API Steps

Steps for making HTTP requests, sending responses, and managing headers and cookies.

API Steps

API steps handle HTTP communication -- making outbound requests to external services and sending responses back to clients.

External API Call

Makes an HTTP request to an external API. Supports all common HTTP methods and authentication schemes.

Method: POST
URL: 'https://api.stripe.com/v1/charges'
Headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
Body: { amount: vars.amount, currency: 'usd' }
Auth Type: bearer
Auth Value: env.STRIPE_SECRET_KEY
Assign To: chargeResult
The result stored in vars.chargeResult contains:
- body -- the parsed response body
- status -- the HTTP status code
- headers -- the response headers

Respond

Sends an HTTP response to the client. Use this to control exactly what the client receives.

Status Code: 201
Body: { success: true, user: vars.newUser }
Headers: { 'X-Request-Id': vars.requestId }

If no Respond step is used, the flow automatically responds with the value from the Return step, or an empty 200 response.

Redirect

Sends an HTTP redirect response to the client.

URL: '/dashboard'
Status Code: 302

Set Header

Sets a response header for the current request.

Name: Content-Type
Value: 'application/xml'

Set Cookie

Sets a cookie on the client response.

Name: session_token
Value: vars.token
Max Age: 86400
HTTP Only: true
Secure: true
Same Site: strict
HTTP method: `GET`, `POST`, `PUT`, `PATCH`, `DELETE`, `HEAD`, `OPTIONS`.
The full URL to call.
Request headers as key-value pairs.
Request input. Automatically serialized to JSON for object values.
URL query parameters as key-value pairs.
Authentication type: `none`, `bearer`, `basic`, `api-key`.
The token, credentials, or API key depending on auth type.
Request timeout in milliseconds. Defaults to 30000.
Variable name to store the response (includes `body`, `status`, `headers`).
HTTP status code. Defaults to 200.
The response input.
Additional response headers.
The URL to redirect to.
Redirect status code: `301` (permanent) or `302` (temporary). Defaults to 302.
The header name.
The header value.
The cookie name.
The cookie value.
Cookie lifetime in seconds.
Cookie path. Defaults to `/`.
Whether the cookie is inaccessible to JavaScript. Defaults to true.
Whether to only send over HTTPS. Defaults to false.
SameSite policy: `strict`, `lax`, or `none`.
Steps Reference
/reference/steps
Browse all step categories
API Endpoints
/endpoints
Create endpoints that use API steps
Auth Steps
/reference/steps/auth
Add authentication to your API