Through the Call HTTP Request tool, an Agent or Copilot can call external APIs, interact with third-party systems, and execute real business operations.
For example, you can use it to:
Retrieve data from external systems
Call APIs to write data
Send emails
Trigger third-party business processes
This article will guide you step by step according to the actual operation flow.
Step 1: Add the Tool
Enter the target Agent or Copilot, open the Tools page, click Add tool, and then select Call HTTP Request.
A dialog window for adding the tool will appear. You need to complete three basic settings first:
Select connection
Check connection type
Enter tool name
Select Connection
In the Select connection dropdown, choose an available connection in the current application.
The selected connection determines:
Which external system the tool will call
What authentication method will be used
For example:
If you select a normal HTTP API connection, the tool will directly call the API based on that configuration
If you select an OAuth 2.0 connection, the tool will call the API based on authorization
Connection Type
After selecting a connection, the connection type will be displayed automatically.
It is important to note:
The connection type is not manually selected here, but automatically determined by the connection you choose.
It is only for display in the add dialog and is a read-only field. It cannot be modified after entering the configuration page.
Currently supported connection types:
HTTP API
OAuth 2.0 API
If you need to change the type later, you must create a new tool and select the connection again.
Enter Name
Enter the tool name in the Name field.
The name does not need to be unique, but it is recommended to clearly describe the tool’s purpose for easier identification. For example:
Query customer information
Send email
Sync external orders
After entering the name, you can choose:
Add: save and return to the tool list
Add and configure: enter the detailed configuration page
If you want to complete the configuration in one go, it is recommended to select Add and configure.
Step 2: Enter Configuration Page
After entering the configuration page, the system will automatically load the connection information selected in the previous step.
The page is usually divided into several sections from top to bottom:
Details
Tool and Connection
Request
Inputs
Completion
Outputs
The following sections will be explained one by one in this order.
Step 3: Fill in Details
The Details section at the top of the page mainly includes:
Name
Description
The name is usually carried over from the previous page and can be modified if needed.
Name
The name is the display name of the tool in the current Agent or Copilot.
It is recommended to use business-oriented naming instead of purely technical naming. This is because this name not only helps administrators identify it, but also helps you more easily understand what each tool is used for in the future.
Description
The description is used to tell the system and future maintainers what this tool does and under what conditions it should be used.
Although this is not an API parameter, it is very important.
It is recommended to clearly write the following three points in the description:
What the tool does
Under what conditions it should be used
What inputs are required
Step 4: View Tool and Connection Information
In the Tool section, you will see that the current tool type is Call HTTP Request.
In the Connection section, you will see:
The currently bound connection name
Connection type
Connection status
This connection information is for display purposes only and is not used to reselect the connection on this page. That is to say, at this stage, the connection type has already been fixed.
Step 5: Understand Differences Between Connection Types
At this point, you need to first understand one thing:
The connection type you selected earlier will affect what settings appear on this page.
And this difference is not exactly the same between Agent and Copilot.
Case 1: Connection Type is HTTP API
If the connection type you selected earlier is HTTP API, then no additional authorization settings will usually appear on the configuration page.
This is because under HTTP API mode, the tool simply calls the API directly. It does not involve user login and does not involve “which user identity is used to execute”.
Whether in Agent or Copilot, the behavior is basically the same:
No on-demand authorization settings will appear
No user login is required
Whether authentication is needed depends on the API itself
If needed, authentication is usually passed through headers or the request body
This mode is more suitable for:
Calling internal APIs
Calling webhooks
Querying public or fixed-authentication APIs
Performing system-level data synchronization
Case 2: Connection Type is OAuth 2.0 API
If the connection type you selected earlier is OAuth 2.0 API, then additional authorization-related settings will appear on the page.
However, it should be noted that the behavior in Agent and Copilot is different.
In Agent
In Agent, OAuth 2.0 usually uses pre-configured authorization.
That is to say, this type of tool generally calls the API based on the authorization that has already been configured in the connection. The key point is whether the connection is currently available.
You will see that the connection type is OAuth 2.0 API, and the connection status is displayed, for example, Connected.
This mode is more oriented toward system execution rather than requiring end users to participate in authorization. Therefore, in Agent, it usually does not emphasize “user login before execution” like Copilot does.
This approach is more suitable for:
Background automatic processing
Accessing external systems with a fixed account
System-level API calls
In Copilot
In Copilot, if the connection type is OAuth 2.0 API, additional on-demand authorization settings will usually appear.
At this time, you will see an authorization method dropdown, which typically includes the following two options:
Use configured account
Ask user to sign in when used
These two options determine under whose identity the API is ultimately called.
Use Configured Account
After selecting this option, Copilot will directly use the account configured in the connection to call the API.
This is suitable for scenarios where unified system notifications are sent, shared resources are accessed, or there is no need to distinguish the current user’s identity.
Ask User to Sign In When Used
After selecting this option, the end user will be required to sign in and authorize with their own account the first time they use the tool.
If the user has not yet authorized, the system will prompt them to sign in at runtime.
This mode is suitable for:
Users sending emails themselves
Users accessing data they have permission to view
Scenarios where it is necessary to clearly record “who performed this action”
Therefore, the OAuth 2.0 mode in Copilot adds an extra layer of “user context” capability compared to Agent.
This is also the biggest difference between the two in terms of connection settings.
Step 6: Configure Request
After understanding the connection types, you can continue to configure the Request section.
This section defines how the API will be called.
Method
In the Method field, select the request method.
If your API is used to retrieve data, you should generally select GET.
If your API is used to submit data, you should generally select POST.
HTTP Address
In the HTTP address field, enter the API endpoint to be called.
Depending on the connection, you can enter either a full URL or a relative path.
For example:
/v1.0/me/sendMail
Which format to use depends on your connection configuration and the API requirements.
This field determines which API the tool will ultimately call, so accuracy is very important.
Default Headers
If your API requires headers, you can configure them here.
For example:
Content-Type
Authorization
Custom headers
If you are using an OAuth 2.0 connection, in many cases authentication will be handled automatically, and you do not need to manually provide the Authorization header.
If you are using an HTTP API connection, you may need to add authentication headers yourself.
Content Type
If the API requires a request body, a content type must usually be specified.
The most common one is JSON.
This setting determines how the system parses the request body you provide.
Body
When the method is POST, you usually need to define a request body.
The request body is typically in JSON format. You can either write fixed values or reference input parameters.
For example:
{
"keyword": "{{keyword}}",
"userId": "{{userId}}"
}Here, {{keyword}} and {{userId}} are not fixed values. They will be populated at runtime from Inputs.
So you can understand:
The Body defines the structure of the API request,
while Inputs define where the values come from.
Step 7: Configure Inputs
Next is the Inputs section.
This section is used to define:
What parameters are required when the tool runs, and how those parameters are filled.
Click Add input parameter to add parameters one by one.
Each input row includes:
Column | Description |
Input name | The variable name expected by the called agent |
Input type | The variable’s data type (Text, Number, Boolean, etc.) |
Fill using | AI-generated value or Custom value |
Value | Required only when using a Custom value |
Customize input values
When Fill using = Dynamically fill with AI, clicking Customize allows you to:
Edit the display name for the variable shown to AI
Add or modify the description to guide AI value generation
This helps the calling agent correctly construct parameters for the target agent.
Note:
To learn more about the Dynamically fill with AI and Custom value options, please refer to the following article: Usage and Differences Between “Dynamically fill with AI” and “Custom value” in AI Agent Tool Inputs
Step 8: Configure Completion
Next is the Completion section.
This section determines how the system handles the result after the tool execution is completed.
After Running
A common setting is Wait for response.
After selecting this option, the system will wait for the API to return a result before proceeding.
If the API response needs to be used by the Agent, this option should generally be selected.
Response Behavior
This setting determines whether the result should be directly shown to the user.
For example:
No response
If “No response” is selected, it means that although the API returns a result, the system will not directly display it to the user. Instead, the Agent will decide how to use the data internally.
Step 9: Configure Outputs
When “Wait for response” is selected, you can configure outputs.
Common outputs include:
Data
Status code
Where:
Data represents the response content returned by the API
Status code represents the HTTP status code
These outputs can be used by the current Agent or passed to other tools for further processing.
If you want to perform additional logic based on the API response, this step is important.
Step 10: Save and Test
After completing all the settings, click Save.
It is recommended to test the tool immediately and confirm:
The connection status is valid
The API endpoint is correct
Input parameter names match variables in the Body
The returned result is as expected
For Copilot OAuth 2.0 user login mode, confirm that user authorization is triggered correctly on first use
When to Use Which Mode
If you are a beginner, the most confusing part is usually choosing the connection type and usage scenario. You can understand it this way:
If you are calling a fixed API and do not need user identity, prioritize using HTTP API.
If the API requires account-based authorization, such as Outlook or Microsoft Graph, then use OAuth 2.0 API.
If you are using an Agent, it is more suitable for system-level, fixed authorization scenarios.
If you are using Copilot and want the end user to execute actions with their own identity, then you should choose OAuth 2.0 and select “Ask user to sign in when used”.
Summary
The configuration of the Call HTTP Request tool can be understood in three steps:
First, select the connection when adding the tool to determine the connection type.
Then, understand whether additional authorization settings will appear based on the connection type.
Finally, complete the configuration of request, inputs, and outputs.
For beginners, the two most important points to remember are:
First, the connection type is determined when the tool is created and cannot be changed in the configuration page.
Second, OAuth 2.0 behaves differently in Agent and Copilot, and Copilot supports user login for execution.
Once you understand these two key points, the configuration of Request, Inputs, and Outputs will become much clearer.