JavaScript object model

This page applies to Apigee and Apigee hybrid.

View Apigee Edge documentation.

This topic discusses the Apigee JavaScript Object Model. It's important to understand this model if you intend to use the JavaScript policy to add custom JavaScript to an API proxy.

About the JavaScript object model

The JavaScript object model defines objects with associated properties that are available to JavaScript code executing within an Apigee proxy flow. Use the JavaScript policy to attach this custom code to an API proxy flow.

The objects defined by this model have scope within the API proxy flow, which means that certain objects and properties are available only at specific points in the flow. When your JavaScript is executed, a scope is created for the execution. In that scope, these object references are created:

  • context: An object that provides access to message context
  • request: A shorthand that allows access to the request object
  • response: A shorthand that allows access to the response object
  • crypto: Provides various hash functions
  • print: A function to emit output
  • properties: Allows read access to the configuration properties on the policy

The context object

The context object has global scope. It is available everywhere within the API proxy flow. It has four child objects: proxyRequest, proxyResponse, targetRequest, targetResponse. These child objects are scoped to the ambient request and response, either the proxy request and response or the target request and response. For example, if the JavaScript policy executes in the proxy endpoint part of the flow, then the context.proxyRequest and context.proxyResponse objects are in scope. If the JavaScript runs in a target flow, then the context.targetRequest and context.targetResponse objects are in scope.

The context object also has properties and methods, which are described in detail in this topic. For example, the following JavaScript code example uses the context.flow property and calls the get/setVariable() methods on context.

if (context.flow=="PROXY_REQ_FLOW") {
     var username = context.getVariable("request.formparam.user");
     context.setVariable("USER.name", username);
}

These methods interact directly with flow variables. The context.flow property value is the current flow scope. In the proxy request flow, it's set to the constant PROXY_REQ_FLOW. If in the target response flow, it's set to TARGET_RESP_FLOW. This constant is handy for executing scope-specific code. The getter lets you get flow variables and the setter lets you set flow variables. These variables are generally available in the proxy flow and can be consumed by other policies.

See context object reference for more details and examples.

The crypto object

The crypto object adds basic, high performance cryptographic support to the JavaScript Object Model. See crypto object reference for more details and examples.

The request and response objects

The request and response objects are shorthand references to the ambient request and response, either the proxy request and response or the target request and response. The objects these variables refer to depend upon the context in which the JavaScript policy executes. If the JavaScript runs in the flow of a proxy endpoint, then the request and response variables refer to context.proxyRequest and context.proxyResponse. If the JavaScript runs in a target flow, then the variables refer to the context.targetRequest and context.targetResponse.

The JavaScript object model includes a print() function that you can use to output debug information to the Apigee Debug tool. See Debug with JavaScript print() statements.

The properties object

When using a Properties element in the policy configuration, the JavaScript code can access the values of those properties using the properties variable.

For example, if your JavaScript configuration contains:

<Javascript name='JS-1' >
  <Properties>
    <Property name="number">8675309</Property>
    <Property name="firstname">Jenny</Property>
  </Properties>
  <ResourceURL>jsc://my-code.js</ResourceURL>
</Javascript>

Then in my-code.js, you can:

  print(properties.firstname);  // prints Jenny
  print(properties.number);  // 8675309

More practically, configuration can allow the code to behave differently when run in different environments, at different moments, or for any reason.

For example, the following specifies the "variable name" and the style of output that the JavaScript should emit information into:

<Javascript name='JS-2' >
  <Properties>
    <Property name="output">my_output_variable</Property>
    <Property name="prettyPrint">true</Property>
  </Properties>
  <ResourceURL>jsc://emit-results.js</ResourceURL>
</Javascript>
Then in emit-results.js, the code could do this:
var result = { prop1: "something", prop2 : "something else" } ;
if (properties.prettyPrint == "true") {
  context.setVariable(properties.output, JSON.stringify(result, null, 2));
}
else {
  context.setVariable(properties.output, JSON.stringify(result));
}

crypto object reference

The crypto object lets you perform basic cryptographic hashing functions in JavaScript.

The crypto object has global scope. It is available everywhere within the API proxy flow. Crypto lets you work with these hash objects:

  • SHA-1
  • SHA256
  • SHA512
  • MD5

Working with SHA-1 objects

You can create SHA-1 objects, update them, and convert them to hex and base64 values.

Create a new SHA-1 object

var _sha1 = crypto.getSHA1();

Update an SHA-1 object

Syntax

_sha1.update(value);

Parameters

  • value - (String) Any string value.

Example

Update an SHA-1 object:

_sha1.update("salt_value");

_sha1.update("some text");

Return the SHA-1 object as a hex string

var _hashed_token = _sha1.digest();

Return the SHA-1 object as a base64 string

var _hashed_token = _sha1.digest64();

Working with SHA-256 objects

You can create SHA-256 objects, update them, and convert them to hex and base64 values.

Create a new SHA-256 object

var _sha256 = crypto.getSHA256();

Update an SHA-256 object

Syntax

_sha256.update(value);

Parameters

  • value - (String) Any string value.

Example

Update an SHA-256 object:

_sha256.update("salt_value");

_sha256.update("some text");

Return the SHA-256 object as a hex string

var _hashed_token = _sha256.digest();

Return the SHA-256 object as a base64 string

var _hashed_token = _sha256.digest64();

Working with SHA-512 objects

You can create SHA-512 objects, update them, and convert them to hex and base64 values.

Create a new SHA-512 object

var _sha512 = crypto.getSHA512();

Update an SHA-512 object

Syntax

_sha512.update(value);

Parameters

  • value - (String) Any string value.

Example

Update an SHA-512 object:

_sha512.update("salt_value");

_sha512.update("some text");

Return the SHA-512 object as a hex string

var _hashed_token = _sha512.digest();

Return the SHA-512 object as a base64 string

var _hashed_token = _sha512.digest64();

Working with MD5 objects

You can create MD5 objects, update them, and convert them to hex and base64 values.

Create a new MD5 object

var _md5 = crypto.getMD5();

Update an MD5 object

Syntax

_md5.update(value);

Parameters

  • value - (String) Any string value.

Example

Update an MD5 object:

_md5.update("salt_value");

_md5.update("some text");

Return the MD5 object as a hex string

var _hashed_token = _md5.digest();

Return the MD5 object as a base64 string

var _hashed_token = _md5.digest64();

Crypto date/time support

The crypto object supports date/time formatting patterns.

crypto.dateFormat()

Returns a date in string format.

Syntax

crypto.dateFormat(format, [timezone], [time])

Parameters

  • format - (String) The underlying implementation for this parameter is java.text.SimpleDateFormat. For example: 'YYYY-MM-DD HH:mm:ss.SSS'
  • timezone - (String, optional) The underlying implementation for this parameter is java.util.TimeZone. This parameter is the sameDefault: UTC
  • time - (Number, optional) A Unix timestamp value to format. Default: current time

Examples

Get the current time, down to milliseconds:

var _now = crypto.dateFormat('YYYY-MM-DD HH:mm:ss.SSS');

Get the current time for the Pacific Time Zone:

var _pst = crypto.dateFormat('YYYY-MM-DD HH:mm:ss.SSS','PST');

Get the value of ten seconds from now:

var _timeNow = Number(context.getVariable('system.timestamp'));
var tenSeconds = crypto.dateFormat('YYYY-MM-DD HH:mm:ss.SSS','PST', _timeNow + 10 * 1000);

Additional examples. See also the java.text.SimpleDateFormat documentation.

var _pst = crypto.dateFormat('M');
var _pst = crypto.dateFormat('EEE, d MMM yyyy HH:mm:ss Z');
var _pst = crypto.dateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ");

Use getHash() to get any of the supported hash objects

Examples

var _hash1 = crypto.getHash('MD5');

var _hash2 = crypto.getHash('SHA-1');

var _hash3 = crypto.getHash('SHA-256');

var _hash4 = crypto.getHash('SHA-512');

Sample with crypto

try {
    // get values to use with hash functions
    var salt = context.getVariable("salt") || 'SomeHardCodedSalt';
    var host = context.getVariable("request.header.Host");
    var unhashedToken = "";

    var _timeNow = Number(context.getVariable('system.timestamp'));
    var now = crypto.dateFormat('YYYY-MM-DD HH:mm:ss.SSS','PST', _timeNow);
    unhashed_token = "|" + now + "|" + host

    // generate a hash with the unhashedToken:
    var sha512 = crypto.getSHA512();
    sha512.update(salt);
    sha512.update(unhashedToken);

    // convert to base64
    var base64Token = sha512.digest64();

    // set headers
    context.setVariable("request.header.now", now);
    context.setVariable("request.header.token", base64Token);

} catch(e) {
    throw 'Error in Javascript';
}

context object reference

A context object is created for each request/response transaction executed by an API proxy. The context object exposes methods to get, set, and remove variables related to each transaction.

Variables define properties specific to a transaction. The time of day, the locale of the requesting client, the user-agent of the requesting client, and the URL of the target service are all examples of variables that are available in the context. Therefore, context is useful for building logic that relies on these properties to execute custom behavior.

See Flow variables reference and ExtractVariables policy.

context object summary

This table briefly describes the context object and its children, and lists the properties that are bound to each.

Name Description Properties
context A wrapper for the message processing pipeline context and the request and response Flows that are executed by the ProxyEndpoint and TargetEndpoint. flow, session
context.proxyRequest An object that represents the inbound request message to the ProxyEndpoint (from the requesting app to the API proxy) headers, query parameters, method, body, url
context.targetRequest An object that represents the outbound request message from the TargetEndpoint (from the API proxy to the backend service). headers, query parameters, method, body, url
context.targetResponse An object that represents the inbound target response message (from the backend service to the API proxy) headers, content, status
context.proxyResponse An object that represents the outbound proxy response message (from the API proxy to the requesting app) headers, content, status
context.flow The name of the current flow. See context.flow.
context.session A map of name/value pairs that you can use to pass objects between two different steps executing in the same context. For example: context.session['key'] = 123. For more information on when and when not to use this object, see What is the difference between context.session['hello'] = {} and context.setVariable("hello", {}).

context object methods

context.getVariable()

Retrieves the value of a pre-defined or custom variable.

Syntax

context.getVariable("variable-name");

Example

To get the value for the current year:

var year = context.getVariable('system.time.year');

context.setVariable()

Sets the value for a custom variable or for any writable pre-defined variables.

Syntax

context.setVariable("variable-name", value);

Example

A common scenario for setting a variable is when an API proxy must dynamically write the target URL. The following JavaScript obtains the value of a variable called USER.name, appends that value as a query parameter to the URL http://mocktarget.apigee.net?user=, and then sets the pre-defined target.url to that value.

context.setVariable("target.url", "http://mocktarget.apigee.net/user?user="+context.getVariable("USER.name"));

context.removeVariable()

Removes a variable from the context.

Syntax

context.removeVariable('variable-name');

context object properties

context.flow

The flow property is a string that identifies the current API proxy flow. This property is used to indicate the Flow to which the JavaScript is attached. Supported values are:

  • PROXY_REQ_FLOW
  • PROXY_RESP_FLOW
  • TARGET_REQ_FLOW
  • TARGET_RESP_FLOW

Each Flow name encompasses the PreFlow, PostFlow, and any conditional Flows defined in the ProxyEndpoint(s) or TargetEndpoint(s).

This optional property is useful when common JavaScript is executed in more than one Flow, but might vary its behavior depending on the Flow in which it executes. Use the Flow property for JavaScript modules intended to be reused in multiple API proxies, in which the code is required to check the current Flow before executing logic.

Example

Set an HTTP header only on the targetRequest Flow:

if (context.flow=="TARGET_REQ_FLOW") {
     context.targetRequest.headers['TARGET-HEADER-X']='foo';
}

Set the content only on the proxyResponse Flow:

if (context.flow=="PROXY_RESP_FLOW") {
     context.proxyResponse.content='bar';
}

context.session

A map of name/value pairs that can be used to pass objects between two policies executing within the same message context.

Example

Set a value in the session:

context.session['key']  = 123;

Get the value from the session:

var value = context.session['key']; // 123

context object children

As shown below, a complete API proxy Flow encompasses four distinct phases, each of which has an associated message object that is a child of the context object:

  • context.proxyRequest: The inbound request message received from the requesting client.
  • context.targetRequest: The outbound request message sent to the backend service.
  • context.proxyResponse: The outbound response message returned to the requesting client.
  • context.targetResponse: The inbound request message received from the backend service.

Diagram of a request and response passing through a proxy endpooint and a target endpoint.

The following sections describe the methods and properties of these objects:

context.*Request child objects

For each HTTP transaction that executes in an API proxy, two request message objects are created: one inbound (the request from the client) and one outbound (the request generated by the API proxy and submitted to the backend target.)

The context object has child objects that represent these request messages: context.proxyRequest and context.targetRequest. These objects let you access properties within the request flow that is in scope when your JavaScript code executes.

context.*Request child object properties

Property name Description
url

The url property is a read/write convenience property that combines scheme, host, port, path and query parameters for the targetRequest.

The complete URL of the request is composed of the following properties:

  • protocol: The protocol of the URL (for example, HTTP, HTTPS)
  • port: The port (for example, :80, :443)
  • host: The host of the URL (for example, www.example.com)
  • path: The path of the URI (for example, /v1/mocktarget)

When getting url, a URL is returned in the following format:

protocol://host:port/path?queryParams

Examples:

context.targetRequest.url = 'http://www.example.com/path?q1=1'
context.targetRequest.protocol ='https';
headers

HTTP request headers as a mapping of String => List

Examples:

For this HTTP request:

POST /v1/blogs HTTP/1.1
Host: api.example.com
Content-Type: application/json
Authorization: Bearer ylSkZIjbdWybfs4fUQe9BqP0LH5Z
The following JavaScript:
context.proxyRequest.headers['Content-Type'];
context.proxyRequest.headers['Authorization'];

will return the following values

application/json
Bearer ylSkZIjbdWybfs4fUQe9BqP0LH5Z
queryParams

The request message query parameters as a mapping of String => List.

Examples:

"?city=PaloAlto&city=NewYork"

can be accessed as:

context.proxyRequest.queryParams['city'];  // == 'PaloAlto'
context.proxyRequest.queryParams['city'][0]     // == 'PaloAlto'
context.proxyRequest.queryParams['city'][1];    // == 'NewYork'
context.proxyRequest.queryParams['city'].length(); // == 2
method

The HTTP verb (GET, POST, PUT, DELETE. PATCH, etc.) associated with the request

Examples:

For this request:

POST /v1/blogs HTTP/1.1
Host: api.example.com
Content-Type: application/json
Authorization: Bearer ylSkZIjbdWybfs4fUQe9BqP0LH5Z

The following JavaScript:

context.proxyRequest.method;

will return the following value

POST
body

The message body (payload) of the HTTP request.

The request body has the following members:

  • context.targetRequest.body.asXML;
  • context.targetRequest.body.asJSON;
  • context.targetRequest.body.asForm;

Examples:

For an XML body:

<customer number='1'>
<name>Fred<name/>
<customer/>

To access the elements of the XML object as follows:

var name = context.targetRequest.body.asXML.name;

To access XML attributes, use the @ notation.

var number = context.targetRequest.body.asXML.@number;

For a JSON request body:

{
"a":  1 ,
"b" : "2"
}
var a = context.proxyRequest.body.asJSON.a;    // == 1
var b = context.proxyRequest.body.asJSON.b;    // == 2

To read form parameters:

"vehicle=Car&vehicle=Truck"
v0 = context.proxyRequest.body.asForm['vehicle'][0];
v1 = context.proxyRequest.body.asForm['vehicle'][1];

context.*Response child objects

For each HTTP transaction the executes in an API proxy, two response message objects are created: one inbound (the response from the backend service) and one outbound (the response sent back to the client.)

The context object has child objects that represent these response messages: context.proxyResponse and context.targetResponse. These objects let you access properties within the response flow that is in scope when your JavaScript code executes.

context.*Response object properties

Property name Description
headers

The HTTP headers of the response message as a mapping of String => List.

Example:

var cookie = context.targetResponse.headers['Set-Cookie'];
status

The status code with status message as a property. Both status code and status message are available as properties.

Example:

var status = context.targetResponse.status.code;   // 200
var msg = context.targetResponse.status.message;   // "OK"
content

The HTTP body (payload content) of the response message.

Response content has the following members:

context.targetResponse.content.asXML;
context.targetResponse.content.asJSON;

Using .asXML notation

There is a handy way to walk through an XML document using the .asXML notation. This section describes how to use this notation, and how it differs from request.content and context.proxyRequest.content.

For example:

request.content.asXML

or

context.proxyRequest.content.asXML

Both the *.content and *.content.asXML forms can be used in a string context, and JavaScript will coerce them to become strings. In the former case (*.content), the string includes all declarations as well as XML comments. In the latter case (*.content.asXML), the string value of the result is cleaned of declarations and comments.

Example

msg.content:

<?xml version="1.0" encoding="UTF-8"?>
<yahoo:error xmlns:yahoo="http://yahooapis.com/v1/base.rng" xml:lang="en-US">
   <yahoo:description>Please provide valid credentials. OAuth oauth_problem="unable_to_determine_oauth_type", realm="yahooapis.com"
   </yahoo:description>
</yahoo:error>
<!-- mg023.mail.gq1.yahoo.com uncompressed/chunked Sat Dec 14 01:23:35 UTC 2013 -->

msg.content.asXML:

<?xml version="1.0" encoding="UTF-8"?>
<yahoo:error xmlns:yahoo="http://yahooapis.com/v1/base.rng" xml:lang="en-US">
   <yahoo:description>Please provide valid credentials. OAuth oauth_problem="unable_to_determine_oauth_type", realm="yahooapis.com"
   </yahoo:description>
</yahoo:error>

Furthermore, you can use the .asXML form to traverse the XML hierarchy, by specifying the names of elements and attributes. It is not possible to traverse the hierarchy using the other syntax.

Debug with JavaScript print() statements

If you're using the JavaScript policy to execute custom JavaScript code, note that you can use the print() function to output debug information to the Debug tool. This function is available directly through the JavaScript object model. For example:

if (context.flow=="PROXY_REQ_FLOW") {
     print("In proxy request flow");
     var username = context.getVariable("request.queryparam.user");
     print("Got query param: " + username);
     context.setVariable("USER.name", username);
     print("Set query param: " + context.getVariable("USER.name"));
}


if (context.flow=="TARGET_REQ_FLOW") {
     print("In target request flow");
     var username = context.getVariable("USER.name");
     var url = "http://mocktarget.apigee.net/user?"
     context.setVariable("target.url", url + "user=" + username);
     print("Callout to URL: ", context.getVariable("target.url"));
}

To see the output, select Output from all transactions at the bottom of the Debug window. You can also find output in the Debug property called stepExecution-stdout.

Making JavaScript callouts with httpClient

Use httpClient to make multiple, parallel, asynchronous HTTP requests to any URL from within custom JavaScript code executing in an API proxy flow. The httpClient object is exposed by the Apigee Javascript object model.

About httpClient

The httpClient object is exposed to custom JavaScript code running on Apigee through the JavaScript object model. To attach custom JavaScript to an API proxy, you use the JavaScript policy. When the policy runs, the custom JavaScript code executes.

The httpClient object is useful for developing composite services or mashups. For example, you can consolidate multiple backend calls into a single API method.

Here's a basic usage pattern. Instantiate a Request object, assign to it a URL (e.g., to a backend service you wish to call), and call httpClient.send with that request object.

var myRequest = new Request();
myRequest.url = "http://www.example.com";
var exchangeObj = httpClient.send(myRequest);

httpClient Reference

The HTTP Client exposes two methods: get() and send().

httpClient.get()

A convenience method for simple HTTP GET requests, with no support for HTTP headers.

Usage

var exchangeObj = httpClient.get(url);

Returns

The method returns an exchange object. This object has no properties, and it exposes the following methods:

  • isError(): (Boolean) Returns true if the httpClient was unable to connect to the server. HTTP status codes 4xx and 5xx result in isError() false, as the connection completed and a valid response code was returned. If isError() returns true, then a call to getResponse() returns the JavaScript undefined.
  • isSuccess(): (Boolean) Returns true if the send was complete and successful.
  • isComplete(): (Boolean) Returns true if the request is complete.
  • waitForComplete(): Pauses the thread until the request is complete (by success or error).
  • getResponse(): (object) Returns the response object if the httpClient.send() was complete and successful. The returned object has the identical methods and properties as the context.proxyResponse object. See context object summary.
  • getError(): (string) If the call to httpClient.send() resulted in an error, returns the error message as a string.

Example

Send a fully configured Request object containing the properties of the HTTP request. Use a non-blocking callback to process the response.

// Add the required the headers for making a specific API request
var headers = {'X-SOME-HEADER' : 'some value' };
// Make a GET API request along with headers
var myRequest = new Request("http://www.example.com","GET",headers);

// Define the callback function and process the response from the GET API request
function onComplete(response,error) {
 // Check if the HTTP request was successful
    if (response) {
      context.setVariable('example.status', response.status);
     } else {
      context.setVariable('example.error', 'Woops: ' + error);
     }
}

// Specify the callback Function as an argument
httpClient.get(myRequest, onComplete);

Using the JavaScript policy

Use the JavaScript policy to attach custom JavaScript code to a proxy flow. See JavaScript policy.

Related topics