Skip to main content

Celonis Product Documentation

HTTP2 (Action Flow)

The HTTP2 app is an extension of the HTTP app. It allows you to make an OAuth 2.0 request with flow type Client Credentials. To make an OAuth 2.0 request with flow type Authorization Code or Implicit, use the HTTP app.

Make an OAuth 2.0 request

In order to make HTTP(S) requests that require an OAuth 2.0 authorization, you need to create an OAuth connection first.

Create an OAuth 2.0 Connection
  1. Create an OAuth client in the target service with which you want Celonis platform to communicate. This option is most likely to be found in the Developer section of the given service.

    1. Once you have created the client in the 3rd party service, the given service will display two keys:

      1. Client ID

      2. Client Secret


        Some services call these App Key and App Secret.

    2. Make sure you save these keys. You will be asked to provide them when creating the connection in Celonis platform.

  2. Find the Token URI in the API documentation of the given service. This is the URL address through which Celonis platform communicates with the target service. This address serves for OAuth authorization.

    • Here's an exampleof Yahoo addresses:

      • Token URI:

  3. In Celonis platform, click the Add button to create an OAuth 2.0 connection.

  4. Fill in:


Click the Add button to create an OAuth 2.0 connection.

Connection name

Enter the name of the connection.

Flow type

Select the flow for obtaining tokens.

Client Credentials

Enter Token URI you have retrieved from the service's API documentation.


Add the API scopes for your connection. Check the service API documentation for the list of API scopes.

Scope separator

Select the separator for the list of scopes you entered above. Check the service API documentation for the format of the list of scopes.

If the separator is not set correctly, Celonis platform will be unable to create the connection, and you will receive an invalid scope error.

Client ID

Enter the Client ID. You get the Client ID when you create an OAuth client in the service.

Client Secret

Enter the Client Secret. You get the Client Secret when you create an OAuth client in the service.

Access token parameters

Enter additional access token request parameters as key-value pairs.

Standard parameters:

  • grant_type: authorization_code

  • redirect_uri:

  • client_id: The Client ID you entered when creating an account.

  • client_secret: The Client Secret you entered when creating the account.

  • code: The code returned by the authorization request.

Custom Headers

Specify any custom headers to send in the request.

Token placement

Select whether to send the token in the header, query string, or both.

Header token name

Enter the name of the authorization token in the header. Default: Bearer.

Query string parameter name

Enter the name of the authorization token in the query string. Default: access_token.


Enter a URL you want to send the request to, e.g., API endpoint, website, etc.


Select the HTTP method you want to use:

  • GET - to retrieve information for an entry.

  • POST - to create a new entry.

  • PUT - to update/replace an existing entry.

  • PATCH - to make a partial entry update.

  • DELETE - to delete an entry.


Enter the desired request headers. For example, an authorization.

By default, the request does not contain the Accept header. If an unexpected response is returned, try adding the Accept: */* header.


Query String

Enter the desired query key-value pairs.

Body type

HTTP Body is the data bytes transmitted in an HTTP transaction message immediately following the headers if there are any to be used.


The Raw body type is generally suitable for most HTTP body requests, even in situations where developer documentation does not specify data to send.

Specify a form of parsing the data in the Content type field.


Despite the content type selected, data is entered in any format that is stipulated or required by the developer documentation.


This body type is to POST data using application/x-www-form-urlencoded.


For application/x-www-form-urlencoded, the body of the HTTP message sent to the server is essentially one query string. The keys and values are encoded in key-value pairs separated by & and with a = between the key and the value. Not suitable to use with binary data (use multipart/form-data instead).

Example of the resulting HTTP request format:



Multipart/form-data is an HTTP multipart request used to send files and data. It is commonly used to upload files to the server.


Add fields to be sent in the request. Each field must contain Key-Value pair.


Enter the key and value to be sent within the request body.


Enter the key and specify the source file you want to send in the request body.

Map the file you want to upload from the previous module (e.g., HTTP > Get a File or Google Drive > Download a File), or enter the file name and file data manually.


Specify the request timeout in seconds (1-300). Default: 40 seconds.

Self-signed certificate

Upload your certificate if you want to use TLS using your self-signed certificate..

Reject connections that use unverified (self-signed) certificates

Enable this option to reject connections that use unverified TLS certificates.

Follow redirect

Follows the URL redirections with 3xx responses.

Follow all redirect

Follows the URL redirections with all response codes.

Request compressed content

Enable this option to request a compressed version of the website. Adds an Accept-Encoding header to request compressed content.