What is an Apex Callout?

An Apex Callout is an outbound HTTP or SOAP request from Apex code to an external server or API.

What is the maximum duration of a single Apex callout?

Each Apex callout has a 10-second timeout in synchronous context (120 seconds in batch/future context).

What is the modern recommended way to configure callout endpoints?

Named Credentials are the modern recommended approach because they manage authentication and URL configuration cleanly and keep credentials out of code.

Callout, Apex

Development🔴 Advanced

Definition

A Callout in Apex is an HTTP or web service request made from Apex code to an external server or API. Apex supports both HTTP callouts (using HttpRequest/HttpResponse classes) and SOAP callouts (using WSDL2Apex-generated classes). Callouts are subject to governor limits (such as a 10-second timeout per callout and a maximum of 100 callouts per transaction) and require the external endpoint to be registered in Remote Site Settings or Named Credentials.

Real-World Example

Consider a scenario where a senior developer at TerraForm Tech is working with Callout, Apex to solve a complex business requirement that cannot be addressed with declarative tools alone. They implement Callout, Apex with proper error handling, write 98% test coverage, and document the solution for future maintainers. The code passes security review on the first attempt.

Why Callout, Apex Matters

An Apex Callout is an HTTP or SOAP request made from Apex code to an external endpoint. HTTP callouts use the HttpRequest and HttpResponse classes to construct and send REST-style requests; SOAP callouts use classes generated from a WSDL via WSDL2Apex. Before any callout can be made, the target endpoint must be registered either in Remote Site Settings (the older mechanism) or via Named Credentials (the modern, recommended approach because it handles authentication and URL management cleanly).

Callouts are subject to Salesforce governor limits: each individual callout can take at most 10 seconds (120 seconds for batch/future context), each transaction can make at most 100 callouts, and the total time across all callouts in a transaction is capped. Callouts also cannot be made after DML operations within the same transaction unless the DML is committed and the callout is moved to a future method or Queueable class. These constraints shape how integration code is structured: long-running or chained callouts almost always belong in asynchronous Apex rather than synchronous triggers or controllers.

How Organizations Use Callout, Apex

•TerraForm Tech — Makes HTTP callouts from a Queueable Apex class to a shipping provider's REST API whenever an order is finalized. The callout fetches a shipping quote and writes it back to the Order record, all within the Queueable to stay outside the triggering transaction.
•CodeBridge — Uses Named Credentials to manage the authentication for callouts to five different external APIs. The credentials approach means passwords and tokens never live in code, which satisfied their security review and simplified key rotation.
•Quantum Labs — Built a wrapper class around all outbound callouts that handles retries, logging, and error classification. Every callout in the codebase goes through the wrapper, so operational visibility and resilience are consistent across integrations.