Skip to main content

Invoke HTTP call action

post
/api/pvlt/1.0/data/actions/http_call

Invokes the built-in http_call action.

The http_call action enables Vault to issue an HTTP call using a template that includes references to sensitive data.

Read more about using the http_call action.

The role performing this operation must have:

  • The CapActionInvoker capability.
  • At least one allowing policy and no denying policies for the invoke operation for the action provided in the call.

See identity and access management for more information about how capabilities are used to control access to operations and policies are used to control access to data.

Request

Query parameters

  • adhoc_reason - string

    An ad-hoc reason for accessing the Vault data. Required when reason is set to Other.

  • reason - string required*

    Details of the reason for requesting the property. The default is set when no access reason is provided and PVAULT_SERVICE_FORCE_ACCESS_REASON is false.

  • reload_cache - boolean

    Reloads the cache before the action.

Request body

The request specification. See http_call request body for more details.

object required*
  • template_variables - object required*

    A key-value map of template variable names to Vault global identifiers.

    Values of additional properties are strings
    Example
    {
      "to_email": "pvlt:detokenize:customers:email:463a83d0-a816-4902-abba-2486e0c0a0bb:",
      "first_name": "pvlt:read_object:customers:first_name:463a83d0-a816-4902-abba-2486e0c0a0bb:"
    }
  • request - object required*

    The HTTP request template.

    • url - string required*

      The URL to call.

    • method - string

      The HTTP method to use.

    • headers - object

      The HTTP headers to send.

      Values of additional properties are strings
      Example
      {
        "Content-Type": "application/json"
      }
    • body - string

      The HTTP body to send.

  • include_response_body - boolean

    Whether to include the response body in the action result. Set as false, or use the default, to ensure any sensitive data in the response body isn't returned in the action result.

Example
{
  "template_variables": {
    "to_email": "pvlt:detokenize:customers:email:463a83d0-a816-4902-abba-2486e0c0a0bb:",
    "first_name": "pvlt:read_object:customers:first_name:463a83d0-a816-4902-abba-2486e0c0a0bb:"
  },
  "request": {
    "url": "https://example-email-server.com/send-email",
    "method": "POST",
    "headers": {
      "Content-Type": "application/json"
    },
    "body": "{\"to\": \"{{ .to_email }}\", \"message\": \"Hello {{ .first_name }}!\" }"
  },
  "include_response_body": false
}

Possible responses

The request is successful.

object required*
  • status_code - integer required*

    The HTTP status code of the response.

  • headers - object required*

    The HTTP headers of the response.

    Values of additional properties are strings
    Example
    {
      "Content-Type": "application/json"
    }
  • body - string

    The HTTP body of the response.

Example
{
  "status_code": 200,
  "headers": {
    "Content-Type": "application/json"
  },
  "body": "{\"status\": \"success\"}"
}

Try the API

Authorization

Query parameters

Request body

Navigate to the docs of your local Vault installation to try the API directly from there.

Code examples

Example