# Make HTTP Request The Make HTTP Request task is a powerful task used for making calls to any off-chain endpoint. The Make HTTP Request task can be used to query off-chain data APIs, post updates to social feeds, pipe data to off-chain compute, and for internal services. This task is designed to cover a broad scope of potential use cases with support for arbitrary URL, Header, Body along with multiple pre-built Authentication types, and built-in JSON path parsing to pull out extracted values. ## Definition ```graphql method: string # Required urlType: string # Required urlRaw: string url: { protocol: string domain: string path: string queryParameters: [ { key: string value: string } ] } bodyType: string body: string authType: string auth: { bearer: string basic: { key: string value: string } apiQuery: { key: string value: string } apiHeader: { key: string value: string } } headers: [ { key: string value: string } ] extracts [ { name: string from: string } ] excludeLogs: [string] ``` **`method`: Enum\[GET, POST, DELETE, PUT, PATCH].** The HTTP method to use for this request. **`urlType`: Enum\[raw, built].** How the URL should be constructed for this task. If the `urlType` is `raw` then `urlRaw` must be present with the complete target URL. If the `urlType` is `built` then the subfields of `url` must be present. **`urlRaw`: String**. This is required if and only if `urlType` is set to `raw`. The complete url string with protocol, domain, path, and query parameters indicating where to make the request. **`url`:** When the `urlType` is set to `built` - the following subfields must be defined. The final URL is constructed by combining each of the below elements. **`url.protocol`: Enum\[http, https].** This is required if and only if `urlType` is set to `built`. The protocol (http or https) to use when making this request. Do not include `://`. **`url.domain`: string.** This is required if and only if `urlType` is set to `built`. The complete domain (ex. "api.etherscan.io") to use when making this request. Include all subdomains. Do not include any path parameters. **`url.path`: string.** This is required if and only if `urlType` is set to `built`. The path within the target domain to make the request to (ex. "api"). The path is the part of the URL that comes after the top-level domain and before the query parameters (between ".com" and "?"). Do not include the leading `/`. **`url.queryParameters`: Array of key-values {string, string}.** This is required if and only if `urlType` is set to `built`. An array of key-value pairs to be added to the target URL as query parameters. Query parameters are the part of the URL that comes after the "?" and are used to indicate specific content or actions. As an example - including `{"key": "module", "value": "transaction"}` in the query parameters will add `?module=transaction&` to your URL. Query parameters are not required and should be added as required by your endpoint. See [en.wikipedia.org/wiki/Query\_string](https://en.wikipedia.org/wiki/Query_string) for more information. **bodyType: Enum\[text, json, javascript, html, xml, formdata, urlencoded].** The content type of the body being passed to the target endpoint. This populates a header `Content-Type` with the following value: * `text` --> `Content-Type: text/plain` * `json` --> `Content-Type: application/json` * `javascript` --> `Content-Type: application/javascript` * `html` --> `Content-Type: text/html` * `xml` --> `Content-Type: application/xml` * `formdata` --> `Content-Type: multipart/form-data` * `urlencoded` --> `Content-Type: application/x-www-form-urlencoded` If bodyType is left as blank then no value will be added to a `Content-Type` header and it is assumed that no body is being passed as part of this request. **body: string.** The body content to be sent with the request. The body is used by many endpoints to specify more complex payloads and data required to process the request. Note that the body must be passed as a string so JSON values and url-encoded valued must be properly escaped (ex.`{\"prompt\":\"DALLE Prompt\", \"n\": 5, \"size\": \"1024x1024\"}`. **authType: Enum\[bearer, basic, apiHeader, apiQuery].** The authentication method to use for this endpoint. Support authentication methods include [Basic Auth](https://en.wikipedia.org/wiki/Basic_access_authentication), [Bearer token authentication](https://swagger.io/docs/specification/authentication/bearer-authentication/), and API key authentication in the query parameters or headers. Leave this blank if the target endpoint does not require authentication. For OAuth see [OAuth and Multi-Step Authentication](https://docs.midpointapi.com/midpoint-documentation/tasks/make-http-request/oauth-and-multi-step-authentication). **auth.bearer: string.** This is required if and only if `authType` is set to `bearer`. This is the bearer token to be used for bearer authentication. Adds `Authorization: Bearer ` to the headers. Example: a value of `abc123` would add `Authorization: Bearer abc123` to the request headers. It is strongly recommended that the bearer string be a [secret](https://docs.midpointapi.com/midpoint-documentation/core-concepts/midpoints/source-and-task-definitions/secrets). **auth.basic: key-value {string, string}.** This is required if and only if `authType` is set to `basic`. This is a key-value pair containing the basic authentication username and password which will be combined and Base64-encoded to produce a basic auth token. Example: a key of `userA` and password of `passB` would add `Authorization: Basic dXNlckE6cGFzc0I=` to the request headers. It is strongly recommended that the password for basic auth be a [secret](https://docs.midpointapi.com/midpoint-documentation/core-concepts/midpoints/source-and-task-definitions/secrets). **auth.apiQuery: key-value {string, string}.** This is required if and only if `authType` is set to `apiQuery`. This is a key-value pair that adds to the query parameters. Example: a key of `X-API-KEY` and value of `mysupersecretkey` would add `?X-API-KEY=mysupersecretkey`to the url query parameters. It is strongly recommended that the value for API auth be a [secret](https://docs.midpointapi.com/midpoint-documentation/core-concepts/midpoints/source-and-task-definitions/secrets). **auth.apiHeader: key-value {string, string}.** This is required if and only if `authType` is set to `apiHeaders`. This is a key-value pair that adds to the request headers. Example: a key of `X-API-KEY` and value of `mysupersecretkey` would add `X-API-KEY: mysupersecretkey`to the request headers. It is strongly recommended that the value for API auth be a [secret](https://docs.midpointapi.com/midpoint-documentation/core-concepts/midpoints/source-and-task-definitions/secrets). **headers: Array of {string, string}.** An array of key-value pairs to be added as request headers. Example: a key of `language` and a value of `en-us` would add `language: en-us` to the request headers. **extracts: See** [**extracts**](https://docs.midpointapi.com/midpoint-documentation/core-concepts/midpoints/source-and-task-definitions/extracts)**.** Legal values: * **`Timestamp`** Unixtime of execution. * **`raw`** The complete response body as a string. This is used when the entire response body is relevant to future tasks. * **`statusCode`** The HTTP status code returned from the response (ex. 200). * **`headers.`** The value of the header with name x. This can is to pull any header out of the response. * **`body..`** The JSON-parsed value of the body with an arbitrary JSON path. This is used to parse single or array values out of the response body. Most HTTP endpoints return bodies with excess information that is not reelvant to your midpont. This allows you to pull out single values. \ \ Example: The following large JSON is returned by an endpoint:
```json { "get": "games/statistics", "parameters": { "id": "10403" }, "errors": [], "results": 2, "response": [ { "team": { "id": 5, "name": "Charlotte Hornets", "nickname": "Hornets", "code": "CHA", "logo": "https://upload.wikimedia.org/wikipedia/fr/thumb/f/f3/Hornets_de_Charlotte_logo.svg/1200px-Hornets_de_Charlotte_logo.svg.png" }, "statistics": [ { "fastBreakPoints": 15, "pointsInPaint": 70, "biggestLead": 28, "secondChancePoints": 18, "pointsOffTurnovers": 24, "longestRun": 12, "points": 141, "fgm": 54, "fga": 97, "fgp": "55.7", "ftm": 15, "fta": 23, "ftp": "65.2", "tpm": 18, "tpa": 42, "tpp": "42.9", "offReb": 15, "defReb": 36, "totReb": 51, "assists": 36, "pFouls": 22, "steals": 13, "turnovers": 18, "blocks": 2, "plusMinus": "22", "min": "240:00" } ] }, { "team": { "id": 10, "name": "Detroit Pistons", "nickname": "Pistons", "code": "DET", "logo": "https://upload.wikimedia.org/wikipedia/commons/thumb/6/6a/Detroit_Pistons_primary_logo_2017.png/150px-Detroit_Pistons_primary_logo_2017.png" }, "statistics": [ { "fastBreakPoints": 8, "pointsInPaint": 52, "biggestLead": 2, "secondChancePoints": 13, "pointsOffTurnovers": 24, "longestRun": 12, "points": 119, "fgm": 48, "fga": 102, "fgp": "47.1", "ftm": 11, "fta": 18, "ftp": "61.1", "tpm": 12, "tpa": 35, "tpp": "34.3", "offReb": 16, "defReb": 29, "totReb": 45, "assists": 32, "pFouls": 20, "steals": 10, "turnovers": 18, "blocks": 6, "plusMinus": "-22", "min": "240:00" } ] } ] } ``` \ `body.parameters.id` returns `10403`\ `body.response[0].team.nickname` returns `Hornets`\ `body.response[*].statistics[0].points` returns `[141, 119]`\ \ See [jsonpath.com/](https://jsonpath.com/) for an interactive json path explorer. **excludeLogs: See** [**exclude logs.**](https://docs.midpointapi.com/midpoint-documentation/core-concepts/midpoints/source-and-task-definitions/exclude-logs) Legal values: * **`TaskDefinition`** The complete definition of this task at runtime. Good to mask if this is an authenticated endpoint. * **`RequestHeader`** The request header computed at runtime. Good to mask if Basic, Bearer, or ApiHeader authentication is used. * **`RequestBody`** The request body computed at runtime. Good to mask if there is sensitive information send to the endpoint. * **`RequestURL`** The request url computed at runtime. Good to mask if ApiQuery authentication is used. * **`ResponseHeader`** The response header returned by the target endpoint. * **`ResponseBody`** The response body returned by the target endpoint. Good to mask if the response contains secrets that may be used in a future task (ex. OAuth). * **`ResponseStatus`** The response status code. * **`ExtractedMakeHttpRequestResponse`** Values extracted from the HTTP response. * **`TaskOutputData`** The complete set of returned values from this task. ## Returned Values This task returns any values extracted using the `extracts` which can include any values from the HTTP response status, header, or body. ## Examples This section is incomplete. ## Tips for Using Make HTTP Request This section is incomplete.