HTTP Request (core.http)
Call any API. One request per input item (expressions resolve per item), with credential-vault auth, automatic pagination, response parsing down to row items, and error diagnostics built for debugging real integrations.
Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
method | GET/POST/PUT/PATCH/DELETE | GET | |
url | string | — | Expression-capable; may carry its own ?query=string. |
query_params | rows | [] | Merged into the URL's query — both survive. |
headers | rows | [] | Duplicate names: the last row wins. |
body_mode | none/json/form_urlencoded/multipart/raw/binary | none | raw takes a content_type; binary sends a $binary payload's bytes. |
auth_mode | none/credential | none | Wire a vaulted credential (basic, bearer, header, …) — secrets never enter workflow JSON. |
response.parse | auto/json/csv/tsv/text/binary | auto | See parsing below. |
response.full_response | boolean | false | Emit {status, headers, body} instead of the bare body. |
response.error_on_4xx_5xx | boolean | true | Off → non-2xx responses come back as data. |
pagination | none/next_url/page_param | none | Follow paging.next-style links (relative URLs fine) or increment a page param until an empty page. Hard cap: 100 pages. |
options | — | — | timeout_seconds (30), follow_redirects, item_concurrency 1–20, batch_interval_ms (sequential pacing). |
Behavior
One request per input item. Three items in, three requests out, each with
its own expression values and a paired_item back to its source. Crank
item_concurrency to parallelize (input order is preserved in the output
regardless of completion order), or set batch_interval_ms to pace
sequential calls against rate limits.
Response parsing (auto) follows the content type: JSON becomes items —
a top-level array becomes one item per element; CSV/TSV parse into one row
item per line (quoted commas and embedded newlines handled); text stays a
string; anything else is stored as a binary payload your downstream nodes
can reference.
Pagination concatenates every page's items into one output. next_url
follows a dot-path in the body (paging.next — relative links resolve
against the request URL) until it's null; page_param increments a query
parameter until a page comes back empty.
Errors carry diagnostics. A failed request records {kind, status, reason, response headers, body preview, elapsed_ms} — readable in the node's
detail view. Timeouts and connection-refused are distinguished. Request
headers are never captured, so credentials can't leak into run data. With
on_error: error_output, failing items route to the error branch instead of
stopping the run.
Quirks & tips
- URL query and param rows merge —
?api_version=2in the URL survives adding rows. A row with the same name as a URL param overrides it. - A server lying about content type won't kill the run:
autofalls back to text when a claimed-JSON body doesn't parse. Explicitparse: jsonstill fails hard — say what you mean. - A 204/empty success emits one item (empty text) — the run continues.
error_on_4xx_5xx: falseturns status handling over to you: pair it withfull_responseand an IF on$json.status.- Import from cURL / AI-configure: paste a cURL command (the panel maps
method/url/headers/body;
-usecrets are refused toward a credential) or describe the call and let AI fill the panel — auth is always left to you. - The 100-page pagination cap is a guardrail, not a setting — split bigger pulls by date range or id windows.
- Shared/demo instances may block internal addresses: when the SSRF egress guard is on, requests to private, loopback, or link-local IPs (including a hostname that resolves to one, and the cloud metadata endpoint) fail with a "private or reserved address" error. Self-hosted instances ship with the guard off, so reaching your own LAN just works.
Related
- Code — for request signing or exotic protocols.
- Webhook trigger — the receiving side.
- Extract From File — when the response is a binary file you need parsed.