Connecting External APIs (HTTP)

How to connect external APIs to your workflow with secure authentication. Bearer auth, Basic auth, timeouts, and limitations explained.

Written By pvdyck

Last updated 19 minutes ago

Connecting External APIs

If a service doesn't have a native integrations node, you can still connect to it using standard HTTP protocols.

indie.money provides two primary nodes for HTTP communication:

  1. HTTP Request Node: For making outbound calls to other services.
  2. Webhook Trigger: For receiving inbound calls from other services.

1. Outbound Calls (HTTP Request Node)

The HTTP Request Node makes outbound HTTP/HTTPS calls to any external API or web service.

Methods

GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS

Send Parameters

ParameterDescription
URLThe full endpoint URL
MethodHTTP method to use
AuthenticationNone, Generic Credential Type (Bearer Auth or Basic Auth)
Send Query ParametersKey-value pairs appended to the URL
Send HeadersCustom HTTP headers (key-value pairs)
Send BodyRequest body for POST/PUT/PATCH

Body Content Types

TypeDescription
JSONSend a JSON object. Supports dot-path keypairs (e.g., user.name creates {user: {name: value}})
Form MultipartSend form-data (for file uploads)
Form URL-EncodedSend application/x-www-form-urlencoded data
RawSend raw text with a custom content type
BinarySend binary data from a previous node

Response Format

Auto-detect (default), JSON, Text, File (binary)

Options

OptionDescription
BatchingExecute requests in parallel with configurable batch size and interval
TimeoutPer-request timeout (indie.money enforces 10-second max)
RedirectFollow redirects (configurable max redirects)
Response HeadersInclude response headers in the output
PaginationOffset-based (updateAParameterInEachRequest) or URL-following (responseContainsNextURL) with expression support ({{ $response.body.next }}, {{ $pageCount + 1 }})
Retry on FailAutomatic retry on 429/5xx errors with linear backoff (3 retries)
Continue on FailReturns error items instead of stopping the workflow
Ignore SSL IssuesBypass SSL certificate validation
ProxyRoute requests through an HTTP proxy

Authentication

The HTTP Request Node supports secure, Vault-managed authentication for calling any API that uses Bearer tokens or Basic auth.

πŸ’‘ Note:Your credentials never appear in the workflow. They are stored in the Secure Vault and injected at execution time via the secure proxy. Builders, producers, and the execution engine never see your actual keys.

How It Works

  1. Set Authentication to Generic Credential Type
  2. Choose Bearer Auth or Basic Auth
  3. Connect your credential via the Secure Vault

At execution time, the Secure Vault proxy injects the correct Authorization header into your request. Your API key or password never leaves the vault.

Supported Auth Types

Auth TypeHeader InjectedUse Case
Bearer AuthAuthorization: Bearer <token>Most REST APIs (OpenAI, Stripe, GitHub, etc.)
Basic AuthAuthorization: Basic <base64(user:pass)>Legacy APIs, self-hosted services, webhooks

Per-Credential Target URL

Each credential is linked to a specific API base URL. This means:

  • A Bearer token for https://api.stripe.com only works for Stripe requests
  • A Bearer token for https://api.github.com only works for GitHub requests
  • You can have multiple credentials for different APIs in the same workflow

The target URL is set when you configure the credential in the Secure Vault. Enter the full URL (e.g., https://api.stripe.com/v1/charges) in the HTTP Request node's URL field. The credential's target URL is used for credential scoping and matching, not for URL construction.

Auth Types NOT Supported

Auth TypeAlternative
OAuth2Use a dedicated integration node (Slack, Google Sheets, etc.)
Digest AuthNot supported
Custom AuthUse "None" auth and set headers manually (credentials will be visible in the workflow)

Key Limitations

Because indie.money runs on a strict serverless architecture (Cloudflare Workers), the HTTP Request node has specific boundaries compared to standard n8n:

  1. 10-second timeout: If the external API takes longer than 10 seconds, the request fails. Use APIs with fast response times.
  2. In-memory binary support (~50MB limit): Binary downloads and uploads work via in-memory base64 encoding. Files over 50MB are rejected. No streaming by ID.
  3. HTTPS only recommended: HTTP URLs may be blocked.
  4. Simplified pagination expressions: Supports $response.body.*, $response.headers.*, $pageCount with arithmetic. Complex expressions (ternary, method calls) require the Code node.

Workarounds for Limitations

LimitationWorkaround
Slow API (>10s)Use async webhook pattern: trigger API, let them process, they call your Webhook back.
OAuth requiredUse a Secure Vault integration node for the service instead.
Streaming responseStreaming is not supported -- the full response is loaded into memory. For large payloads, use the built-in pagination feature.

2. Inbound Calls (Webhook)

For answering inbound requests, you will use the Webhook Trigger.(See the Triggers Reference for more details).

Example: Call a REST API with Bearer Auth

  1. Add an HTTP Request node
  2. Set Authentication to Generic Credential Type
  3. Set Generic Auth Type to Bearer Auth
  4. Connect your Bearer token credential (configured in Secure Vault with target URL https://api.example.com)
  5. Set URL to the endpoint path: https://api.example.com/v1/data
  6. Set Method to GET

The Secure Vault injects Authorization: Bearer <your-token> automatically. Your token never appears in the workflow definition.

Example: Call an API without Auth

URL: https://api.example.com/public/dataMethod: GETAuthentication: NoneHeaders:  Accept: application/json

Related