Skip to main content

Celonis Product Documentation

HTTP2 (Action Flows)

The HTTP2 app is an extension of the HTTP app. It allows you to make an OAuth 2.0 request with flow type Client Credentials. To make an OAuth 2.0 request with flow type Authorization Code or Implicit, use the HTTP app.

Make an OAuth 2.0 request

In order to make an HTTP(S) request to servers that require an OAuth 2.0 authorization, you need to create an OAuth connection first.

Creating a Connection
  1. Create an OAuth client in the target service with which you want Execution Management System to communicate. This option is most likely to be found in the Developer section of the given service.

    1. Once you have created the client in the 3rd party service, the given service will display two keys:

      1. Client ID

      2. Client Secret


        Some services call these App Key and App Secret.

    2. Make sure you save these keys. You will be asked to provide them when creating the connection in Execution Management System.

  2. Find the Token URI in the API documentation of the given service. This is the URL address through which Execution Management System communicates with the target service. This address serves for OAuth authorization.

    • Here's an exampleof Yahoo addresses:

      • Token URI:

  3. If the target service uses scopes (access rights), check how the service separates individual scopes, and make sure you set the Scope separator in the connection advanced settings (see below) accordingly.

  4. Once you have completed the steps above, you can proceed with setting up the module:


Click the Add button to set up the OAuth 2.0 connection for the request.

Connection name

Enter the name of the connection.

Flow type

Select the flow for obtaining tokens.

Client Credentials

Enter Token URI you have retrieved from the service's API documentation.


Add the individual scopes you will need to use. You will find this information in the given service's developer (API) documentation.

Scope separator

Select what the scopes entered above should be separated by. You will find this information in the given service's developer (API) documentation.

If the separator is not set correctly, Execution Management System will be unable to create the connection, and you will receive an invalid scope error.

Client ID

Enter the Client ID. The Client ID is provided when you create an OAuth client in the service you want to connect.

Client Secret

Enter the Client Secret. The Client Secret is provided when you create an OAuth client in the service you want to connect.

Access token parameters

Enter the additional access token request parameters as a key-value pair.

Standard parameters:

  • grant_type: authorization_code

  • redirect_uri:

  • client_id: The Client ID you entered when creating the account

  • client_secret: The Client Secret you entered when creating the account

  • code: The code returned by the authorization request

Custom Headers

Specify the custom headers to be sent with the request, if needed.

Token placement

Select whether to send the token in the header, query string, or in both.

Header token name

Enter the name of the authorization token in the header. Default: Bearer.

Query string parameter name

Enter the name of the authorization token in the query string. Default: access_token.


Enter a URL you want to send the request to, e.g., API endpoint, website, etc.


Select the HTTP method you want to use:

  • GET - to retrieve information for an entry.

  • POST - to create a new entry.

  • PUT - to update/replace an existing entry.

  • PATCH - to make a partial entry update.

  • DELETE - to delete an entry.


Enter the desired request headers. For example, an authorization.

By default, the request does not contain the Accept header. If an unexpected response is returned, try adding the Accept: */* header.


Query String

Enter the desired query key-value pairs.

Body type

HTTP Body is the data bytes transmitted in an HTTP transaction message immediately following the headers if there are any to be used.


The Raw body type is generally suitable for most HTTP body requests, even in situations where developer documentation does not specify data to send.

Specify a form of parsing the data in the Content type field.


Despite the content type selected, data is entered in any format that is stipulated or required by the developer documentation.


This body type is to POST data using application/x-www-form-urlencoded.


For application/x-www-form-urlencoded, the body of the HTTP message sent to the server is essentially one query string. The keys and values are encoded in key-value pairs separated by & and with a = between the key and the value. Not suitable to use with binary data (use multipart/form-data instead).

Example of the resulting HTTP request format:



Multipart/form-data is an HTTP multipart request used to send files and data. It is commonly used to upload files to the server.


Add fields to be sent in the request. Each field must contain Key-Value pair.


Enter the key and value to be sent within the request body.


Enter the key and specify the source file you want to send in the request body.

Map the file you want to upload from the previous module (e.g., HTTP > Get a File or Google Drive > Download a File), or enter the file name and file data manually.


Specify the request timeout in seconds (1-300). Default: 40 seconds.

Self-signed certificate

Upload your certificate if you want to use TLS using your self-signed certificate. For more details about inserting the certificate, refer to the Certificates and Keys article.Certificates and keys

Reject connections that use unverified (self-signed) certificates

Enable this option to reject connections that use unverified TLS certificates.

Follow redirect

Follows the URL redirections with 3xx responses.

Follow all redirect

Follows the URL redirections with all response codes.

Request compressed content

Enable this option to request a compressed version of the website. Adds an Accept-Encoding header to request compressed content.