Genpact Cora Knowledge Center


HTTP Consumer Activity Overview

Starting with V10.0, Cora SeQuence has been renamed to Cora Orchestration.


Use the HTTP Consumer as an activity or as a data model source to consume any publicly exposed HTTP endpoint. 

The HTTP Consumer Activity/Data Model source has two configuration options, basic and advanced. In most cases, the basic option is sufficient, but in cases that require advanced configuration, it's important to understand the parameters and attributes. The advanced configuration is fairly technical and requires you to configure numerous parameters.  

You can view, edit, create, and delete HTTP consumers from in the Administration site.

For additional information, refer to the following articles.

Define the HTTP Consumer Activity

  1. Service (endpoint) level: define the basic HTTP Consumer endpoint. 
  2. Activity/Data Model source level: configure a specific request.

Use Cases

  • In a form, consume a value from a single JSON item as a Data Model source. See the example below.
  • In a grid, consume values from JSON items. See the example below.
    1. { JsonValue(ds.Item.Content.AsString()) }
      1. { ToString(ds.Item["body"]) }

Wizard Tips

  • All string parameters must be in quotation marks.
  • To access additional attribute options, clear the IsNull check box.

HTTP Consumer Security (Starting V9.8.3)

There is an option of Stored > OAuth2 On-Behalf-Of Credentials, similar to the OAuth2 Client Credentials. The definition provides an option to authenticate on behalf of the current user using OAuth On-Behalf-Of flow according to the specification defined in this page

Expected flow 

  1. User logs in to Cora SeQuence.
  2. During user authentication flow, the user will need to approve the option for Cora SeQuence to access external applications/services on behalf of the active user. This approval is managed in the AD through a consent screen. There is an Azure option for administrative consent for all users.
  3. Definition of the OAuth 2 authentication will be through the Administration screens.
  4. The On-Behalf-Of flow support is added to the HTTP consumer activity as a new Store credentials type.

In case there is no consent for Cora SeQuence to access the external API, provided by user or enabled by Azure admin, access issues will occur when Cora SeQuence is attempting to access the external resources on behalf of the active user. 


  • Support is for OAuth through Microsoft Identity Platform only.
  • Token and User consent details - IdP is responsible for access token lifetime, revocation, etc. User Consent details will include consent for Cora Orchestration and the External API.
  • It is important to configure offline_access on the Cora SeQuence and On-Behalf-Of authentication scopes to support refresh tokens.

Cora SeQuence flow that is executed by JES, BRS, WebAPI is not supported. Reason is due to the nature of JES and BRS, that cannot support the On-behalf-of flow usage. There is no signed-in user to consent. WebAPI is also not configured with user interaction. It does support OAuth client credential flow. The HTTP Consumer will fail as the user has no Cora SeQuence access token.