External API Request
What is an external API request?
The External API Request function is used to send requests to external APIs. You'll use this anytime you want to interact with a third party service, such as a payment platform or email provider.
Using the External API Request Function
Use the AI Assistant to help you build your API request
Or, build the request manually or with a cURL command
You can copy cURL commands from API documentation, and paste them using 
. Xano will build the request for you.
url
The URL of the API you're calling, such as:
https://api.service.com/send_message
method
The verb the API is designed to respond to, such as GET, POST, DELETE, etc...
params
Also known as "query parameters", these are options sent along with the request, such as searching and filtering options, or other data that the request needs to execute.
You may also see this referred to as request body.
Hover over the params value space and click set to add a new parameter.
headers
Any headers you need to send with the request, such as authentication.
Add headers by hovering over the value space and click push
timeout
How long Xano should allow the request to take before considering it timed out (failed)
follow_location
Determines if you wish to automatically follow the redirects (if there are any) in the API call.
An example of this would be an API that generates a file for you, then gives you a redirect to get that file.
Understanding API Documentation
Start by evaluating the four key sections that almost every API documentation has.
The Getting Started guide is your entry point - it typically covers the basics of authentication, shows a simple example request, and helps you make your first API call successfully.
The Authentication section explains how to get your API keys and how to include them in your requests. This is crucial since you'll need this working before you can try anything else.
The API Reference details every possible endpoint and operation. Don't try to read this cover-to-cover. Instead, find the specific endpoint that matches what you're trying to do, then study its parameters, required headers, and example responses.
The Examples/Tutorials section often has complete code snippets showing common use cases. These are invaluable for seeing how different API calls work together to accomplish a task.
Finding the endpoint(s) you need
When you find the endpoint you need, focus on three things:
What URL you'll be calling
What parameters or data you need to send
What the response will look like
Most API documentation also includes cURL commands, which you can copy and paste right into Xano by clicking on the External API Request function panel. This is the optimal way to create external API request in Xano, as it ensures consistency with what the API requires and is much faster.
Multipart (File) Support
Xano has support for sending images through the external API request function. You can send a file resource - either as an input or variable - through the parameters section of the external API request as a key-value pair or as the entire parameter (depending on what the specific API requires).
Security Settings
Host Verification
When an API request is sent to a secure server (you'll know if it's a secure request if the URL starts with https — most requests will), the domain's secure connection is verified using a certificate. Enabling host verification checks the certificate to make sure that it matches the domain you're sending the request to.
This value can be true or false
Recommended Setting: true
You might want to set Host Verification to 'false' in a few specific scenarios:
Development and Testing Environments: When working with development servers that use self-signed certificates or have hostnames that don't match their certificates
Internal Services with Misconfigured Certificates: In corporate environments where internal services may have certificates that don't exactly match the hostnames used to access them, especially in legacy systems.
Troubleshooting SSL Issues: To isolate whether hostname verification is causing connection problems when debugging API connectivity issues.
Peer Verification
Secure certificates are usually issued by certain trusted authorities, such as LetsEncrypt. Peer Verification enables checking whether or not the certificate is issued by one of these known trusted authorities, validating its authenticity.
This value can be true or false
Recommended Setting: true
You might want to set this to false if the server you're sending the request to falls under one of the scenarios outlined above under Host Verification.
SSL Authentication
This is a set of additional options you can use to validate the security of the request being made. The provider of the service you're calling should be able to provide these for you, if necessary.
certificate: The content of the client certificate file. Usually, you'd be provided with a .crt or a .pem file — just open it up in your text editor of choice and paste the contents here.certificate_pass: Password for the certificate if it's password-protectedprivate_key: The contents of the private key file. Usually, you'd be provided with a .pem file for this — just open it up in your text editor of choice and paste the contents here.private_key_pass: Password for the private key if it's password-protected
CA Certificate
Custom CA certificates allow you to specify your own trusted Certificate Authority for peer verification. This is an advanced option that is useful when connecting to servers that use certificates signed by private or internal CAs — as in, a CA that is not listed as a known trusted authority.
A custom certificate is usually provided as a file that you'd just open up in a text editor and paste here. It will look something like this:
-----BEGIN CERTIFICATE-----
MIIDITCCAgmgAwIBAgIUJqrGM2rS34H8YryJJLAMarvab8AwDQYJKoZIhvcNAQEL
BQAwIDEeMBwGA1UEAwwVbXlDdXN0b21DZXJ0aWZpY2F0ZUNKX...
-----END CERTIFICATE-----Last updated
Was this helpful?