This is using Office365 SPO with a 2013 workflow being created in the 2013 Designer.
We are trying to make a workflow (whose steps will later on be part of a larger) that simply does an HTTP GET call. We have a url variable set to https://xxxxx.sharepoint.com/sites/xxxx/_api/web/GetFolderByServerRelativeUrl('/sites/xxx/xxx')/files, headers Accept and Content-Type set to "application/json;odata=verbose" and Authorization as an empty string. In the call action the RequestType is GET, RequestHeaders has those values, and the ResponseContent/Headers are set to empty dictionaries with a ResponseStatusCode variable as an empty string. When the workflow is run the ResponseStatusCode is given a value of Forbidden. When the Authorization header part is missing it returns Unauthorized as per normal.
Navigating to the web url shows the feed page with the correct number of file entries. However, the entries all contain 0 info in the response (I'm guessing that has to do with it being a url call instead of an actual REST call).
Any ideas? This is making my and another employee's foreheads the same flatness as our desks.
Note: Both of us are still fairly new as SP was tossed on our laps w/o any warning. So if it looks like any of this is a horrible way please say so, nicely ;)