HTTP & Request/Response Nodes

> Read incoming request data, send responses, make outbound HTTP requests, and protect your routes with authentication and rate limiting.

These nodes handle the request-response lifecycle of your API routes. They cover reading input data, shaping outgoing responses, making external API calls, and securing endpoints.

Reading Request Data

get-body

Reads the incoming request body in the selected format.

| Pin | Direction | Type | |-----|-----------|------| | sequence in | Input | sequence | | format | Input | enum-value:BodyFormat | | body | Output | object | | result | Output | enum-value:BodyResult |

get-user-id

Retrieves the authenticated user's ID from the request context. This is available when the route is accessed by an authenticated user.

| Pin | Direction | Type | |-----|-----------|------| | userId | Output | string |

Sending Responses

return-json

Sends a JSON response back to the caller and ends the route execution.

| Pin | Direction | Type | |-----|-----------|------| | sequence in | Input | sequence | | data | Input | any | | status | Input | number | | sequence out | Output | sequence |

The data input accepts any type. Objects and arrays are automatically serialized to JSON.

Every route should include at least one response node. If execution ends without sending a response, the caller receives a default empty response.

return-html

Sends an HTML response back to the caller with the Content-Type: text/html header.

| Pin | Direction | Type | |-----|-----------|------| | sequence in | Input | sequence | | html | Input | string | | status | Input | number | | sequence out | Output | sequence |

return-status

Sends a response with only an HTTP status code and no body. Useful for endpoints that just need to acknowledge receipt.

| Pin | Direction | Type | |-----|-----------|------| | sequence in | Input | sequence | | status | Input | number | | sequence out | Output | sequence |

return-website

Returns a full website/page response. Use this node when serving complete web pages built with web component nodes.

| Pin | Direction | Type | |-----|-----------|------| | sequence in | Input | sequence | | content | Input | any | | sequence out | Output | sequence |

Authentication and Security

check-api-key

Validates an API key from the incoming request against configured keys. Use this to protect routes that require API key authentication.

| Pin | Direction | Type | |-----|-----------|------| | sequence in | Input | sequence | | valid | Output | boolean | | sequence out | Output | sequence |

rate-limit

Applies rate limiting to the route. Tracks request counts and rejects requests that exceed the configured limit within the time window.

| Pin | Direction | Type | |-----|-----------|------| | sequence in | Input | sequence | | allowed | Output | boolean | | sequence out | Output | sequence |

Configure the rate limit threshold and time window in the node's settings panel. Common configurations include 100 requests per minute for public APIs or 10 requests per minute for sensitive operations.

check-origin

Validates the request origin against a list of allowed origins. Use this to restrict which domains can call your API.

| Pin | Direction | Type | |-----|-----------|------| | sequence in | Input | sequence | | allowed | Output | boolean | | origin | Output | string | | sequence out | Output | sequence |

Making External Requests

http-request

Makes an outbound HTTP request to an external URL. Use this to call third-party APIs, webhooks, or other services from within your route.

| Pin | Direction | Type | |-----|-----------|------| | sequence in | Input | sequence | | url | Input | string | | method | Input | enum | | headers | Input | object:HttpHeader:array | | body | Input | object | | timeout | Input | number | | response | Output | object | | status | Output | number | | statusText | Output | string | | error | Output | string | | on fail | Output | sequence | | sequence out | Output | sequence |

The response output contains the parsed response body. If the external API returns JSON, it is automatically parsed into an object.

The On Fail sequence output fires exclusively when the request cannot be completed at all -- for example, a network timeout, DNS failure, or missing URL. HTTP error responses (4xx, 5xx) still route through the normal sequence out so you can inspect the status and response outputs.

Headers are entered as a structured array with a name and value field per entry. Use the {SECRET_NAME} syntax in value fields to inject secrets from your workspace settings without hardcoding credentials.