Skip to main content
Version: 1.27 (Current)

Server Request Action

Audience: Citizen Developer

Skill Prerequisites: HTTP Protocol REST APIs JSON XML

The Server Request action provides an advanced way to send HTTP requests from your Plant an App applications. This low-level action enables all types of HTTP(S) requests, including support for advanced security, cookies, proxy usage, and file uploads.

In version 1.26, this action is known as Server Request (Experimental). In later versions, it is known simply as Server Request.

When to Use

Typical Use Cases

  • Integrate with external systems and APIs (for example: CRM, payment gateways)
  • Call REST, SOAP, or custom HTTP endpoints
  • Submit forms or upload files to remote servers
  • Fetch public or private web pages, sitemaps, or feeds
  • Use mutual SSL authentication for secure B2B connections

Don’t Use For

  • Reading local server files directly (use file actions for that)
  • Calling APIs provided by the same Plant an App system – use "Call Local API" instead
Action NameDescription
Parse JSONExtract tokens from JSON returned by Server Request or any source.
RegexExtract or validate data using regular expressions.
Execute Actions AsyncRun actions (such as Server Request) in a background thread.
Load Entities from JSONParse an array from JSON (e.g., API response) for further use.

Input Parameters Reference

ParameterDescriptionSupports TokensDefaultRequired
URLThe address where to send the request. Can be an absolute or relative URL.Yes(none)Yes
URL Token EncodingDetermines how tokens in the URL are replaced. - URL Encoding: recommended default to safely escape reserved chars. - No Encoding: literal.NoUrl EncodingNo
Enforce SSLIf checked, forces request to use HTTPS even if the URL is plain HTTP.No(off)No
CertificateThumbprint of a client certificate (from Windows Local Machine certificate store) for mutual SSL authentication.No(none)No (Enterprise only)
HTTP MethodOne of: GET, POST, PUT, PATCH, DELETE, HEAD. Determines how data is sent.NoGETYes
TimeoutHow many seconds to wait for a response before stopping.Yes100No
DataFor POST, PUT, and PATCH: data to send. Format depends on Content-Type. For GET: options for key=value lines appended as params.Yes(none)No
Do Not Escape TokensBy default, tokens are XML-escaped. Enable this only for raw XML payloads (when Content-Type is xml/soap).No(off)No
FilesList of form-data files by key and file identifier (file ID or path). Used for file upload in form data.Yes (both name and value)(none)No
File IdentifiersComma-separated list of files to upload; key is computed from file name. Combines with Files above.Yes(none)No
Disable Referer HeaderBy default the referer (current URL) is sent; disable this if the server rejects such headers.No(off)No
HeadersAdditional HTTP headers to send. Typically used for Authorization, Content-Type, custom headers, etc.Yes(none)No
Use DNN Proxy SettingsEnable to use DNN’s system-wide proxy configuration when sending this request.No(off)No
Add Current CookiesIf enabled, sends the current user's cookies with the request. Useful for authentication.No(off)No
Ignore ErrorsIf enabled, errors during the request do not stop execution. ‘On Error’ events will still trigger.No(off)No
On ErrorActions to run if this action fails. Access the error using [<OutputTokenName>:ErrorResponse] and [<OutputTokenName>:ErrorCode] tokens.(n/a)(none)No
Cookie ContainerName for a cookie container to store/reuse cookies between Server Requests.No(none)No
Output Token NameVariable to store the raw response content for later use (e.g. [MyResponse]).No(none)No
Output HeadersList of output tokens to retrieve specific headers. Each item is: header name → output token.Yes (token name)(none)No

Parameter Explanations

Certificate (Enterprise Only)

  • Supply the thumbprint of a client certificate (from Windows Local Machine certificate store).
  • This allows for mutual SSL authentication (where the server requires proof of client identity).
  • Steps:
    1. Install a certificate (issued by your partner or trusted CA) on your server’s Local Machine store.
    2. Get the thumbprint from the certificate details (no spaces), and paste here.
    3. The Server Request action will pick up and send this certificate when calling the external API.
  • If the certificate is not present or accessible, the action fails and logs an error.

Files and File Identifiers

  • These parameters enable file uploads via multipart/form-data.
  • Use for submitting files to APIs or external servers.
  • Files: explicit mapping of form key (field name) → file identifier (ID or path).
  • File Identifiers: comma-separated list; each file sent with its filename as the form key.
  • You can use both in combination; explicit Files take precedence where keys overlap.

Output Headers

  • Create tokens for response headers, for further use in subsequent actions.
  • If a header is present multiple times, you may use [MyToken:Json] for a JSON array or [MyToken:Csv] for CSV.

Output Parameters Reference

OutputDescription
Output Token NameThe token holding the raw response body. Access as [YourToken].
Cookie ContainerStores cookies so they can be reused on a subsequent Server Request.
Output HeadersNamed output tokens for response headers (supports mapping headers to token names).

Events Reference

Event NameDescription
On ErrorIf the request fails, trigger these actions.

Examples

1. Simple GET Request with Output Token

Fetch employee data and save it for further use.

{
"URL": "http://dummy.restapiexample.com/api/v1/employees",
"HttpMethod": "GET",
"OutputTokenName": "Employees"
}

You can access the API response using [Employees].

2. POST a JSON Object (with Auth Header)

Submit a new record using JSON payload and API key.

{
"URL": "https://api.example.com/objects",
"HttpMethod": "POST",
"Headers": [
{
"Name": "Content-Type",
"Value": "application/json"
},
{
"Name": "Authorization",
"Value": "Bearer [APIKey]"
}
],
"Data": "{ \"name\": \"[FirstName]\", \"age\": \"[Age]\" }",
"OutputTokenName": "ApiResponse"
}

3. Upload Files (Multipart Form Data)

Upload selected files to a server.

{
"URL": "https://example.com/api/upload",
"HttpMethod": "POST",
"Files": [
{ "Key": "document", "Value": "[UploadedFileId]" }
],
"Data": "description=Sales agreement",
"OutputTokenName": "UploadResponse"
}

4. Request With Client Certificate (Mutual SSL)

Secure B2B call using a client certificate.

{
"URL": "https://secure.partner.com/api/data",
"HttpMethod": "POST",
"Certificate": "4EC9725E9F0D361A193EDB02AA914360A7BB30D9",
"Headers": [
{ "Name": "Content-Type", "Value": "application/json" }
],
"Data": "{ \"payload\": \"important data\" }",
"OutputTokenName": "PartnerApiResult"
}

Using the Certificate Parameter for Mutual SSL Authentication

Some APIs and partner systems require that your server proves its identity by providing a client certificate as part of the HTTPS request. This is known as Mutual SSL/TLS Authentication. The Certificate parameter enables this in the Server Request action.

What does the Certificate Parameter Do?

When you fill in the Certificate parameter:

  • The Server Request action will locate the certificate with the specified thumbprint in your Windows Certificate Store (\Local Machine).
  • That certificate is attached to the outgoing HTTPS request, enabling mutual authentication.
  • The server can validate your application’s identity using that certificate.

Steps to Use a Client Certificate

1. Obtain or Create a Client Certificate

  • You may receive a certificate from your external API provider or generate one yourself, depending on the API’s requirements.
  • The certificate must be trusted by the remote server you’re calling.
  • The certificate should be imported (with private key) to the Local Machine certificate store of the server hosting Plant an App/DNN.

2. Install the Certificate on Your Server

  • Open Windows’ Certificate Manager:
    • Press Win + R, type certlm.msc, press Enter.
  • Import the certificate (usually a .pfx or .crt with private key) into “Personal > Certificates” or another appropriate location under Local Machine.
  • Confirm the certificate is visible and correctly installed.

3. Find the Thumbprint

  • In certlm.msc, locate your certificate.
  • Double-click to open it.
  • Go to the Details tab and scroll to the Thumbprint field.
  • Copy the thumbprint (it’s a long hexadecimal string - you may need to paste in Notepad to remove spaces or invisible characters).
  • Result example: 4EC9725E9F0D361A193EDB02AA914360A7BB30D9 (case-insensitive, no spaces).

4. Set up the Server Request Action

  • Paste the thumbprint in the Certificate field of your action.
  • Fill other required parameters (URL, method, etc).
  • Save the action.

5. (If Needed) Check Application Pool/User Permissions

  • Ensure your web application (IIS AppPool) has permission to access the certificate.
  • If you get access/permissions errors, you may need to set correct permissions for the certificate’s private key.

6. Test the Integration

  • Trigger the action (via a workflow, form submission, or manually).
  • If the certificate is found and correct, the request should authenticate successfully.
  • On failure, errors such as “Certificate with thumbprint ... could not be found” or access permission problems will be logged.

Troubleshooting

  • Thumbprint not found?
    Double-check there are no spaces or invisible characters, the certificate is in the Local Machine store, and the thumbprint is correct.
  • Permission denied?
    Make sure the application pool identity running DNN/Plant an App has permissions to use the certificate’s private key.
  • Request rejected by API?
    Ensure the remote server is configured to trust your certificate for mutual SSL, and that you’re using the right certificate.

Security Considerations

  • Keep client certificates secure and never publicly share or email them.
  • Only install certificates required for your application’s integrations.
  • Regularly review and audit certificate usage on your infrastructure.

Example – Using Certificate Parameter

{
"URL": "https://secure.partner.com/api/data",
"HttpMethod": "POST",
"Certificate": "4EC9725E9F0D361A193EDB02AA914360A7BB30D9",
"Headers": [
{ "Name": "Content-Type", "Value": "application/json" }
],
"Data": "{ \"payload\": \"secure info\" }"
}