Invoke HTTP call action
Invokes the built-in http_call
action.
The http_call
action enables Vault to issue an HTTP call using a template that includes references to sensitive data.
Read more about using the http_call
action.
The role performing this operation must have:
- The
CapActionInvoker
capability. - At least one allowing policy and no denying policies for the
invoke
operation for the action provided in the call.
See identity and access management for more information about how capabilities are used to control access to operations and policies are used to control access to data.
Request
Query parameters
adhoc_reason
- stringAn ad-hoc reason for accessing the Vault data. Required when
reason
is set toOther
.reason
- string required*Details of the reason for requesting the property. The default is set when no access reason is provided and PVAULT_SERVICE_FORCE_ACCESS_REASON is false.
reload_cache
- booleanReloads the cache before the action.
Request body
The request specification. See http_call request body for more details.
- application/json
template_variables
- object required*A key-value map of template variable names to Vault global identifiers.
Values of additional properties are stringsExample{
"to_email": "pvlt:detokenize:customers:email:463a83d0-a816-4902-abba-2486e0c0a0bb:",
"first_name": "pvlt:read_object:customers:first_name:463a83d0-a816-4902-abba-2486e0c0a0bb:"
}request
- object required*The HTTP request template.
url
- string required*The URL to call.
method
- stringThe HTTP method to use.
headers
- objectThe HTTP headers to send.
Values of additional properties are stringsExample{
"Content-Type": "application/json"
}body
- stringThe HTTP body to send.
include_response_body
- booleanWhether to include the response body in the action result. Set as
false
, or use the default, to ensure any sensitive data in the response body isn't returned in the action result.
{
"template_variables": {
"to_email": "pvlt:detokenize:customers:email:463a83d0-a816-4902-abba-2486e0c0a0bb:",
"first_name": "pvlt:read_object:customers:first_name:463a83d0-a816-4902-abba-2486e0c0a0bb:"
},
"request": {
"url": "https://example-email-server.com/send-email",
"method": "POST",
"headers": {
"Content-Type": "application/json"
},
"body": "{\"to\": \"{{ .to_email }}\", \"message\": \"Hello {{ .first_name }}!\" }"
},
"include_response_body": false
}
Possible responses
- 200
- 400
- 401
- 403
- 404
- 405
- 409
- 410
- 500
- 503
The request is successful.
- application/json
status_code
- integer required*The HTTP status code of the response.
headers
- object required*The HTTP headers of the response.
Values of additional properties are stringsExample{
"Content-Type": "application/json"
}body
- stringThe HTTP body of the response.
{
"status_code": 200,
"headers": {
"Content-Type": "application/json"
},
"body": "{\"status\": \"success\"}"
}
The request is invalid.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1001",
"message": "The access reason is missing.",
"context": {
"reason": null
}
}
Authentication credentials are incorrect or missing.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1005",
"message": "The request is unauthorized.",
"context": {}
}
The caller doesn't have the required access rights.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1007",
"message": "The operation is forbidden due to missing capabilities.",
"context": {
"username": "WebServer"
}
}
The requested resource is not found.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1004",
"message": "The collection is not found.",
"context": {}
}
The operation is not allowed.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1026",
"message": "The operation is not allowed in in-memory mode.",
"context": {}
}
A conflict occurs.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV3218",
"message": "Concurrent conflicting updates to the same object.",
"context": {}
}
Access to a resource that is no longer available occurs.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1033",
"message": "The resource is gone.",
"context": {}
}
An error occurs on the server.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1000",
"message": "Something went wrong",
"context": {}
}
The service is unavailable.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1009",
"message": "The operation timed out on the server.",
"context": {}
}
Query parameters
Request body
Code examples