--- title: 'HTTP Request' description: 'Send an HTTP request to any URL without a Connection.' --- # HTTP Request Sends an arbitrary HTTP request to any URL. Unlike **API Call**, this does not require a Connection — useful for calling ad-hoc endpoints, internal services, or APIs that don't have a marketplace connector yet. ## When to use - One-off calls to internal/ad-hoc URLs. - Calling an API that isn't in the marketplace (consider requesting a connector instead — it's a better long-term fit). - Notifying a custom webhook in another system. If the service you're calling is in the marketplace, prefer **API Call** — you get authentication, rate limiting, and response parsing for free. ## Configuration | Field | Required | What it does | |---|---|---| | `url` | Yes | The full URL including scheme. Supports `{{...}}` data refs. | | `method` | Yes | HTTP method. Defaults to `POST`. | | `body` | No | JSON body for POST/PUT/PATCH. Pure JSON — no form-encoding. | ## Headers HTTP Request does not currently expose per-call header configuration — only method/URL/body. If you need custom headers (auth tokens, content types), set up a Connection with a default header so the gateway applies it at call time, or use a connector. ## What it outputs ``` { status: 200, success: true, data: , latencyMs: 142 } ``` Non-JSON responses are returned as a plain string in `data`. If the response parses as JSON, `data` is the parsed object. ## Gotchas - **No auth** — the request goes out unauthenticated from OneHazel's backend. Don't use this for any call that would leak a secret. - **Firewall scope** — OneHazel's outbound requests originate from Supabase Edge Function IPs. If your internal service has IP allowlisting, allow the Edge Function egress range or expose a public-but-authenticated endpoint. - **Timeout** — requests have a 30-second timeout. Long-running async operations on the remote side are not supported; use polling or have them webhook back.