Pipefy Integrations empowers you to connect your processes with hundreds of external apps and automate your workflows. While we offer a wide variety of native connectors, you may sometimes need to connect to a specialized or custom system that doesn't have a pre-built app. That is where the HTTP and HTTP (OAuth2) connectors come in.
The HTTP connectors allow you to interact directly with external REST APIs, giving you the flexibility to send and receive data from virtually any web-based software.
When to Use the HTTP Connector
You should use the HTTP connector when:
No Native App Exists: The tool you want to integrate with is not available in our standard integrations library.
Custom Endpoints: You need to interact with internal or proprietary APIs specific to your company.
Advanced API Operations: You need to execute specific methods (like
PUT,PATCH, or customPOSTrequests) that are not covered by a standard connector’s predefined actions.
Types of HTTP Connectors and Authentication
Depending on the security requirements of the external API you are connecting to, you can choose between different types of HTTP setups:
1. Standard HTTP Connector
Use this coonector for endpoints that require standard authentication methods or no authentication at all.
No Auth / Public APIs: Simple GET requests to fetch public data.
Basic Auth: Allows you to input a Username and Password.
Bearer Token / Custom Headers: You can pass API keys or Secret Texts directly within the HTTP headers or query parameters of the request.
2. HTTP (OAuth2) Connector
If the external application requires OAuth 2.0 authorization, use the HTTP (OAuth2) connector. This connector securely collects and stores user credentials (handling the Authorization URL, Token URL, Client ID, Client Secret, and scopes) so you can seamlessly send authenticated requests without exposing raw tokens in your flow builder.
Technical Limits You Should Know
To ensure your automated processes run smoothly and maintain high performance, the integration engine enforces a few technical limits. When designing your HTTP flows, keep the following in mind:
Flow Execution Time: The maximum execution time for a single flow run is 300 seconds (5 minutes). If an external API is very slow to respond and causes the flow to exceed this limit, the run will be marked as timed out.
Memory Usage: The maximum RAM allocated per flow process is 512 MB.
Best Practices for HTTP Automations
Working with APIs requires a strategic approach to ensure your data is processed correctly and efficiently. Here are the top recommendations:
1. Implement Data Validation
APIs can sometimes return unexpected errors or empty values. Always use conditional rules (Branches) after an HTTP request to check the Status Code (e.g., ensuring it returns 200 OK or 201 Created) before proceeding to the next steps. This prevents your flow from failing abruptly or injecting bad data into your Pipefy database.
2. Secure Your Credentials
Never type passwords or secret tokens directly into plain text fields if they can be avoided. Utilize the native Authentication dropdowns (like the OAuth2 setup or Bearer Token field) so credentials remain encrypted and secure within the platform's secret manager.
3. Test Before Publishing
APIs can be tricky with formatting (JSON vs. Form-Data). Always use the "Test Step" feature inside the HTTP piece to send a sample payload. Review the output response carefully to ensure the external system understood the request.