Skip to main content

HTTP Component

Make HTTP requests to APIs and endpoints.

Component key: http

Changelog ↓

Description

HTTP (Hypertext Transfer Protocol) is the foundational protocol for transferring data on the web. This component allows you to make HTTP requests to any HTTP-based API or endpoint, supporting GET, POST, PUT, PATCH, and DELETE methods, as well as form data submissions.

Additional Information

For more information on the HTTP protocol, see the HTTP specification.

Common HTTP verbs like GET, POST, PUT, PATCH, and DELETE are supported. For all actions, you can specify:

  • A URL to send a request to
  • A response type (like application/json)
  • A list of request headers
  • A list of query parameters

In addition, the POST, PUT, and PATCH actions allow you to specify data to send as part of the request. data can be a reference to a binary file, a string literal, or any structured data that is expected in the body of the request.

This component can be configured to use optional Basic Auth (username/password), API Key, or OAuth 2.0 Connections to authenticate the request. For other non-standard authentication schemes, you will either need to supply your own Authorization as a header as an input to the HTTP component, or you can create your own custom component to interact with an HTTP-based API.

Connections

API Key

key: apiKey

The API Key connection enables authentication with any API that accepts an API key via the Authorization header.

This connection supports two authentication schemes:

  • Basic: Sends the API key as Authorization: Basic {apiKey}
  • Bearer: Sends the API key as Authorization: Bearer {apiKey}

Prerequisites

  • An API key from the target service
  • Knowledge of which authentication scheme the target API requires (Basic or Bearer)

Setup Steps

Obtain an API key from the target service. Refer to the target service's documentation for instructions on generating an API key.

Configure the Connection

  1. Enter the API Key value obtained from the target service
  2. Select the appropriate Authentication Scheme:
    • Select Basic if the API requires Authorization: Basic {apiKey} format
    • Select Bearer if the API requires Authorization: Bearer {apiKey} format
  3. (Optional) For on-premises installations, configure the Host and Port fields

Refer to the target API's authentication documentation to determine which scheme to use.

Authentication Scheme Selection

Most modern APIs use Bearer token authentication. If unsure, consult the target API's documentation or try Bearer first.

On-prem enabled: this connection can be configured to connect to an on-prem resource on a private network. Learn more.

InputNotesExample
API Key

The API key for authentication.

Authentication Scheme

The authentication scheme to use with the API key.

Basic
Header Key

The key of the header to use for the API key.

X-API-Key
Host

The address of your on-prem server. This should be an IP address or hostname.

server.example.io
Port

The port of your on-prem server.

8080

OAuth 2.0 Authorization Code

key: authorizationCode

The OAuth 2.0 Authorization Code connection enables authentication with any API that supports the OAuth 2.0 Authorization Code flow.

This connection type is used when the target API requires users to authenticate through their service's login page and grant permissions to the integration.

Prerequisites

  • An account with the target OAuth provider
  • Access to create an OAuth application or client in the provider's developer console
  • Knowledge of the provider's OAuth 2.0 endpoints (Authorize URL, Token URL, and optionally Refresh URL)

Setup Steps

  1. Log in to the target service's developer console or app management portal
  2. Create a new OAuth application or OAuth client
  3. Configure the OAuth application:
    • Add the callback URL: https://oauth2.prismatic.io/callback
    • Note the Client ID and Client Secret provided by the service
  4. (Optional) Configure the required OAuth scopes or permissions for the application
  5. Copy the following values from the OAuth provider's documentation or developer console:
    • Authorize URL (e.g., https://provider.com/oauth/authorize)
    • Token URL (e.g., https://provider.com/oauth/token)
    • Refresh URL (optional, often the same as Token URL)

Configure the Connection

Enter the following values obtained from the OAuth provider:

  • Authorize URL: The OAuth 2.0 authorization endpoint URL
  • Token URL: The OAuth 2.0 token endpoint URL
  • Refresh URL: (Optional) The OAuth 2.0 refresh endpoint URL. If not provided, the Token URL will be used for token refresh
  • Scopes: (Optional) Space-separated OAuth scopes required for the integration (e.g., read write profile)
  • Client ID: The client identifier from the OAuth application
  • Client Secret: The client secret from the OAuth application
  • Headers: (Optional) Additional headers to include in authorization requests

Refer to the target OAuth provider's documentation for the specific endpoint URLs and required scopes.

Finding OAuth Endpoints

OAuth endpoint URLs are typically found in the OAuth provider's developer documentation under sections like "OAuth 2.0", "API Authentication", or "Getting Started". Look for terms like "authorization endpoint", "token endpoint", or "OAuth URLs".

InputNotesExample
Authorize URL

The OAuth 2.0 authorization URL for the API.

https://auth.example.com/oauth2/authorize
Client ID

The client identifier for your application.

abc123def456
Client Secret

The client secret for your application.

Headers

Additional headers to supply to authorization requests.

Refresh URL

The OAuth 2.0 refresh URL for the API. If not provided, the token URL will be used.

https://auth.example.com/oauth2/token
Scopes

Space-separated OAuth 2.0 permission scopes for the API.

read write profile
Token URL

The OAuth 2.0 token URL for the API.

https://auth.example.com/oauth2/token

Basic Username/Password

key: basic

The Basic Auth connection enables authentication with any API that accepts HTTP Basic Authentication.

Basic Authentication uses a username and password combination, which is encoded and sent in the Authorization header as Authorization: Basic {base64(username:password)}.

Prerequisites

  • Valid credentials (username and password) for the target service
  • Knowledge of whether the target API requires a username/password or username/API token combination

Setup Steps

Obtain credentials from the target service:

  1. Determine if the API requires a password or an API token
    • Many cloud-based APIs require an API token instead of a password for security reasons
    • Self-hosted or legacy APIs may accept passwords
  2. Generate an API token (if required) or obtain the password from the target service
  3. Note the username (often an email address or account identifier)

Refer to the target service's authentication documentation for specific credential requirements.

Configure the Connection

  • Username: Enter the username, email, or account identifier for the target service
  • Password: Enter the password or API token for authentication
  • (Optional) For on-premises installations:
    • Host: Enter the server hostname or IP address
    • Port: Enter the server port number
API Token vs Password

For security reasons, many services recommend using API tokens instead of passwords for Basic Authentication. Consult the target service's documentation to determine which credential type is required.

On-prem enabled: this connection can be configured to connect to an on-prem resource on a private network. Learn more.

InputNotesExample
Host

The address of your on-prem server. This should be an IP address or hostname.

server.example.io
Password

The password for authentication.

Port

The port of your on-prem server.

8080
Username

The username for authentication.

user@example.com

OAuth 2.0 Client Credentials

key: clientCredentials

The OAuth 2.0 Client Credentials connection enables authentication with any API that supports the OAuth 2.0 Client Credentials flow.

This flow is used for server-to-server authentication where the application itself (not a user) needs to authenticate. Unlike the Authorization Code flow, this does not require user interaction or browser-based authentication.

Prerequisites

  • An account with the target OAuth provider
  • Access to create an OAuth application or client in the provider's developer console
  • Knowledge of the provider's OAuth 2.0 token endpoint URL
  • Appropriate permissions to use the Client Credentials flow (some providers restrict this to specific account types)

Setup Steps

  1. Log in to the target service's developer console or app management portal
  2. Create a new OAuth application or OAuth client
  3. Configure the OAuth application:
    • Enable the Client Credentials grant type or flow
    • Note the Client ID and Client Secret provided by the service
  4. (Optional) Configure the required OAuth scopes or permissions for the application
  5. Copy the Token URL from the OAuth provider's documentation or developer console (e.g., https://provider.com/oauth/token)
When to Use Client Credentials

Use this flow for machine-to-machine authentication where no user interaction is required. This is common for background processes, scheduled tasks, or service-to-service integrations. If user authentication is required, use the OAuth 2.0 Authorization Code connection instead.

Configure the Connection

Enter the following values obtained from the OAuth provider:

  • Token URL: The OAuth 2.0 token endpoint URL
  • Scopes: (Optional) Space-separated OAuth scopes required for the integration (e.g., read write)
  • Client ID: The client identifier from the OAuth application
  • Client Secret: The client secret from the OAuth application
  • Headers: (Optional) Additional headers to include in token requests

Refer to the target OAuth provider's documentation for the specific token endpoint URL and required scopes.

No User Context

The Client Credentials flow authenticates as the application itself, not as a specific user. Actions taken will appear to be performed by the application or service account, not by individual users. Ensure the application has appropriate permissions for the intended operations.

InputNotesExample
Client ID

The client identifier for your application.

abc123def456
Client Secret

The client secret for your application.

Headers

Additional headers to supply to token requests.

Scopes

Space-separated OAuth 2.0 permission scopes for the API.

read write
Token URL

The OAuth 2.0 token URL for the API.

https://auth.example.com/oauth2/token

Actions

DELETE request

Issue a HTTP DELETE request | key: httpDelete

InputNotesExample
Connection
Debug Request

Enabling this flag will log out the current request.

false
Header

A list of headers to send with the request.

Content-Type: application/json
Ignore SSL Errors (Not Recommended)

When this flag is enabled, SSL certificate errors will be ignored. Use this flag with caution - ignoring SSL errors presents security issues. This should only be used for testing purposes.

false
Include Full Response

Enabling this flag will include the full response instead of only the returned data.

false
Max Redirects

The maximum number of redirects to follow.

5
Max Retry Count

The maximum number of retries to attempt.

3
Query Parameter

A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2.

page: 1
Response Type

The type of data you expect in the response. You can request json, text, or binary data.

json
Retry Delay (ms)

The delay in milliseconds between retries.

1000
Retry On All Errors

If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors.

false
Timeout

The maximum time in milliseconds that a client will await a response to its request.

30000
URL

The URL to call.

https://api.example.com/v1/users
Use Exponential Backoff

Specifies whether to use a pre-defined exponential backoff strategy for retries. If this is set to true, Retry Delay (ms) is ignored.

false

{
  "data": null,
  "contentType": "application/json"
}

GET Request

Issue a HTTP GET request | key: httpGet

InputNotesExample
Connection
Debug Request

Enabling this flag will log out the current request.

false
Header

A list of headers to send with the request.

Content-Type: application/json
Ignore SSL Errors (Not Recommended)

When this flag is enabled, SSL certificate errors will be ignored. Use this flag with caution - ignoring SSL errors presents security issues. This should only be used for testing purposes.

false
Include Full Response

Enabling this flag will include the full response instead of only the returned data.

false
Max Redirects

The maximum number of redirects to follow.

5
Max Retry Count

The maximum number of retries to attempt.

3
Query Parameter

A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2.

page: 1
Response Type

The type of data you expect in the response. You can request json, text, or binary data.

json
Retry Delay (ms)

The delay in milliseconds between retries.

1000
Retry On All Errors

If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors.

false
Timeout

The maximum time in milliseconds that a client will await a response to its request.

30000
URL

The URL to call.

https://api.example.com/v1/users
Use Exponential Backoff

Specifies whether to use a pre-defined exponential backoff strategy for retries. If this is set to true, Retry Delay (ms) is ignored.

false

{
  "data": null,
  "contentType": "application/json"
}

PATCH request

Issue a HTTP PATCH request | key: httpPatch

InputNotesExample
Connection
Data

The HTTP body payload to send to the URL. Must be a string or a reference to output from a previous step.

{"name": "John Doe", "email": "john@example.com"}
Debug Request

Enabling this flag will log out the current request.

false
Header

A list of headers to send with the request.

Content-Type: application/json
Ignore SSL Errors (Not Recommended)

When this flag is enabled, SSL certificate errors will be ignored. Use this flag with caution - ignoring SSL errors presents security issues. This should only be used for testing purposes.

false
Include Full Response

Enabling this flag will include the full response instead of only the returned data.

false
Max Redirects

The maximum number of redirects to follow.

5
Max Retry Count

The maximum number of retries to attempt.

3
Query Parameter

A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2.

page: 1
Response Type

The type of data you expect in the response. You can request json, text, or binary data.

json
Retry Delay (ms)

The delay in milliseconds between retries.

1000
Retry On All Errors

If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors.

false
Timeout

The maximum time in milliseconds that a client will await a response to its request.

30000
URL

The URL to call.

https://api.example.com/v1/users
Use Exponential Backoff

Specifies whether to use a pre-defined exponential backoff strategy for retries. If this is set to true, Retry Delay (ms) is ignored.

false

{
  "data": null,
  "contentType": "application/json"
}

POST Request

Issue a HTTP POST request | key: httpPost

InputNotesExample
Connection
Data

The HTTP body payload to send to the URL. Must be a string or a reference to output from a previous step.

{"name": "John Doe", "email": "john@example.com"}
Debug Request

Enabling this flag will log out the current request.

false
Header

A list of headers to send with the request.

Content-Type: application/json
Ignore SSL Errors (Not Recommended)

When this flag is enabled, SSL certificate errors will be ignored. Use this flag with caution - ignoring SSL errors presents security issues. This should only be used for testing purposes.

false
Include Full Response

Enabling this flag will include the full response instead of only the returned data.

false
Max Redirects

The maximum number of redirects to follow.

5
Max Retry Count

The maximum number of retries to attempt.

3
Query Parameter

A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2.

page: 1
Response Type

The type of data you expect in the response. You can request json, text, or binary data.

json
Retry Delay (ms)

The delay in milliseconds between retries.

1000
Retry On All Errors

If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors.

false
Timeout

The maximum time in milliseconds that a client will await a response to its request.

30000
URL

The URL to call.

https://api.example.com/v1/users
Use Exponential Backoff

Specifies whether to use a pre-defined exponential backoff strategy for retries. If this is set to true, Retry Delay (ms) is ignored.

false

{
  "data": null,
  "contentType": "application/json"
}

POST/PUT Form Data Request

POST/PUT data as multipart/form-data. Often useful for uploading binary data. | key: httpPostFormData

InputNotesExample
Connection
Debug Request

Enabling this flag will log out the current request.

false
File Data

File data to be sent as a multipart form upload.

document: [file contents from previous step]
File Data File Names

File names to apply to the file data inputs. Keys must match the file data keys above.

document: report.pdf
Form Data

The form data to be sent as a multipart form upload.

username: johndoe
Header

A list of headers to send with the request.

Content-Type: application/json
HTTP Methodpost
Ignore SSL Errors (Not Recommended)

When this flag is enabled, SSL certificate errors will be ignored. Use this flag with caution - ignoring SSL errors presents security issues. This should only be used for testing purposes.

false
Include Full Response

Enabling this flag will include the full response instead of only the returned data.

false
Max Redirects

The maximum number of redirects to follow.

5
Max Retry Count

The maximum number of retries to attempt.

3
Query Parameter

A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2.

page: 1
Response Type

The type of data you expect in the response. You can request json, text, or binary data.

json
Retry Delay (ms)

The delay in milliseconds between retries.

1000
Retry On All Errors

If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors.

false
Timeout

The maximum time in milliseconds that a client will await a response to its request.

30000
URL

The URL to call.

https://api.example.com/v1/users
Use Exponential Backoff

Specifies whether to use a pre-defined exponential backoff strategy for retries. If this is set to true, Retry Delay (ms) is ignored.

false

The Post Form Data Action takes two possible inputs for data to be uploaded to an endpoint.

  • Form Data are key/value pairs. For example, "username"/"Groucho" and "accountnum"/12345. Values are turned into strings if they are not already. For more information see https://developer.mozilla.org/en-US/docs/Web/API/FormData/Using_FormData_Objects
  • File Data is similar to form data but allows you to upload file contents. A filename property is automatically generated from the key. This should be used to upload files only. All other types of data should go through the Form Data Input.

PUT request

Issue a HTTP PUT request | key: httpPut

InputNotesExample
Connection
Data

The HTTP body payload to send to the URL. Must be a string or a reference to output from a previous step.

{"name": "John Doe", "email": "john@example.com"}
Debug Request

Enabling this flag will log out the current request.

false
Header

A list of headers to send with the request.

Content-Type: application/json
Ignore SSL Errors (Not Recommended)

When this flag is enabled, SSL certificate errors will be ignored. Use this flag with caution - ignoring SSL errors presents security issues. This should only be used for testing purposes.

false
Include Full Response

Enabling this flag will include the full response instead of only the returned data.

false
Max Redirects

The maximum number of redirects to follow.

5
Max Retry Count

The maximum number of retries to attempt.

3
Query Parameter

A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2.

page: 1
Response Type

The type of data you expect in the response. You can request json, text, or binary data.

json
Retry Delay (ms)

The delay in milliseconds between retries.

1000
Retry On All Errors

If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors.

false
Timeout

The maximum time in milliseconds that a client will await a response to its request.

30000
URL

The URL to call.

https://api.example.com/v1/users
Use Exponential Backoff

Specifies whether to use a pre-defined exponential backoff strategy for retries. If this is set to true, Retry Delay (ms) is ignored.

false

{
  "data": null,
  "contentType": "application/json"
}

Changelog

2025-01-14

Added connection type Custom API Key for custom header authentication

2025-11-13

Added input Max Redirects to all actions for controlling automatic redirect following behavior