Use the http_call action

Learn how to send HTTP requests to third-party services using the http_call action

The http_call action enables you to call a trusted third-party API passing sensitive data without that data being exposed within Vault.

Overview

The steps you take to invoke the http_call action are:

• define the http_call request body for the HTTP request.
• determine any other parameters for the call.
• call the invoke http call action operation.

Step-by-step

You want to email the customer, Jane Doe, using the send_email operation at api.example.com. The customer's object has this structure:

{
  "id": "bb5e17ce-38b1-4b3f-9b4b-40801f9672d1",
  "first_name": "Jane",
  "last_name": "Doe",
  "email": "jane.d@example.com"
}

The email API expects a request with this structure:

POST https://api.example.com/send_email?to=jane.d@example.com
Content-Type: application/json

{"message":"Hello Jane Doe!"}

You defined the request body for the call like this:

{
  "template_variables": {
    // Map the `customer` variable to a Vault global identifier referencing the customer's object in the `customers` collection by its ID.
    "customer":  "pvlt:read_object:customers::bb5e17ce-38b1-4b3f-9b4b-40801f9672d1:",
  },
  "request": {
    "method": "POST",
    // Use the `customer.email` property as the `to` query parameter.
    "url": "https://api.example.com/send_email?to={{ .customer.email | unescape_quotes | urlquery }}",
    "headers": {
      "Content-Type": "application/json"
    },
    // Use the `customer.first_name` and `customer.last_name` properties in the `message` property of the request body.
    "body": "{\"message\":\"Hello {{ .customer.first_name }} {{ .customer.last_name }}!\"}"
  }
}

You now call the invoke http call action like this:

curl -s -X POST \
  --url 'http://localhost:8123/api/pvlt/1.0/data/ <add path here> ?reason=AppFunctionality' \
  -H 'Authorization: Bearer pvaultauth' \
  -H 'Content-Type: application/json' \
  -d '{
  "template_variables": {
    "customer":  "pvlt:read_object:customers::bb5e17ce-38b1-4b3f-9b4b-40801f9672d1:",
  },
  "request": {
    "method": "POST",
    "url": "https://api.example.com/send_email?to={{ .customer.email | unescape_quotes | urlquery }}",
    "headers": {
      "Content-Type": "application/json"
    },
    "body": "{\"message\":\"Hello {{ .customer.first_name }} {{ .customer.last_name }}!\"}"
  }
}'

You get a response that returns the response from the HTTP call, similar to this:

{ "status_code": 200 }