HTTP

Getting started with HTTP

The HTTP app provides various modules for communication based on Hypertext Transfer Protocol (HTTP) protocol. HTTP is the foundation of data communication for the World Wide Web. The modules enable you to download web pages and files, call webhooks and API endpoints, etc.

The right choice of the module depends on the authentication/authorization mechanism the resource you wish to access employs:

• Make a request - universal module primarily intended for resources not employing any type of authentication/authorization
• Make a Basic Auth request - for resources employing HTTP Basic authentication (BA)
• Make a OAuth 2.0 request - for resources employing OAuth 2.0 authorization protocol

Make a request

HTTP > Make a request module is a universal module that enables you to configure an HTTP request and submit it to a server. The received HTTP response is then contained in the output bundle. The example below shows how to setup the module to submit a POST request with JSON payload:

NOTE: To make sure your JSON is valid, you may use one of the available online services (e.g. https://jsonlint.com/) or employ JSON > Create JSON module to create the JSON dynamically and take care of all the necessary escaping (see our tutorial Use JSON Generator to create a JSON Data Structure and make an HTTP request for detailed explanation). Mixing JSON pieces with expressions and items directly in the Request content field is not recommended as it can result in invalid JSON.

Make a OAuth 2.0 request

In order to make an HTTP(S)request to servers that require a OAuth 2.0 authorization, you first need to create a OAuth connection.

Creating a connection

1. Create a OAuth client in the target service with which you want Integromat to communicate with. This option will mostly likely be found in the Developer section of the given service. When creating the client, you will be asked to specify a so called Redirect URL (sometimes called as Callback URL). Always enter https://www.integromat.com/oauth/cb/oauth2 in this field.

   Once you have created the client, the given service will display two keys Client ID and Client Secret. Some services call these App Key and App Secret. Make sure you write down these keys, you will be asked to provide them when creating the connection in Integromat.

2. Find the Authorize URI and Token URI in the API documentation of the given service (if the service uses Implicit flow, you will need only Authorize URI). These are URL addresses through which Integromat communicates with the target service. The addresses serve for OAuth authorization.

   Examples of Yahoo addresses:

   • Authorize URI: https://api.login.yahoo.com/oauth2/request_auth
   • Token URI: https://api.login.yahoo.com/oauth2/get_token

3. If the target service uses scopes (access rights), check how the service separates individual scopes and make sure you set the separator in the advanced settings accordingly. If the separator is not set correctly, Integromat will fail to create the connection and you will receive an invalid scope error.

4. Once you have completed the steps above, you can start to create the OAuth connection in Integromat. Add the OAuth 2.0 HTTP(S) request and response processing module to your scenario and in the Connection section click on the Add button.

Certificates and Keys

For more details about certificates and keys please refer to the Certificates and Keys article.

Advanced information

Standard authorization parameters

• response_type: code for Autorization Code flow and token for Implicit flow
• redirect_uri: https://www.integromat.com/oauth/cb/oauth2
• client_id: The Client ID you entered when creating the account

Requesting Access tokens - standard parameters

• grant_type: authorization_code
• redirect_uri: https://www.integromat.com/oauth/cb/oauth2
• client_id: The Client ID you entered when creating the account
• client_secret: The Client Secret you entered when creating the account
• code: The code returned by authorization request

Requesting Refresh tokens - standard parameters

• grant_type: refresh_token
• refresh_token: The Refresh token obtained together with the Access token
• client_id: The Client ID you entered when creating the account
• client_secret: The Client Secret you entered when creating the account

Authorized request made to a service

After the connection is established, the module uses by default the bearer token which is sent in the request header field. The bearer token has the following format: Authorization: Bearer <access token>

When creating a connection, it is possible to adjust where the token shall be located, whether in the header in the Authorization parameter or in the URL in the query string.

 

HTTP message body type and when to use it.

HTTP Message Body is the data bytes transmitted in an HTTP transaction message immediately following the headers if there are any to be used.

Raw

 

 

The Raw body type is generally suitable for most HTTP body requests even is situations where developer documentation does not specify data to send, with the following field option of specifying content type as a form of parsing data.

 

Despite the content type selected, data is entered in any format that is stipulated or required by the developer documentation.

Multipart/Form-Data

Multipart/form-data is an HTTP multipart request that HTTP clients construct to send files and data over to an HTTP module. It is commonly used to upload files to your desired server.

 

You will notice that when you select application form the input method changes and this entails that from the developer documentation you will have the relevant fields required, same also applies to Multipart/form-data whereby in order to receive files encoded with mutlipart/form-data, it is necessary to configure a data structure with a collection type field that contains the nested fields name, mime and data. So as you can see the way the information is received is different.

 

Application/form-urlencoded

This body type is to POST data using application/x-www-form-urlencoded

 

For application/x-www-form-urlencoded, the body of the HTTP message sent to the server is essentially one giant query string -- name/value pairs are separated by the ampersand (&), and names are separated by the fields name and value for easy use to you and replacing the equals symbol (=) used in coding. However, after you have configured the above it will look like the example shown below:

MyVariableOne=ValueOne&MyVariableTwo=ValueTwo

Tutorials

• How to connect Integromat with any web service using OAuth2 authorization

Generating JSON Web Tokens (JWT)

It is possible to generate a JWT token using the HS256 algorithm with the help of built-in functions:

Header:

Code for copy&paste:

{{replace(replace(replace(base64("{""alg"":""HS256"",""typ"":""JWT""}"); "/=/g"; emptystring); "/\+/g"; "-"); "/\//g"; "_")}}

Payload:

Code for copy&paste:

{{replace(replace(replace(base64("{""iss"":""key"",""exp"":" + (timestamp + 60) + "}"); "/=/g"; emptystring); "/\+/g"; "-"); "/\//g"; "_")}}

Token:

Code for copy&paste:

{{1.value}}.{{2.value}}.{{replace(replace(replace(sha256(1.value + "." + 2.value; "base64"; "secret"); "/=/g"; emptystring); "/\+/g"; "-"); "/\//g"; "_")}}