HTTP Request


The HTTP Request action allows a flow to perform HTTP actions on REST endpoints.

Additional information can be passed as header information such as Content-Type and MIME types, and as content containing the request body information.

After executing the request it returns the HTTP response status code and the response content as a string.

REST Request


This action is used to send methods, such as POST and DELETE to an endpoint to create, update or delete a REST resource.

The GET HTTP request method is also used to retrieve data to pass to the next action.

The request has the following types of authentication:

Input samples in JSON notation

Authentication type: None

    'AuthenticationType': 'None'
    'Method': 'string',
    'Url': 'string',
    'ContentType': 'string',
    'Content': 'string',
    'Headers': {
        'key': 'value'

Authentication type: Basic

      'AuthenticationType': 'Basic',
      'Username': 'string',
      'Password': 'string',
      'Method': 'string',
      'Url': 'string',
      'ContentType': 'string',
      'Content': 'string',
      'Headers': {
        'key': 'value'

Authentication type: Bearer

      'AuthenticationType': 'Bearer',
      'Token endpoint': 'string',
      'Client': 'string',
      'Client Secret': 'string',
      'Requested Scope': 'string',
      'Method': 'string',
      'Url': 'string',
      'ContentType': 'string',
      'Content': 'string',
      'Headers': {
        'key': 'value'

Output sample

     'StatusCode': 200,
     'Headers': {
       'key': [
     'Response': 'string'

Advanced configuration

Advanced configuration allows you to attach certificates and disable retry requests for the HTTP request.

Certificate dropdown


You can attach a Client Certificate in the Advanced configuration section, where a drop-down allows you to select one of the certificates added for this tenant.

The option to attach a Remote Certificate is also available to provide added identity authentication on received data through a mTLS protocol. For more details about setting up certificates, see Certificates.

Note: You must provide a Client Certificate before you can add a Remote Certificate to the HTTP request.

Disable Retry Requests

The Disable Retry Requests setting allows you to deactivate retry requests with only retries being sent for the error response 429 Too Many Requests.

In some cases, when the external endpoint does not respond within the default timeout for the HTTP Request action of 100 seconds, a retry mechanism resends the request. In some situations this retry can result in the request being posted twice because the external endpoint is still handling the first request. The Disable Retry Requests setting is available to handle such situations.

General retry settings

The HTTP request is implemented with some default retry settings so that the operation is resilient and can adapt to the most typical cases of the returning statuses considered transient:

The maximum number of retries set for each operation is 5.

The complete retry operation (within the retries and corresponding waiting times in between) will timeout after 9 minutes.

Each retry operation will timeout after 100 seconds.

Retry setting Description
Retry- After The Retry-After header is a standard response HTTP header that indicates how long the user agent should wait before making another request. It is sent within statuses 503 (Service Unavailable), 429 (Too Many Requests) as detailed Retry-After.
It is taken into account in the default retry pattern implementation.
429 - Too Many Requests When a status 429 - Too Many Requests response is returned by the HTTP request, the waiting time before retrying is:
- Retry-After header value if received with a maximum time of thirty seconds
- A random amount of time as per this distribution. The random time is generated between 250 milliseconds and 30 seconds.
503 - Service Unavailable When a status 503 (Service Unavailable) is returned by the HTTP request, the waiting time before retrying is:
- Retry-After header value if received (with a maximum time of one minute)
- One minute wait if no Retry-After header is received
Any of the other status considered previously as transient When a status 5XX (Server error) besides 503, or 408 (Request timeout) is returned by the HTTP request, the waiting time before retrying is:
- A random amount of time as described in Exponential Backoff And Jitter distribution. The random time is generated between 250 milliseconds and 30 seconds.

Content definition

The HTTP Request action supports the followng content types:

Content type Description
JSON (application/json) JSON formatted data.
JSON Patch (application/json-patch+json) Used to define a JSON document format for expressing a sequence of operations to be applied to a JSON document.
XML (application/xml) XML formatted data.
XML (text/xml) XML formatted data.
Text (text/plain) Plain text with no specific formatting.
x-www-form-urlencoded The default content type for HTML forms. Form data is encoded as key-value pairs, similar to query parameters in the URL.
Multipart/form-data Used for uploading files through HTML forms.
Binary (application/octet-stream) A generic stream of binary data used for file uploads when the file type is unknown or not specified.
XML (application/soap+xml) Used to signify that the body of the message contains a SOAP envelope formatted as XML.

Multipart/form-data content type support

The HTTP Request action supports the use of the Multipart/form-data content type to allow data to be uploaded using HTML forms.

Multipart/form-data dropdown

Once the content type is selected, a new Form Data section is displayed, where you configure the form data.

Multipart/form-data form list

You can add and configure form data fields using the Add button and adding the information in the pop-up window.

The following field types are available:

Multipart/form-data form text Multipart/form-data form file