HTTP Request Node
The HTTP Request node makes external API calls to integrate with third-party services, retrieve data from web endpoints, or trigger external workflows. It supports multiple authentication methods, flexible request configuration, and proxy server routing for enterprise networks. Response handling includes automatic JSON parsing, header extraction, and status code capture.
How It Works
When the node executes, it constructs an HTTP request using the configured URL, method, headers, and body content. If authentication is configured, the node automatically adds the appropriate headers or credentials to the request. The node sends the request to the target endpoint and waits for a response.
Upon receiving a response, the node processes it according to the specified response type. JSON responses are automatically parsed into structured formats. Text or raw responses are preserved as-is. When response header inclusion is enabled, the node packages the response body, headers, and status code together. The processed response is stored in the specified output variable for downstream nodes.
The node supports proxy server routing for corporate networks, SSL certificate verification control for development environments, and automatic redirect following for APIs that use URL redirection.
Configuration Parameters
Output Field
Output Field (Text, Required): Workflow variable where the response is stored.
The output format depends on Response Type configuration: JSON responses are parsed into structured objects, text responses are returned as strings, raw responses preserve the original format. When Include Response Headers is enabled, the output contains body, headers, and statusCode properties.
Common naming patterns: api_response, http_result, external_data.
URL
URL (Text, Required): Full URL of the API endpoint to call.
Include the protocol (http:// or https://). The URL can include path parameters and combines with any configured query parameters. Variable interpolation using ${variable_name} syntax supports dynamic endpoint construction.
HTTP Method
HTTP Method (Dropdown, Default: GET): HTTP method for the request.
| Method | Use for | Common scenarios |
|---|---|---|
| GET | Retrieving data without modification | Fetching profiles, searching records, reading configuration |
| POST | Creating new resources or submitting data | Creating accounts, submitting forms, uploading content |
| PUT | Updating entire resources | Replacing profiles, updating full records |
| DELETE | Removing resources | Deleting accounts, removing records |
| PATCH | Partially updating resources | Updating specific fields, modifying attributes |
| HEAD | Retrieving headers without body | Checking resource existence, validating URLs |
| OPTIONS | Discovering allowed methods | CORS preflight, API capability discovery |
Authentication
Configure authentication based on API requirements. The node supports multiple methods that automatically add appropriate headers or credentials.
Auth Type
Auth Type (Dropdown, Default: None): Authentication method required by the API.
| Auth type | How it works | Use for |
|---|---|---|
| None | No authentication | Public APIs or custom header authentication |
| Api Key | Adds key to X-API-Key header | REST APIs and cloud services |
| Bearer Token | Adds token to Authorization header with "Bearer" prefix | OAuth 2.0 and JWT-based APIs |
| Basic Auth | Encodes username/password in Base64 for Authorization header | Legacy APIs and internal services |
API Key
API Key (Text, Required for Api Key auth): API key value added to X-API-Key header.
Variable interpolation with ${api_key} enables secure credential management.
Bearer Token
Bearer Token (Text, Required for Bearer Token auth): Token automatically prefixed with "Bearer " for Authorization header.
Variable interpolation with ${token} supports dynamic token management from previous workflow steps.
Username
Username (Text, Required for Basic Auth): Username combined with password and Base64-encoded.
Variable interpolation with ${username} is supported.
Password
Password (Text, Required for Basic Auth): Password combined with username and Base64-encoded.
Variable interpolation with ${password} is supported. The field is masked in the UI.
Authentication Headers
Authentication Headers (Object, Optional): Custom headers for authentication beyond standard methods.
Useful for APIs requiring multiple authentication headers, custom token formats, or additional security headers.
Headers
Headers (Object, Default: {}): Custom HTTP headers as key-value pairs.
Common headers include Content-Type, Accept, and User-Agent. Authentication headers are configured separately. Variable interpolation in values using ${variable_name} syntax is supported.
Query Parameters
Query Parameters (Object, Default: {}): URL query parameters appended to the URL.
Parameters are automatically URL-encoded. Example: pageIndex: 1 and pageSize: 50 added to https://api.example.com/users results in https://api.example.com/users?pageIndex=1&pageSize=50. Variable interpolation is supported.
Body Type
Body Type (Dropdown, Default: none): Request body format.
| Format | Output | Best for | Notes |
|---|---|---|---|
| None | No request body | GET, DELETE, HEAD requests | Most read operations |
| JSON | JSON-formatted data | REST APIs, modern web services | Auto-sets Content-Type to application/json |
| Form URL Encoded | URL-encoded form data | Web forms, traditional APIs | Sets Content-Type to application/x-www-form-urlencoded |
| Raw | Custom content | XML, plain text, custom formats | Requires Content Type parameter |
Body Parameters
Body Parameters (Object, Default: {}): Data to send in request body as key-value pairs.
Available when Body Type is JSON or Form URL Encoded. Variable interpolation using ${variable_name} allows dynamic body construction.
Body Content
Body Content (Text, Optional): Raw body content when Body Type is Raw.
Content is sent exactly as entered. Variable interpolation with ${variable_name} supports dynamic content. Ensure Content Type matches the content format.
Content Type
Content Type (Text, Default: text/plain): Content-Type header for raw body content.
Common values: application/xml, text/plain, text/html, application/octet-stream. Only used when Body Type is Raw.
Response Type
Response Type (Dropdown, Default: json): Expected response format.
- json - Parses response as JSON into structured object. Use for REST APIs.
- text - Returns response as plain text string. Use for plain text, CSV, or text-based formats.
- raw - Returns response without processing. Use when exact content is needed.
Include response Headers
Include Response Headers (Toggle, Default: false): Include HTTP headers and status code in output.
When enabled, output is structured with body, headers, and statusCode properties. Enable when checking status codes, accessing rate limit information, or handling scenarios based on HTTP status.
Lowercase headers
Lowercase Headers (Toggle, Default: true): Convert response header names to lowercase.
HTTP headers are case-insensitive but servers may return different casing. Normalizes header names for reliable access in downstream nodes.
Response headers Field
Response Headers Field (Text, Optional): Variable to store response headers separately.
Available when Include Response Headers is enabled. Headers are stored as key-value object.
Response status Field
Response Status Field (Text, Optional): Variable to store HTTP status code separately.
Available when Include Response Headers is enabled. Status code is stored as a number (e.g., 200, 404, 500).
Proxy Configuration
Configure proxy server for HTTP requests in corporate environments.
Enable Proxy
Enable Proxy (Toggle, Optional): Route traffic through proxy server.
Use in corporate environments with restricted direct internet access.
Proxy URL
Proxy URL (Text, Required when proxy enabled): Proxy server URL including protocol and port.
Example: http://proxy.company.com:8080. Supports HTTP and HTTPS proxies.
Proxy Username
Proxy Username (Text, Optional): Username for proxy authentication.
Variable interpolation with ${proxy_username} is supported.
Proxy Password
Proxy Password (Text, Optional): Password for proxy authentication.
Variable interpolation with ${proxy_password} is supported. Field is masked in UI.
Ignore SSL Errors
Ignore SSL Errors (Toggle, Default: false): Skip SSL certificate verification.
Accepts self-signed certificates, expired certificates, and hostname mismatches. Use only in development or testing environments. Never enable in production due to security vulnerabilities.
Follow Redirects
Follow Redirects (Toggle, Default: true): Automatically follow HTTP 3xx redirects.
When enabled, transparently follows redirects and returns final response. Disable to capture redirect URLs or handle redirects manually.
Max Redirects
Max Redirects (Number, Default: 10): Maximum redirects to follow before stopping.
Available when Follow Redirects is enabled. Prevents infinite redirect loops.
Common Parameters
This node supports common parameters shared across workflow nodes, including Stream Output Response, Streaming Messages, and Logging Mode. For detailed information, see Common Parameters.
Best Practices
- Store sensitive credentials (API keys, tokens, passwords) in workflow variables rather than hardcoding for security and easier rotation
- Test HTTP requests with simple GET operations before moving to complex POST/PUT requests with authentication
- Use Include Response Headers with status code to implement error handling logic (retry on 5xx, handle 4xx differently)
- For paginated APIs, use response data to determine if additional requests are needed with conditional nodes and loops
- Check response headers for rate limit information and implement appropriate delays or retry logic
- Use Response Type appropriately: JSON for structured data processing, text or raw for large content passed through without parsing
Limitations
- Timeout configuration: The node uses a default 30-second timeout (maximum 300 seconds) not configurable through UI. Long-running API calls may timeout.
- Pagination support: Backend pagination capabilities are not exposed in UI; implement manually using workflow logic.
- File upload: Multipart form-data file uploads supported in backend but not fully exposed in UI configuration.
- Authentication methods: Only API Key, Bearer Token, and Basic Auth are implemented. Digest Auth, OAuth1, and OAuth2 are not supported.