core.http

HTTP Request (core.http)

Call any API. One request per input item (expressions resolve per item), with credential-vault auth, automatic pagination, response parsing down to row items, and error diagnostics built for debugging real integrations.

Parameters

ParameterTypeDefaultDescription
methodGET/POST/PUT/PATCH/DELETEGET
urlstringExpression-capable; may carry its own ?query=string.
query_paramsrows[]Merged into the URL's query — both survive.
headersrows[]Duplicate names: the last row wins.
body_modenone/json/form_urlencoded/multipart/raw/binarynoneraw takes a content_type; binary sends a $binary payload's bytes.
auth_modenone/credentialnoneWire a vaulted credential (basic, bearer, header, …) — secrets never enter workflow JSON.
response.parseauto/json/csv/tsv/text/binaryautoSee parsing below.
response.full_responsebooleanfalseEmit {status, headers, body} instead of the bare body.
response.error_on_4xx_5xxbooleantrueOff → non-2xx responses come back as data.
paginationnone/next_url/page_paramnoneFollow paging.next-style links (relative URLs fine) or increment a page param until an empty page. Hard cap: 100 pages.
optionstimeout_seconds (30), follow_redirects, item_concurrency 1–20, batch_interval_ms (sequential pacing).

Behavior

One request per input item. Three items in, three requests out, each with its own expression values and a paired_item back to its source. Crank item_concurrency to parallelize (input order is preserved in the output regardless of completion order), or set batch_interval_ms to pace sequential calls against rate limits.

Response parsing (auto) follows the content type: JSON becomes items — a top-level array becomes one item per element; CSV/TSV parse into one row item per line (quoted commas and embedded newlines handled); text stays a string; anything else is stored as a binary payload your downstream nodes can reference.

Pagination concatenates every page's items into one output. next_url follows a dot-path in the body (paging.next — relative links resolve against the request URL) until it's null; page_param increments a query parameter until a page comes back empty.

Errors carry diagnostics. A failed request records {kind, status, reason, response headers, body preview, elapsed_ms} — readable in the node's detail view. Timeouts and connection-refused are distinguished. Request headers are never captured, so credentials can't leak into run data. With on_error: error_output, failing items route to the error branch instead of stopping the run.

Quirks & tips

  • URL query and param rows merge?api_version=2 in the URL survives adding rows. A row with the same name as a URL param overrides it.
  • A server lying about content type won't kill the run: auto falls back to text when a claimed-JSON body doesn't parse. Explicit parse: json still fails hard — say what you mean.
  • A 204/empty success emits one item (empty text) — the run continues.
  • error_on_4xx_5xx: false turns status handling over to you: pair it with full_response and an IF on $json.status.
  • Import from cURL / AI-configure: paste a cURL command (the panel maps method/url/headers/body; -u secrets are refused toward a credential) or describe the call and let AI fill the panel — auth is always left to you.
  • The 100-page pagination cap is a guardrail, not a setting — split bigger pulls by date range or id windows.
  • Shared/demo instances may block internal addresses: when the SSRF egress guard is on, requests to private, loopback, or link-local IPs (including a hostname that resolves to one, and the cloud metadata endpoint) fail with a "private or reserved address" error. Self-hosted instances ship with the guard off, so reaching your own LAN just works.

Related

  • Code — for request signing or exotic protocols.
  • Webhook trigger — the receiving side.
  • Extract From File — when the response is a binary file you need parsed.