Specify outer vs inner http layers

* Update FLEDGE_Key_Value_Server_API.md

Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com>

* Update FLEDGE_Key_Value_Server_API.md

Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com>

---------

Co-authored-by: Paul Jensen <JensenPaul@users.noreply.github.com>
---
 FLEDGE_Key_Value_Server_API.md | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/FLEDGE_Key_Value_Server_API.md b/FLEDGE_Key_Value_Server_API.md
index 4dd6497f7..8a1ae97be 100644
--- a/FLEDGE_Key_Value_Server_API.md
+++ b/FLEDGE_Key_Value_Server_API.md
@@ -61,9 +61,20 @@ For more information on the design, please refer to [the trust model explainer](
 
 ![V2 API diagram](assets/fledge_kv_server_v2_api.png)
 
-HTTPS is used to transport data. The method is `POST`.
+The request contains an outer HTTP layer with an inner [Oblivious HTTP](https://datatracker.ietf.org/doc/draft-ietf-ohai-ohttp/) layer.
 
-The HTTP POST body is encrypted.
+
+### Outer HTTP layer
+For the outer HTTP layer:
+* HTTPS is used to transport data.
+* The HTTP method is `POST`.
+* Requests specify Content types via these headers:
+   ```
+   Content-Type: message/ad-auction-trusted-signals-request
+   Accept: message/ad-auction-trusted-signals-response
+   ```
+
+### Inner HTTP layer
 
 #### Encryption