> ## Documentation Index
> Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Webhook API Call

> Send HTTP requests to external APIs and webhook endpoints.

Actions do the actual work in a workflow: API calls, transformations, notifications, flow control, and integrations. Use this action when your workflow needs to perform an operation, call an external service, or transform data for downstream nodes.

## When To Use

* Push event data to third-party webhook endpoints.
* Read or update records in external REST APIs.
* Trigger downstream automations in other platforms.

## Configuration Checklist

1. Select HTTP method: `GET`, `POST`, `PUT`, `PATCH`, or `DELETE`.
2. Enter a full HTTPS URL (variables supported).
3. Add required headers (static text, workflow variables, or `vlt_...` vault references).
4. For `POST`, `PUT`, or `PATCH`, define a valid JSON request body.
5. Add error handling branches for non-2xx responses and timeouts.

## Field Behavior

* **Method:** Controls request type and whether the body editor is shown.
* **Webhook URL:** Must be a full HTTPS endpoint.
* **Headers:** Dynamic key/value list. Add or remove headers as needed.
* **Request Body (JSON):** Available only for `POST`, `PUT`, and `PATCH`.
* **Body Reset Rule:** If method changes to `GET` or `DELETE`, body is cleared.

## Inputs

* Required `node.data` metadata: `uiId`, `componentId`, and `operation` (for actions that define an operation).
* Action-specific configuration fields from the node editor (`method`, `url`, `headers`, `body`).
* Upstream context values from triggers or previous nodes (for example `trigger.*` or prior action outputs).

## Outputs

* Adds HTTP response data to the workflow context for downstream nodes.
* Can produce external side effects in third-party systems.
* Can emit data used by downstream conditions and actions.

## Failure Modes

* Invalid or non-HTTPS URL.
* Missing/invalid authentication headers.
* External API failures (4xx/5xx responses, DNS/TLS issues, timeouts, rate limits).
* Invalid JSON body for write methods (`POST`, `PUT`, `PATCH`).

## Best Practices

* Store secrets in Vault and reference them via `vlt_...` in headers.
* Keep payloads minimal and validate required fields before sending.
* Use idempotency keys for retry-safe write operations where supported.
* Treat `DELETE` calls as high-risk and add explicit approval logic upstream.