http_client
Sends messages to a HTTP server.
-
Common
-
Advanced
outputs:
label: ""
http_client:
url: "" # No default (required)
verb: POST
headers: {}
rate_limit: "" # No default (optional)
timeout: 5s
max_in_flight: 64
batching:
count: 0
byte_size: 0
period: ""
check: ""
processors: [] # No default (optional)# All configuration fields, showing default values
output:
label: ""
http_client:
url: "" # No default (required)
verb: POST
headers: {}
metadata:
include_prefixes: []
include_patterns: []
dump_request_log_level: "" # Optional
oauth:
enabled: false
consumer_key: "" # Optional
consumer_secret: "" # Optional
access_token: "" # Optional
access_token_secret: "" # Optional
oauth2:
enabled: false
client_key: "" # Optional
client_secret: "" # Optional
token_url: "" # Optional
scopes: []
endpoint_params: {}
basic_auth:
enabled: false
username: "" # Optional
password: "" # Optional
jwt:
enabled: false
private_key_file: "" # Optional
signing_method: "" # Optional
claims: {}
headers: {}
tls:
enabled: false
skip_cert_verify: false
enable_renegotiation: false
root_cas: ""
root_cas_file: ""
client_certs: []
rate_limit: "" # No default (optional)
timeout: 5s
retry_period: 1s
max_retry_backoff: 300s
retries: 3
backoff_on:
- 429
drop_on: []
successful_on: []
proxy_url: "" # No default (optional)
batch_as_multipart: false
max_in_flight: 64
batching:
count: 0
byte_size: 0
period: "" # Optional
check: "" # Optional
processors: [] # No default (optional)
multipart: []Message sends
The body of the request sent to the HTTP server is the raw contents of the message payload. If the message has multiple parts (is a batch), the request is sent according to RFC1341. To disable this behavior, set the batch_as_multipart field to false.
When message retries are exhausted, this output rejects a message. Typically, a pipeline then continues attempts to send the message until it succeeds, whilst applying back pressure.
Dynamic URL and header settings
You can set the url and headers values dynamically using function interpolations.
Performance
For improved performance, this output sends:
-
Multiple messages in parallel. Adjust the
max_in_flightfield value to tune the maximum number of in-flight messages (or message batches). -
Messages as batches. You can configure batches at both input and output level. For more information, see Message Batching.
Fields
backoff_on[]
A list of status codes that indicate a request failure and trigger retries with an increasing backoff period between attempts.
Type: int
Default:
- 429basic_auth.password
A password to authenticate with.
|
This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration. |
Type: string
Default: ""
batch_as_multipart
When set to true, sends all message in a batch as a single request using RFC1341.
When set to false, sends messages in a batch as individual requests.
Type: bool
Default: false
batching
Allows you to configure a batching policy.
Type: object
# Examples:
batching:
byte_size: 5000
count: 0
period: 1s
# ---
batching:
count: 10
period: 1s
# ---
batching:
check: this.contains("END BATCH")
count: 0
period: 1mbatching.byte_size
The number of bytes at which the batch is flushed. Set to 0 to disable size-based batching.
Type: int
Default: 0
batching.check
A Bloblang query that should return a boolean value indicating whether a message should end a batch.
Type: string
Default: ""
# Examples:
check: this.type == "end_of_transaction"batching.count
The number of messages after which the batch is flushed. Set to 0 to disable count-based batching.
Type: int
Default: 0
batching.period
The period of time after which an incomplete batch is flushed regardless of its size. This field accepts Go duration format strings such as 100ms, 1s, or 5s.
Type: string
Default: ""
# Examples:
period: 1s
# ---
period: 1m
# ---
period: 500msbatching.processors[]
A list of processors to apply to a batch as it is flushed. This allows you to aggregate and archive the batch however you see fit. All resulting messages are flushed as a single batch, and therefore splitting the batch into smaller batches using these processors is a no-op.
Type: processor
# Examples:
processors:
- archive:
format: concatenate
# ---
processors:
- archive:
format: lines
# ---
processors:
- archive:
format: json_arraydrop_on[]
A list of status codes that indicate a request failure where the input should not attempt retries. This helps avoid unnecessary retries for requests that are unlikely to succeed.
| In these cases, the request is dropped, but the message that triggered the request is retained. |
Type: int
Default: []
dump_request_log_level
EXPERIMENTAL: Set the logging level for the request and response payloads of each HTTP request.
Type: string
Default: ""
Options: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, ``
follow_redirects
Whether or not to transparently follow redirects, i.e. responses with 300-399 status codes. If disabled, the response message will contain the body, status, and headers from the redirect response and the processor will not make a request to the URL set in the Location header of the response.
Type: bool
Default: true
headers
A map of headers to add to the request. This field supports interpolation functions.
Type: string
Default: {}
# Examples:
headers:
Content-Type: application/octet-stream
traceparent: ${! tracing_span().traceparent }jwt
Beta
Configure JSON Web Token (JWT) authentication. This feature is in beta and may change in future releases. JWT tokens provide secure, stateless authentication between services.
Type: object
jwt.headers
Additional key-value pairs to include in the JWT header (optional). These headers provide extra metadata for JWT processing.
Type: object
Default: {}
jwt.private_key_file
Path to a file containing the PEM-encoded private key using PKCS#1 or PKCS#8 format. The private key must be compatible with the algorithm specified in the signing_method field.
Type: string
Default: ""
jwt.signing_method
The cryptographic algorithm used to sign the JWT token. Supported algorithms include RS256, RS384, RS512, and EdDSA. This algorithm must be compatible with the private key specified in the private_key_file field.
Type: string
Default: ""
max_in_flight
The maximum number of messages to have in flight at a given time. Increase this to improve throughput.
Type: int
Default: 64
metadata
Specify matching rules that determine which metadata keys to add to the HTTP request as headers (optional).
Type: object
metadata.include_patterns[]
Provide a list of explicit metadata key regular expression (re2) patterns to match against.
Type: array
Default: []
# Examples:
include_patterns:
- .*
# ---
include_patterns:
- _timestamp_unix$metadata.include_prefixes[]
Provide a list of explicit metadata key prefixes to match against.
Type: array
Default: []
# Examples:
include_prefixes:
- foo_
- bar_
# ---
include_prefixes:
- kafka_
# ---
include_prefixes:
- content-multipart[]
EXPERIMENTAL: Create explicit multipart HTTP requests by specifying an array of parts to add to a request. Each part consists of content headers and a data field, which can be populated dynamically.
If populated, this field overrides the default request creation behavior.
Type: object
Default: []
multipart[].body
The body of the individual message part.
This field supports interpolation functions.
Type: string
Default: ""
# Examples:
body: ${! this.data.part1 }multipart[].content_disposition
The content disposition of the individual message part.
This field supports interpolation functions.
Type: string
Default: ""
# Examples:
content_disposition: form-data; name="bin"; filename='${! @AttachmentName }multipart[].content_type
The content type of the individual message part.
This field supports interpolation functions.
Type: string
Default: ""
# Examples:
content_type: application/binoauth.access_token
The value used to gain access to the protected resources on behalf of the user.
Type: string
Default: ""
oauth.access_token_secret
The secret that establishes ownership of the oauth.access_token in OAuth 1.0 authentication.
|
This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration. |
Type: string
Default: ""
oauth.consumer_key
A value used to identify the client to the service provider.
Type: string
Default: ""
oauth.consumer_secret
The secret that establishes ownership of the consumer key in OAuth 1.0 authentication.
|
This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration. |
Type: string
Default: ""
oauth2
Allows you to specify open authentication using OAuth version 2 and the client credentials token flow.
Type: object
oauth2.client_key
A value used to identify the client to the token provider.
Type: string
Default: ""
oauth2.client_secret
The secret used to establish ownership of the client key.
|
This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration. |
Type: string
Default: ""
oauth2.endpoint_params
A list of endpoint parameters specified as arrays of strings (optional).
Type: object
Default: {}
# Examples:
endpoint_params:
bar:
- woof
foo:
- meow
- quackretry_period
The initial period to wait between failed requests before retrying.
Type: string
Default: 1s
successful_on[]
A list of HTTP status codes that should be considered as successful, even if they are not 2XX codes. This is useful for handling cases where non-2XX codes indicate that the request was processed successfully, such as 303 See Other or 409 Conflict.
By default, all 2XX codes are considered successful unless they are specified in backoff_on or drop_on fields.
Type: int
Default: []
tls
Configure Transport Layer Security (TLS) settings to secure network connections. This includes options for standard TLS as well as mutual TLS (mTLS) authentication where both client and server authenticate each other using certificates. Key configuration options include enabled to enable TLS, client_certs for mTLS authentication, root_cas/root_cas_file for custom certificate authorities, and skip_cert_verify for development environments.
Type: object
tls.client_certs[]
A list of client certificates for mutual TLS (mTLS) authentication. Configure this field to enable mTLS, authenticating the client to the server with these certificates.
You must set tls.enabled: true for the client certificates to take effect.
Certificate pairing rules: For each certificate item, provide either:
-
Inline PEM data using both
certandkeyor -
File paths using both
cert_fileandkey_file.
Mixing inline and file-based values within the same item is not supported.
Type: object
Default: []
# Examples:
client_certs:
- cert: foo
key: bar
# ---
client_certs:
- cert_file: ./example.pem
key_file: ./example.keytls.client_certs[].key
A plain text certificate key to use.
|
This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration. |
Type: string
Default: ""
tls.client_certs[].password
A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete pbeWithMD5AndDES-CBC algorithm is not supported for the PKCS#8 format.
Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.
|
This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration. |
Type: string
Default: ""
# Examples:
password: foo
# ---
password: ${KEY_PASSWORD}tls.enable_renegotiation
Whether to allow the remote server to repeatedly request renegotiation. Enable this option if you’re seeing the error message local error: tls: no renegotiation.
Type: bool
Default: false
tls.root_cas
Specify a root certificate authority to use (optional). This is a string that represents a certificate chain from the parent-trusted root certificate, through possible intermediate signing certificates, to the host certificate. Use either this field for inline certificate data or root_cas_file for file-based certificate loading.
|
This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration. |
Type: string
Default: ""
# Examples:
root_cas: |-
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----tls.root_cas_file
Specify the path to a root certificate authority file (optional). This is a file, often with a .pem extension, which contains a certificate chain from the parent-trusted root certificate, through possible intermediate signing certificates, to the host certificate. Use either this field for file-based certificate loading or root_cas for inline certificate data.
Type: string
Default: ""
# Examples:
root_cas_file: ./root_cas.pemtls.skip_cert_verify
Whether to skip server-side certificate verification. Set to true only for testing environments as this reduces security by disabling certificate validation. When using self-signed certificates or in development, this may be necessary, but should never be used in production. Consider using root_cas or root_cas_file to specify trusted certificates instead of disabling verification entirely.
Type: bool
Default: false
