The Web Request by MESA trigger creates a unique URL that you can call to execute a MESA workflow. Unlike the Webhook by MESA trigger, the entire workflow will execute, and the result of the last step in the workflow will be returned as the response. Using the Web Request by MESA trigger, you can retrieve Shopify Customer Metadata values to use in your single page app, proxy an API call to a third party app, or even display an HTML table of data stored in a Data by MESA table. If you would like to combine data retrieved from multiple steps in your response, we recommend making the last step of your workflow a Mapping or Editor Transform by MESA action.

Configuration

Passing Data

Querystring parameters appended to your URL will be available as Variables in your workflow. For example, if you append &limit=1 to the Web Request by MESA URL, it will be available as the {{webrequest.querystring.limit}} variable. To easily select the variable from the Variable selector modal, make a test request and refresh the builder. The querystring parameters sent in your previous workflow run will appear in the variable selector:

If you make a POST request to the Web Request by MESA trigger, all data passed will be available in the body variable. For example: {{webrequest.querystring.id}}. Similar to querystring parameters, to see these variables in the variable selector model, make a test request and refresh the builder.

All headers passed in the request are also available as variables. For example, you could use the Authorization header to authenticate requests in a Custom Code by MESA step

Custom Response Headers

The Response Headers returned by the completed automation can be customized under the Advanced section. Change the Content-Type value to text/xml and end your workflow with a Transform by MESA Editor step to return an XML document. Change the Content-Type to text/html and end your workflow with a Transform by MESA Editor step to return an HTML document that will render in the browser:

You can remove the .json in the URL or replace it with .html or .xml to improve the clarity of your endpoints as well, but simply changing the URL suffix will do nothing if the Content-Type header is not changed as well.

The Access-Control-Allow-Origin and Access-Control-Allow-Headers headers can be customized to fine-tune your CORS security settings, and additional custom headers can be added with static values or values from variables passed from other steps.

Technical Details

• Each request executes a workflow and counts as an automation run. You can see a history of all automation runs within the Activity tab.

• Requests are rate-limited based on the Incoming rate limit of your plan.

• The maximum request time is limited based on the Task compute limit of your plan. There is also a limit of 60 seconds per request, even if your plan allows longer requests. Requests that take more time to execute will be timed out, and no response will be returned.

• Certain actions, including Loop by MESA and Delay by MESA, are not supported by the Web Request by MESA app. If you need to delay a couple of seconds, you might be able to use Mesa.request.sleep in a Custom Code by MESA step.

• The URL of your Web Request by MESA trigger is static and includes a mandatory apikey querystring parameter. If you want a shorter URL, we recommend using a URL shortener service like bit.ly.