Document HTTP workflow connector support

[talboren]

Summary

• Updates the Workflows HTTP actions docs to explain connector-backed HTTP steps.
• Replaces the outdated secret-store limitation with guidance to use connector-id for authenticated requests.
• Adds dropdown syntax examples for configured HTTP connector and direct URL usage.

Testing

• Not run; docs-only change.

[github-actions]

Elastic Docs AI PR menu

Check the box to run an AI review for this pull request.

• Review docs changes (docs-review). Status: completed. View progress.

Powered by GitHub Agentic Workflows and docs-actions. For more information, reach out to the docs team.

[github-actions]

🔍 Preview links for changed docs

• explore-analyze/workflows/steps/external-systems-apps.md

[github-actions]

✅ Elastic Docs Style Checker (Vale)

No issues found on modified lines!

---

The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale.

[semd]

Neat!

[github-actions]

Docs review summary

Focus areas

• Style and clarity: Good overall. The rewritten HTTP actions section is clearer and more accurate than the previous version. One inline comment on security guidance visibility.
• Jargon: No unexplained jargon. connector-id, url, and YAML terms are used appropriately in a technical context.
• Frontmatter and applies_to: Not modified by this PR; no issues.
• Content type fit: Appropriate reference/how-to hybrid structure for this topic.
• Parent issue satisfaction: Not applicable — no linked issue referenced.

Nits

• Line 85 — dropdown label: The PR adds a second example inside the dropdown, but the heading still reads Click to show syntax example (singular). Consider updating it to Syntax examples or Click to show syntax examples to match the content.
• Line 78 — url Required column: "Yes, when connector-id is not provided" is clear but verbose for a table cell. A shorter alternative like "Yes (if no connector-id)" would be more scannable.

Generated by Docs review agent for issue #6885 · 102.3 AIC · ⌖ 17.7 AIC · ⊞ 32.5K

[github-actions]

The sentence "Avoid placing secrets directly in workflow YAML." is important security guidance, but it's buried at the end of a descriptive bullet. This guidance was previously more prominent as a dedicated admonition. Consider elevating it:

Suggested change

	* **Direct URL**: For simple requests that don't require connector-managed secrets, omit `connector-id` and provide the full `url` directly in the step. Avoid placing secrets directly in workflow YAML.
	* **Direct URL**: For simple requests that don't require connector-managed secrets, omit `connector-id` and provide the full `url` directly in the step.
	:::{warning}
	Avoid placing secrets directly in workflow YAML. Use a configured HTTP connector for authenticated requests.
	:::