The HTTP Request node calls any URL. Pick the method as the node’s operation: GET, POST, PUT, PATCH, or DELETE. A URL is required.
In a hurry? Click Import cURL at the top of the node and paste a curl command from any API’s docs — the method, URL, query params, headers, and body are filled in for you.
Configuration
| Field | What it does |
|---|
| URL | The endpoint to call (required). References work here, e.g. https://api.example.com/users/{{form.user_id}} |
| Query Parameters | Key/value rows added to the URL’s query string and URL-encoded for you. Values support references. |
| Headers | Key/value rows. Toggle a row off without deleting it. Values support references. |
| Body | Choose a Body type — None, JSON, Form URL-Encoded, or Raw — available on every method, so GET and DELETE can send a body too. JSON must be valid JSON (it fails loudly if not). Raw lets you set an explicit Content-Type (e.g. application/xml). |
Options
| Option | Default | What it does |
|---|
| Timeout (seconds) | 30 | How long to wait before giving up. |
| Max Retries | 0 | Retry network errors and 429/5xx responses with exponential backoff, honoring Retry-After. Retries can re-submit non-idempotent requests (POST/PATCH). |
| Follow Redirects / Max Redirects | Yes / 10 | Follow 3xx redirects. Authorization is dropped on cross-origin redirects. |
| Verify SSL Certificate | Yes | Disable only for internal endpoints with self-signed certs. |
| Response Format | Auto-detect | Force how the body is read: Auto, JSON, Text, or Binary (base64). |
| Include Full Response | Status + headers + body | Switch to Body only to return just the response body. |
| Continue on HTTP Error | No (fail) | See the note below. |
Authentication
Attach a credential to the node instead of pasting secrets into headers:
| Credential | What it sends |
|---|
| Bearer Token | Authorization: Bearer <token> |
| Basic Auth | Username and password as an Authorization: Basic header |
| API Key | The key in a header (any name, default X-API-Key) or in the query string — choose Send In. |
| OAuth2 (client credentials) | Mints a short-lived token from your token URL (client id/secret + scope) and sends it as Authorization: Bearer. |
Output
The response becomes the node’s output:
| Field | What it is |
|---|
status_code | HTTP status code |
status | success for codes below 400 |
response | Parsed JSON when possible, otherwise text. Binary content (images, PDFs, audio, video) is saved and returned as {url, mime_type, name, size_bytes} with is_file: true — pass {{http-1.response.url}} straight into an upload node (YouTube, Drive, Slack, …) or a media block |
response_headers | Response headers |
elapsed_ms | Request duration |
{{http-1.response.items}}. With Include Full Response → Body only, a JSON response is returned directly so you reference {{http-1.field}}.
By default a 4xx/5xx response (or a network/timeout failure) fails the node loudly so the run stops with a clear error. To branch on errors instead, turn on Continue on HTTP Error — the node then returns the error response as data (with status: "error"), and you can add a Conditional on status_code. For security, requests to private, loopback, or link-local addresses (including the cloud metadata endpoint) are blocked, and responses larger than 25 MB are rejected.
Next steps
