ONLINE HELP
 WINDEVWEBDEV AND WINDEV MOBILE
This content has been translated automatically.  Click here  to view the French version.
Help / WLanguage / WLanguage functions / Communication / HTTP functions
  • Security error in a secure transaction
  • Retrieving the result
  • Accessing a password-protected URL
  • Using a proxy
  • Authentication headers
WINDEV
WindowsLinuxJavaReports and QueriesUser code (UMC)
WEBDEV
WindowsLinuxPHPWEBDEV - Browser code
WINDEV Mobile
AndroidAndroid Widget iPhone/iPadIOS WidgetApple WatchMac Catalyst
Others
Stored procedures
Warning
From version 28, this function is kept for compatibility only (especially for PHP programming). It is recommended to use a variable of type httpRequest with the HTTPSend function.
Starts an HTTP request on a server. The result of the query (buffer) can be:
Remarks:
  • Two types of requests are supported: POST and GET. The GET requests are automatic. If the "Message to send" is not specified, it is a GET request (see the syntax). To manage forms, it is recommend to use form-specific functions (HTTPCreateForm, HTTPSendForm, etc.).
Example
// Récupération du code HTML de la page Web "www.pcsoft.com"
ResLancement = HTTPRequest("http://www.pcsoft.fr")
// Récupération d'une page HTML utilisant une URL protégée
ResLancement = HTTPRequest("http://www.pcsoft.fr", ...
	"", "", "", "", "Julie", "MotDePasse")
Syntax
<Result> = HTTPRequest(<URL to contact> [, <User agent> [, <Additional HTTP header> [, <Message to send> [, <Message type> [, <Username> [, <Password>]]]]]])
<Result>: Boolean
  • True if the request was started,
  • False if an error occurs. To get more details on the error, use ErrorInfo with the errMessage constant.
    The result of the request can be saved in a backup file by HTTPDestination or it can be retrieved by HTTPGetResult.
<URL to contact>: Character string
Address of server to contact (URL address). This parameter can contain:
  • the port number for connecting to the server. The default value is 80 (corresponds to a server of Web pages). To specify a port number, use the format: "<Server URL>:<Port number>". For example: "http://www.pcsoft.fr:80".
  • additional parameters. These parameters can be used to perform a search or to fill a form. For example, to search for "pcsoft" on "http://www.google.fr", the URL to contact would be: "http://www.google.fr/search?q=pcsoft".
Remarks:
  • To specify both the port number and additional parameters, use the format: "<Server URL>:<Port Number>/<Additional Parameters>".
  • To perform a secure transaction, the URL must start with "https://". In this case, the management mode of requests is always performed by Internet Explorer (for more details, see HTTPConfigure).
<User agent>: Optional character string
Identifies the client. The application name is returned by default.
The content of the response may depend on the user agent (for example, a request performed from a mobile device and a request performed from a PC browser require different pages). In this case, for more details, see the documentation of user agent.
<Additional HTTP header>: Optional character string
  • Additional HTTP header that will be added to the HTTP message,
  • Empty string ("") if no HTTP header must be added.
<Message to send>: Optional character string
HTTP message that will be sent to the server. This parameter can be specified only for a request for sending messages (POST request). The message to send must comply with the HTTP protocol used. If this parameter is specified and if it is not empty, it is a POST request; otherwise, it is a GET request (everything else is automatic).
<Message type>: Optional character string
Type of the HTTP message content to be sent to the server. This parameter can be specified only for a request for sending messages (POST request). This parameter corresponds to "Content-Type".
The default message type is: "application/x-www-form-urlencoded".
However, it is possible to enter any value, for example: "text/xml", "application/javascript", "application/json", "application/xml", "image/jpeg", ... To send raw data, which will be read at once by the WEBDEV Application Server, use the following types:
  • "application/octet-stream".
  • "text/xml".
<Username>: Optional character string
Name used to access a page with a protected URL (empty string by default). This name is used to identify the user.
Note: By entering the parameters <Nom User> and <Mot de passe>, the corresponding "Authorization:Basic" is automatically generated in the request header..
<Password>: Optional string or Secret string
Password associated with the username (empty string by default). Used to access a page with a protected URL. Caution: The password is transmitted unencrypted over the Internet.
Note: By entering the parameters <Nom User> and <Mot de passe>, the corresponding "Authorization:Basic" is automatically generated in the request header..
New in version 2025
Secret strings: If you use the secret string vault, the type of secret string used for this parameter must be "ANSI or Unicode string".
To learn more about secret strings and how to use the vault, see Secret string vault.
Remarks

Security error in a secure transaction

During a secure transaction, the request may fail due to security errors:
  • invalid certificate or certificate issued by an unknown organization.
  • the site name specified in the certificate does not correspond to a server.
  • invalid or expired certificate date.
  • redirection to a non-secure server.
  • ...
These errors are returned by ErrorInfo.
If one of these errors occurs, you can re-run the request while ignoring the errors. To do this, simply use the variable HTTP.IgnoreError.
The HTTP.IgnoreError variable can also be used to manage special cases during the secure transactions (ignoring the list of revoked certificates for example).
Error returned by ErrorInfo
(with the errCode constant)		Value of HTTP.IgnoreError
(these values can be combined)		Description
httpErrorInvalidCertificate
Invalid certificate or certificate coming from an unknown company		httpIgnoreInvalidCertificateIgnores the certificate.
httpErrorInvalidCertificateName
The site name specified in the certificate does not correspond to a server		httpIgnoreInvalidCertificateNameIgnores the site name specified in the certificate.
httpErrorExpiredCertificate
Invalid or expired certificate date		httpIgnoreExpiredCertificateIgnores the certificate date
httpErrorRedirectToHTTP
Redirection to a non-secure server		httpIgnoreRedirectToHTTPThe redirection to a non-secure server is allowed.
httpIgnoreRedirectToHTTPS
Redirection to a secure server		httpIgnoreRedirectToHTTPSThe redirection to a secure server is allowed.
httpIgnoreRedirectionThe redirection to a page is ignored.
httpIgnoreRevocationThe certificate found in the list of revoked certificates is not checked.
For example:
// Lancement d'une requête sur un serveur sécurisé
ResLancement = HTTPRequest("https://www.MonServeur.com")
// Si erreur rencontrée
IF ResLancement = False THEN
	// Selon le type d'erreur rencontré
	SWITCH ErrorInfo(errCode)
		// Certificat invalide 
		// ou ne provenant pas d'une société connue
		CASE httpErrorInvalidCertificate : 
			// Ignorer le certificat ?
			IF YesNo("Alerte de sécurité détectée !", ...
				"Certificat invalide.", ...
				"Ignorer ce certificat ?") = Yes THEN
				HTTP.IgnoreError = httpIgnoreInvalidCertificate
				// Nouveau lancement de la requête 
				// en ignorant cette erreur
				HTTPRequest("https://www.MonServeur.com")
			END
		// Date du certificat non-valide ou expiré
		CASE httpErrorExpiredCertificate : 
			// Ignorer la date du certificat ?
			IF YesNo("Alerte de sécurité détectée !", ...
				"Date du certificat invalide ou expiré.", ...
				"Ignorer cette date ?") = Yes THEN
				HTTP.IgnoreError = httpIgnoreExpiredCertificate
				// Nouveau lancement de la requête 
				// en ignorant cette erreur
				HTTPRequest("https://www.MonServeur.com")
			END
	END
END
Remarks:
  • When HTTP requests are made in several threads, the variable HTTP.IgnoreError variable has a specific value for each thread.

Retrieving the result

HTTPGetResult is used to retrieve the result of the last HTTP request run.
When a destination file is specified by HTTPDestination:
  • the HTTPGetResult function used with the constant httpResult constant always returns an empty string ("").
  • HTTPGetResult associated with the httpHeader constant always returns the header of the HTTP response. This header is not saved in the destination file: only the data is saved.
When the request is over, the destination is canceled and HTTPRequest operates as usual.
Reports and Queries

Accessing a password-protected URL

To access a password-protected URL, you can:
  • use the <Username> and <Password> parameters found in the syntax of HTTPRequest.
  • specify the username and password in the <URL to contact> parameter. For example:
    <Res> = HTTPRequest("http://<user>:<password>@<URL to contact>")
Reports and Queries

Using a proxy

To access the URL specified in HTTPRequest via a proxy, use Proxy.
Reports and Queries

Authentication headers

The authentication headers are automatically generated in the following cases:
  • If HTTPRequest uses the syntax with username and password.
  • If the server URL is password protected.
  • If Proxy is used.
Component: wd300com.dll
See also
Minimum version required
  • Version 9
This page is also available for…
Comments
exemplo httprequest
https://windevdesenvolvimento.blogspot.com/2021/05/dicas-3325-windev-webdev-mobile.html
https://youtu.be/MQ7SrcjV33E
EDT_retorno=""
S_url is string="https://economia.awesomeapi.com.br/json/last/USD-BRL"
IF HTTPRequest(S_url) THEN
EDT_retorno=UTF8ToAnsi(HTTPGetResult())
let json_dados=JSONToVariant(EDT_retorno)
FOR EACH json_linha OF json_dados..Member
FOR EACH json_linha_Detalhe OF json_linha
IF json_linha_Detalhe..Name="high" THEN
EDT_dolar=json_linha_Detalhe..Value
END
END
END
END
amarildo
11 May 2021

Last update: 05/16/2025

Send a report | Local help