References

Mindbricks Pattern Ontology Definitions

MindbricksProject

MPO Version: 1.3.0

MindbricksProject is the root class representing the entire architecture of a software project in Mindbricks. It sits at the top of the Mindbricks ontology tree—a structured, semantic pattern definition scheme used to model projects. Mindbricks leverages this ontology to generate microservice-based applications by interpreting and compiling interconnected pattern objects. Each pattern object is defined as a class with typed properties, which can include both primitive types and references to other pattern classes. Projects are built as JSON instances that follow this schema, enabling AI agents and human architects to collaboratively define a system's structure, behavior, and deployment blueprint in a unified and machine-readable format.

interface MindbricksProject = {
  projectSettings : ProjectSettings;
  authentication : ProjectAuthentication;
  bffService : BFFService;
  notificationService : NotificationService;
  services : Service[];
}

Field	Description
projectSettings	Defines the general configuration of the project. This includes fundamental attributes like project name, description, and environmental setup. Recommended as the first section to complete when initializing a new project.
authentication	Configures the authentication and authorization mechanisms of the project. This module defines login models, session behavior, social logins, and access control. It is referenced by all services that require secure user management.
bffService	Defines the Back-For-Front (BFF) service that serves as a frontend aggregation layer. It composes data from multiple services and presents them in optimized formats for the frontend.
notificationService	Settings for configuring notification options at the project level so that a separte notification service can be used to send messages via email, SMS, or push notifications. This module defines the providers and event-driven behaviors for notifications.
services	Defines the individual microservices within the project. Each service includes its own data model, logic, and CRUD capabilities. All services are listed as an array of Service objects.

ProjectSettings

MPO Version: 1.3.0

Defines the core configuration of your Mindbricks project, including metadata, environment preferences, and infrastructure integrations. Use this section to set up the project name, description, and optionally override managed infrastructure services with your own. While Mindbricks provides managed services by default to ensure a reliable, production-ready architecture, you may choose to integrate custom services for Redis, PostgreSQL, Kafka, and others as needed.

interface ProjectSettings = {
  basicSettings : BasicProjectSettings;
  stripeSettings : StripeSettings;
  aiSettings : AiSettings;
  corsSettings : CorsSettings;
  pipelineTemplates : PipelineTemplate[];
  integrations : IntegrationConfiguration[];
}

Field	Description
basicSettings	Defines the essential metadata for the project, including its name, full title, description, icon, and environment variables.
stripeSettings	Settings for integrating Stripe as a payment gateway. Mindbricks does not provide a managed Stripe account—project owners must configure their own Stripe credentials here.
aiSettings	Settings for connecting to external AI services such as OpenAI. Use this section to input API keys and model preferences for AI-based features in your application.
corsSettings	undefined
pipelineTemplates	A list of ejs templates that renders custom CI-CD files for your services. Each file will be created in the root of your microservices after rendered using the templates with service configuration. Use these templates if you will take out your project to ypur own deployment environment and you want Mindbricks to generate your deploy pipeline files.
integrations	undefined

BasicProjectSettings

MPO Version: 1.3.0

Defines the basic settings of your Mindbricks project, including its identity, descriptive metadata, environment variables, and current lifecycle stage. These values are essential for naming, documentation, and runtime configuration.

interface BasicProjectSettings = {
  name : String;
  fullname : String;
  description : Text;
  avatar : String;
  frontendDocument : Text;
  hasAuthentication : Boolean;
  ignoreDeploymentSpecificFiles : Boolean;
  customVariables : DataMapSimpleItem[];
}

Field	Description
name	The short name of the project. This is a required field and is often a single word. It is used as a prefix for naming project assets and resources.
fullname	The full, descriptive name of the project. This will appear in dashboards, documentation, and UIs.
description	A long-form description of the project. This text is used in documentation materials and for internal references.
avatar	A URL to the project's avatar icon. This image is shown in UI panels and documentation headers.
frontendDocument	A text based information to inform the frontend developer or frontend AI agent about the general UX behaviour of the application based on user stories and use cases. The format may be either text or markdown(recommended). Write the document as an AI prompt and describe application gneric UX behaviours. Any service or data object specific information should be given as a brief key sentence, since they will be detailed in their own objects. Note that this document will be given to the AI agent or human developer combined with all technical details that is generated from the project design,so this document should only focus on application-global behavioral UX business logic.
hasAuthentication	Determines if the project uses an authentication system (for users, administrators, etc.). Enabling this typically activates an auth microservice and related security features. Detailed settings are in the main authentication module.
ignoreDeploymentSpecificFiles	Use this in your custom deployment not to generate auto-deployemnt specific files so you can integrate your own files to your repository. AI Agents should keep this false.
customVariables	Key-value pairs defining custom environment variables for the project. These variables are available in runtime and can be accessed in service logic and functions.

DataMapSimpleItem

MPO Version: 1.3.0

Represents a single key-value pair used in most context. The value is constant.

interface DataMapSimpleItem = {
  name : String;
  value : String;
}

Field	Description
name	The key name for the data item (e.g., a header name or parameter name).
value	The value of the data item, should be deifned as string even it is a number.

StripeSettings

MPO Version: 1.3.0

Defines integration settings for Stripe payments. Mindbricks does not provide a managed Stripe account—keys for both test and live modes must be supplied manually.

interface StripeSettings = {
  useStripe : Boolean;
  configuration : StripeSettingsConfig;
}

Field	Description
useStripe	Specifies whether Stripe payments are enabled.
configuration	The configuration object for the Stripe service. Leave it null if useStripe is false.

StripeSettingsConfig

MPO Version: 1.3.0

Defines the configuration for Stripe. This object is used when useStripe is set to true. It includes API keys for both test and live modes.

interface StripeSettingsConfig = {
  testPublicKey : String;
  testSecretKey : String;
  livePublicKey : String;
  liveSecretKey : String;
}

Field	Description
testPublicKey	The public key for Stripe test mode, used in development and staging.
testSecretKey	The secret key for Stripe test mode, used in development and staging.
livePublicKey	The public key for Stripe live mode, used in production.
liveSecretKey	The secret key for Stripe live mode, used in production.

AiSettings

MPO Version: 1.3.0

Defines API keys for AI service providers such as OpenAI and Anthropic. These keys are used in any AI-powered logic within the application.

interface AiSettings = {
  openAiApiKey : String;
  anthropicApiKey : String;
}

Field	Description
openAiApiKey	The API key for accessing OpenAI services.
anthropicApiKey	The API key for accessing Anthropic services.

CorsSettings

MPO Version: 1.3.0

Defines CORS settings for service accesses. When enabled Cross Origins will be accepted according to the settings.

interface CorsSettings = {
  useCorsControl : Boolean;
  configuration : CorsSettingsConfig;
}

Field	Description
useCorsControl	Specifies whether CORS control is enabled. Leave false if you allow service accesses from any domain.
configuration	The configuration object for the CORS settings. Leave it null if useCorsControl is false.

CorsSettingsConfig

MPO Version: 1.3.0

Defines the configuration for CORS settings. This object is used when useCorsControl is set to true. Note that if your service is in a different subdomain, Mindbricks automatically uses wildcard url control and allows other subdomains in the same main domain. Localhost Vite ports are also allowed automatically.

interface CorsSettingsConfig = {
  allowedOrigins : String[];
  allowAllSubdomains : Boolean;
}

Field	Description
allowedOrigins	A list of full url addresses that are allowed as cross origin.(with https or http)
allowAllSubdomains	When set to true, the services will accept all cross origins that have different subdomain but same domain. It is not recommended if your services share a domain with foreign subdomains.

PipelineTemplate

MPO Version: 1.3.0

The asset to store a template for generating custom pipeline files. Used in project level and applied to all microservices.

interface PipelineTemplate = {
  filename : String;
  template : Text;
}

Field	Description
filename	The name of the pipeline file that will be generated like .gitlab-ci.yml
template	The ejs source code of the template that renders the pipeline file.

IntegrationConfiguration

MPO Version: 1.3.0

A configuration class to define client parameters to use a remote API like AWS S3, Twillio or any other 3rd part api provider.

interface IntegrationConfiguration = {
  provider : IntegrationProvider;
  configuration : DataMapItem[];
}

Field	Description
provider	A specific name for the api client that want to be connected and used in the business logic. The name must match the names of the supported provider list of Mindbricks.
configuration	The client parameters to create a client to the pre-registered provider. Mostly credentials like CLientId, ClientSecret, ApiKey or initila options like region select in AWS. The confuration parameter list must match with the definition of the provider configuration in the integrations document.

IntegrationProvider

An Enum vaue to store the names of the integration providers

IntegrationProviderNames = [
  "amazonS3",
  "googleGemini",
  "googleMaps",
  "Telegram",
];

const IntegrationProvider = {
  amazonS3: 0,
  googleGemini: 1,
  googleMaps: 2,
  Telegram: 3,
};

Enum	Description
amazonS3	A famous file storage service
googleGemini	An AI Model Api provided by Google
googleMaps	A maps api provided by Google
Telegram	A messaging api based on Telegram platform

DataMapItem

MPO Version: 1.3.0

Represents a single key-value pair used in most context. The value can be defined dynamically using an MScript.

interface DataMapItem = {
  name : String;
  value : MScript;
}

Field	Description
name	The key name for the data item (e.g., a header name or parameter name).
value	The value of the data item, defined using MScript to allow dynamic expressions or literals.

MScript

MPO Version: 1.3.0

Represents a Mindbricks JavaScript expression used for logic, validation, or configuration. An MScript is stored as a string in the JSON schema but is expected to conform to a valid JavaScript ExpressionStatement. Acceptable forms include literals, identifiers, expressions, function calls, or a module.exports assignment returning a valid object. Although stored as plain text, MScripts are parsed and analyzed using a specialized override class that allows static checks and evaluation.

interface MScript = {
}

Field	Description

ProjectAuthentication

MPO Version: 1.3.0

Defines the authentication and authorization configuration for the entire project. This module serves as the foundation for user identity, login behavior, access control, and verification flows. All services in the project, especially user services, rely on these centralized settings.

interface ProjectAuthentication = {
  authenticationEssentials : AuthBasics;
  loginDefinition : LoginDefinition;
  verificationServices : VerificationServices;
  accessControl : AccessControl;
  socialLogins : SocialLoginSettings;
  userProperties : DataProperty[];
  tenantProperties : DataProperty[];
}

Field	Description
authenticationEssentials	Basic authentication settings for the project. Defines the core authentication method (e.g., email/password, token-based) and global authentication behaviors.
loginDefinition	Specifies how users, user groups, and tenants are defined in the project's data model. These definitions allow Mindbricks to dynamically extract identity and authorization data from project-specific data objects.
verificationServices	Defines optional verification flows such as password reset, email confirmation, mobile verification, and 2FA. Mindbricks automatically generates the required backend logic for these features under the user service.
accessControl	Specifies permission-based access control settings. These govern what users or roles can access, based on project-wide authorization rules.
socialLogins	Configuration for allowing users to sign in or register using external identity providers. Supported providers include Google, Facebook, Twitter, Apple, GitHub, and GitLab.
userProperties	Defines additional properties to include in the user data object. These are added to the default fields [ email, password, fullname, name, surname, mobile, emailVerified, mobileVerified, roleId] and shape the structure of the User model in the generated user service. Note: Standard fields (`id`, `isActive`, `createdAt`, `updatedAt`) are automatically created.
tenantProperties	Defines additional properties to include in the tenant data object. Alongside required fields like name and ownerId, these shape the structure of the Tenant model. Note: Standard fields (`id`, `isActive`, `createdAt`, `updatedAt`) are automatically created.

AuthBasics

MPO Version: 1.3.0

Defines the fundamental authentication configuration for the project. These settings determine the authentication method(s) used across all services, including token-based, SSO, remote service, or API key authentication.

interface AuthBasics = {
  JWTAuthentication : JWTAuth;
  ssoAuthentication : SSOAuth;
  apiKeyAuthentication : APIKeyAuth;
  httpSettings : AuthHttpSettings;
  cookieSettings : CookieSettings;
}

Field	Description
JWTAuthentication	Configuration for JWT-based authentication, where the project issues and verifies its own JSON Web Tokens. This is the recommended authentication method in Mindbricks for secure, scalable identity management.
ssoAuthentication	Settings for enabling Single Sign-On (SSO) integration with external identity providers, typically used by enterprise users. Mindbricks does not generate an SSO server but supports integration with your organization's existing SSO infrastructure.
apiKeyAuthentication	Enables API key-based authentication for accessing the project's services. This method can be used either as the primary authentication mechanism or as a secondary option alongside others.
httpSettings	Defines the HTTP configuration of the auth service. Primarily includes the port on which the auth service will accept HTTP requests.
cookieSettings	undefined

JWTAuth

MPO Version: 1.3.0

Defines the configuration for JWT-based authentication, where the project issues and verifies its own JSON Web Tokens. This is the recommended authentication method in Mindbricks due to its stateless nature and scalability.

interface JWTAuth = {
  useJWTForAuthentication : Boolean;
  configuration : JWTAuthConfig;
}

Field	Description
useJWTForAuthentication	Indicates whether JWT authentication is enabled for the project.
configuration	The configuration object for JWT authentication. Leave it null if useJWTForAuthentication is false.

JWTAuthConfig

MPO Version: 1.3.0

Defines the configuration details for JWT-based authentication. This object is used when useJWTForAuthentication is set to true. It includes token and key refresh periods.

interface JWTAuthConfig = {
  tokenPeriodInDays : Integer;
  keyRefreshPeriodInDays : Integer;
}

Field	Description
tokenPeriodInDays	Specifies the lifespan of each JWT token, in days. After this period, the token will expire and require reauthentication.
keyRefreshPeriodInDays	Specifies how often the JWT signing key pair (private/public) should be regenerated, in days. Regular key rotation enhances security.

SSOAuth

MPO Version: 1.3.0

Defines the Single Sign-On (SSO) configuration for the project. This allows users to authenticate via their organization's identity provider using standard SSO protocols. Mindbricks integrates with external SSO providers but does not generate or host its own SSO server.

interface SSOAuth = {
  useSSOForAuthentication : Boolean;
  configuration : SSOAuthConfig;
}

Field	Description
useSSOForAuthentication	Specifies whether SSO is enabled as an authentication method for the project. If enabled, users will be able to log in using an external SSO provider.
configuration	The configuration object for the SSO provider. Leave it null if useSSOForAuthentication is false.

SSOAuthConfig

MPO Version: 1.3.0

Defines the configuration for an external SSO provider. This object is used when useSSOForAuthentication is set to true. It includes provider name, token period, endpoints, and profile mapping.

interface SSOAuthConfig = {
  ssoName : String;
  tokenPeriodInMinutes : Integer;
  emailPropertyInProfile : String;
  userNamePropertyInProfile : String;
  ssoUserIdPropertyInProfile : String;
  ssoServerSettings : SSOServerSettings;
}

Field	Description
ssoName	A human-readable name to identify this SSO provider in your project (e.g., 'corporateSSO' or 'okta').
tokenPeriodInMinutes	Specifies how long a session token issued via SSO remains valid, in minutes. After expiration, the user must be reauthenticated through the SSO server.
emailPropertyInProfile	The field in the SSO profile payload to use as the user's email address. Used for identifying or creating the user record.
userNamePropertyInProfile	The field in the SSO profile payload to use as the user's display name. Used when creating a new user on first login.
ssoUserIdPropertyInProfile	The field in the SSO profile payload that will be used as the unique SSO user ID in Mindbricks. Common defaults are 'sub' or 'id'.
ssoServerSettings	Configuration of the SSO provider's endpoints and client credentials. Includes authorization, token, user profile, and logout URLs as well as client ID and secret.

SSOServerSettings

MPO Version: 1.3.0

The SSOServerSettings object defines the configuration for a Single Sign-On (SSO) integration, including endpoint URLs and client credentials. These settings enable the service to interact with an external identity provider using OAuth2/OIDC protocols by specifying how to authenticate, retrieve tokens, get user info, and handle logouts.

interface SSOServerSettings = {
  tokenHost : String;
  authPath : String;
  tokenPath : String;
  userInfoPath : String;
  logoutPath : String;
  redirectUrl : String;
  clientId : String;
  clientSecret : String;
}

Field	Description
tokenHost	The base URL of the SSO provider (e.g., https://auth.example.com). This value is used as the root for building all other endpoint paths.
authPath	The relative path to initiate user authorization on the SSO provider (e.g., /oauth2/authorize).
tokenPath	The relative path to request access tokens from the SSO provider (e.g., /oauth2/token).
userInfoPath	The relative path to fetch the authenticated user's profile information (e.g., /userinfo).
logoutPath	The relative path to perform logout on the SSO provider (e.g., /logout).
redirectUrl	The full callback URL of the client application to which the SSO provider will redirect after login. This URL must match the one registered with the SSO provider.
clientId	The client identifier issued to your application by the SSO provider. This ID is used to identify your app during the authentication flow.
clientSecret	The secret associated with the client ID, used to authenticate your application with the SSO provider when exchanging tokens.

APIKeyAuth

MPO Version: 1.3.0

Defines the configuration for API key-based authentication. This method allows clients to authenticate by providing a public API key and an optional secret in the request. It can be used as the primary or a supplemental authentication method.

interface APIKeyAuth = {
  useAPIKeyForAuthentication : Boolean;
  configuration : APIKeyAuthConfig;
}

Field	Description
useAPIKeyForAuthentication	Indicates whether API key authentication is enabled for the project.
configuration	The configuration object for API key authentication. Leave it null if useAPIKeyForAuthentication is false.

APIKeyAuthConfig

MPO Version: 1.3.0

Configuration details for API key authentication, including key and secret names and their locations.

interface APIKeyAuthConfig = {
  apiKeyLocation : RequestLocations;
  apiKeyName : String;
  apiSecretName : String;
}

Field	Description
apiKeyLocation	Specifies where in the request the API key and secret will be sent. This must be one of the defined RequestLocations (e.g., header, query, cookie).
apiKeyName	The name of the API key in the request, used to identify the client's public access key.
apiSecretName	The name of the API secret in the request, used to identify the client's private key or shared secret.

RequestLocations

An enum type to refer to a specific section of an HTTP request where data (e.g., tokens or parameters) can be located.

RequestLocationsNames = [
  "bearer",
  "cookie",
  "header",
  "query",
  "body",
  "urlpath",
  "session",
  "request",
];

const RequestLocations = {
  bearer: 0,
  cookie: 1,
  header: 2,
  query: 3,
  body: 4,
  urlpath: 5,
  session: 6,
  request: 7,
};

Enum	Description
bearer	Use when the data is sent as a Bearer token in the Authorization header. No name is required for this mode.
cookie	Use when the data is sent in cookies. The name refers to the cookie's key.
header	Use when the data is sent in a custom HTTP header. The name is the header's name.
query	Use when the data is sent as a query parameter. The name is the name of the query parameter.
body	Use when the data is sent in the body of the request. The name refers to a property in the request body.
urlpath	Use when the data is part of the dynamic URL path (e.g., /users/:id). The name is the parameter name.
session	Use when the data is extracted from the server-side session object.
request	Use when the data exists directly on the root of the request object.

AuthHttpSettings

MPO Version: 1.3.0

Defines the HTTP configuration of the auth service. Primarily includes the port on which the auth service will accept HTTP requests.

interface AuthHttpSettings = {
  httpPort : Integer;
  routerSuffix : String;
}

Field	Description
httpPort	The port number that the auth service will use to listen for HTTP traffic. Recommended to use ports in the 3000-3099 range for consistency across microservices.
routerSuffix	Use this in your custom deployment if you have any suffix in your auth service url to be removed before evaluated in express router. AI Agents should keep this null.

CookieSettings

MPO Version: 1.3.0

Use this settings to arrange the allowed domains of your applications cookie. Note thar a mindbricks service cookie is set as secure:true, httpOnly:true, sameSite:none, but domain is set according to the login requesrt hos if it is in. the allowed list or defaults.

interface CookieSettings = {
  allowedDomains : String[];
}

Field	Description
allowedDomains	Mindbricks create cookies that is allowed for localhost, and the subdomain of the project in mindbricks.co, the architect may add his own one or more frontend urls, it can be given either as domain like xapp.com or as a subdomain like web.xapp.com

LoginDefinition

MPO Version: 1.3.0

Defines the core login architecture of the project, including the user and tenant structures that underpin authentication and access. These settings enable Mindbricks to generate a built-in 'auth' service tailored to your data model, supporting user registration, login, permissions, and optional multi-tenant behavior.

interface LoginDefinition = {
  userSettings : LoginDefUserSettings;
  tenantSettings : LoginDefTenantSettings;
}

Field	Description
userSettings	Defines how the built-in user object is configured and authenticated within the project. While the user data model is fully managed by Mindbricks, this setting allows you to control aspects such as super admin credentials, registration behavior, user group support, and whether mobile-based features are enabled. These settings shape how authentication flows and access are handled at the user level.
tenantSettings	Configuration for multi-tenant applications, including tenant object definitions and their relationship to users and user groups. When enabled, this isolates resources by tenant and supports tenant-scoped access control. Omit this section for single-tenant projects.

Field

Description

userSettings

Defines how the built-in user object is configured and authenticated within the project. While the user data model is fully managed by Mindbricks, this setting allows you to control aspects such as super admin credentials, registration behavior, user group support, and whether mobile-based features are enabled. These settings shape how authentication flows and access are handled at the user level.

tenantSettings

Configuration for multi-tenant applications, including tenant object definitions and their relationship to users and user groups. When enabled, this isolates resources by tenant and supports tenant-scoped access control. Omit this section for single-tenant projects.

LoginDefUserSettings

MPO Version: 1.3.0

Defines how users are stored, managed, and authenticated within the project. This includes super admin credentials, login identifiers, optional mobile and email verification settings, public registration policies, and whether user groups are active. This structure governs the behavior and structure of the user service's primary data model.

interface LoginDefUserSettings = {
  superAdminEmail : String;
  superAdminPassword : String;
  userNameType : UserNameType;
  superAdminData : DataMapItem[];
  userGroupsActive : Boolean;
  userGroupsInTenantLevel : Boolean;
  userMobileIsActive : Boolean;
  emailVerificationRequiredForLogin : Boolean;
  mobileVerificationRequiredForLogin : Boolean;
  mobile2FARequiredForLogin : Boolean;
  email2FARequiredForLogin : Boolean;
  userRegisterIsPublic : Boolean;
  userAutoAvatarScript : MScript;
  userGroupAutoAvatarScript : MScript;
}

Field	Description
superAdminEmail	The login email of the super admin user. This user has full permissions across the project and is not tenant-scoped. If not defined, the project owner's email is used. This email must be unique and valid to support email-based features like verification and password reset.
superAdminPassword	The password of the super admin user. This preset password is used to access the system after initial deployment and should be changed in production environments.
userNameType	Specifies whether the user's name will be stored as a single 'fullname' or as separate 'name' and 'surname' fields.
superAdminData	Preset values for the super admin user. Required only for custom properties beyond the standard fields (email, name, password, etc.).
userGroupsActive	Indicates whether user group functionality is enabled. When active, a 'userGroup' data object is added to the user service with fixed fields (id, name, description), optionally scoped by tenant.
userGroupsInTenantLevel	If true, user groups are defined per tenant; otherwise, they are defined globally across the SaaS. Applies only when user groups are enabled.
userMobileIsActive	Indicates whether mobile numbers are stored in the user data model. Required for enabling mobile-based authentication features such as 2FA.
emailVerificationRequiredForLogin	Indicates whether users must verify their email address before they can log in. Related verification flows must be enabled in VerificationServices.
mobileVerificationRequiredForLogin	Indicates whether users must verify their mobile number before logging in. This applies only when 'userMobileIsActive' is true.
mobile2FARequiredForLogin	Indicates whether two-factor authentication via mobile is required during login. This applies only when 'userMobileIsActive' is true.
email2FARequiredForLogin	Indicates whether two-factor authentication via email is required during login. Related verification flows must be enabled in VerificationServices.
userRegisterIsPublic	Determines if users can self-register. If false, only administrators can create users.
userAutoAvatarScript	An MScript expression that generates a default avatar for the user. This is used when no avatar is provided in the request.
userGroupAutoAvatarScript	An MScript expression that generates a default avatar for the user group. This is used when no avatar is provided in the request.

UserNameType

Specifies how user names are represented in the data model.

UserNameTypeNames = ["asFullname", "asNamePair"];

const UserNameType = {
  asFullname: 0,
  asNamePair: 1,
};

Enum	Description
asFullname	Stores the user's name in a single 'fullname' field.
asNamePair	Stores the user's name in separate 'name' and 'surname' fields.

LoginDefTenantSettings

MPO Version: 1.3.0

Specifies how tenant-based access control is structured for multi-tenant projects. This includes the tenant object name, registration permissions, and tenant separation logic. When enabled, this enforces strict data and user isolation by tenant.

interface LoginDefTenantSettings = {
  useMultiTenantFeature : Boolean;
  configuration : LoginDefTenantSettingsConfig;
}

Field	Description
useMultiTenantFeature	Enable this if the project requires multi-tenant architecture. If false, the project will be treated as single-tenant and no tenant-based separation is applied.
configuration	The configuration object for tenant settings. Leave it null if useMultiTenantFeature is false.

LoginDefTenantSettingsConfig

MPO Version: 1.3.0

Configuration details for tenant-based access control, including tenant registration, naming, and avatar script.

interface LoginDefTenantSettingsConfig = {
  tenantRegisterIsPublic : Boolean;
  tenantName : String;
  tenantAutoAvatarScript : MScript;
}

Field	Description
tenantRegisterIsPublic	If true, any user can create a tenant. If false, only SaaS admins can register tenants. When a user creates a tenant, they are automatically assigned as the tenant owner.
tenantName	Defines the name of the tenant object in the system (e.g., 'client', 'organization', 'workspace'). This name will be used to generate code, database models, and field references.
tenantAutoAvatarScript	An MScript expression that generates a default avatar for the tenant. This is used when no avatar is provided in the request.

VerificationServices

MPO Version: 1.3.0

Defines user-related verification features such as password resets and two-factor authentication (2FA). Mindbricks generates backend support code for these features automatically, based on this configuration, as part of the user service module.

interface VerificationServices = {
  verificationSettings : VerificationSettings;
  passwordResetByEmail : PasswordResetByEmail;
  passwordResetByMobile : PasswordResetByMobile;
  email2Factor : Email2Factor;
  mobile2Factor : Mobile2Factor;
  emailVerification : EmailVerification;
  mobileVerification : MobileVerification;
}

Field	Description
verificationSettings	General options for all verifications. You can change the verification mode (test/live) here.
passwordResetByEmail	Configures email-based password reset functionality. Includes template, expiration, and verification strategy (link or code).
passwordResetByMobile	Configures SMS-based password reset functionality. Requires active mobile field in user schema.
email2Factor	Enables and configures two-factor authentication via email. Typically used during login or sensitive actions.
mobile2Factor	Enables and configures two-factor authentication via SMS. Requires mobile phone to be active in user schema.
emailVerification	Configures email verification flow, including delivery method (link or code), expiration, and resend timing.
mobileVerification	Configures mobile verification flow via SMS, with support for link-based or code-based confirmation.

VerificationSettings

MPO Version: 1.3.0

General options for all verifications. You can change the verification mode (test/live) here.

interface VerificationSettings = {
  verificationMode : VerificationMode;
}

Field Description

verificationMode Set the mode of the verification here. In test mode, the secret code is sent to the frontend (as well as email or text), for user to be able to input it to the code page. In live mode the message is sent only to the email address or mobile phone number. The default value is testMode, don't forget to change it to liveMode after you defined the email/sms provider settings in the production environment.

Field	Description
verificationMode	Set the mode of the verification here. In test mode, the secret code is sent to the frontend (as well as email or text), for user to be able to input it to the code page. In live mode the message is sent only to the email address or mobile phone number. The default value is `testMode`, don't forget to change it to `liveMode` after you defined the email/sms provider settings in the production environment.

VerificationMode

An enum value to define the verification mode of the verification services to be able to manage the development process and the production process.

VerificationModeNames = ["testMode", "liveMode"];

const VerificationMode = {
  testMode: 0,
  liveMode: 1,
};

Enum	Description
testMode	In test mode, secret code is also sent to the frontend in the response of the /start request.
liveMode	In live mode, secret code is only sent to the user's email or phone number.

PasswordResetByEmail

MPO Version: 1.3.0

Configuration for enabling password reset via email. Defines whether the feature is active, how long the reset token remains valid, and how frequently a user can request resending the verification message.

interface PasswordResetByEmail = {
  passwordResetByEmailIsActive : Boolean;
  configuration : VerificationConfig;
}

Field	Description
passwordResetByEmailIsActive	Activates or deactivates the password reset by email feature.
configuration	The configuration object for password reset by email. Leave it null if passwordResetByEmailIsActive is false.

VerificationConfig

MPO Version: 1.3.0

Defines the configuration for verification flows, including password resets and two-factor authentication. This object is used when the respective feature is active.

interface VerificationConfig = {
  resendTimeWindow : Integer;
  expireTimeWindow : Integer;
  verificationType : VerificationType;
  verificationTemplate : Text;
}

Field	Description
resendTimeWindow	Interval in seconds before the user can request another verification message.
expireTimeWindow	Duration in seconds after which the verification link/code expires.
verificationType	Specifies whether verification is triggered by clicking a link or entering a code.
verificationTemplate	An ejs template source to render the message that will be sent to the user for the verification process. The template will be rendered with the verification data that includes the user object.

VerificationType

Defines the method used for user verification flows such as password reset, two-factor authentication, or account confirmation. This enum helps determine whether the user interacts with a clickable link or a manually entered code.

VerificationTypeNames = ["byLink", "byCode"];

const VerificationType = {
  byLink: 0,
  byCode: 1,
};

Enum	Description
byLink	Sends a clickable verification link via email or SMS. The user verifies by clicking the link.
byCode	Sends a numerical or alphanumerical code. The user verifies by entering the code into the application interface.

PasswordResetByMobile

MPO Version: 1.3.0

Configuration for enabling password reset via mobile. Specifies token expiration time, resend intervals, and verification type (link or code).

interface PasswordResetByMobile = {
  passwordResetByMobileIsActive : Boolean;
  configuration : VerificationConfig;
}

Field	Description
passwordResetByMobileIsActive	Activates or deactivates the password reset by mobile feature.
configuration	The configuration object for password reset by mobile. Leave it null if passwordResetByMobileIsActive is false.

Email2Factor

MPO Version: 1.3.0

Configuration for email-based two-factor authentication. Activates the feature and defines verification expiration and resend rules.

interface Email2Factor = {
  email2FactorIsActive : Boolean;
  configuration : VerificationConfig;
}

Field	Description
email2FactorIsActive	Enables or disables two-factor authentication via email.
configuration	The configuration object for email-based two-factor authentication. Leave it null if email2FactorIsActive is false.

Mobile2Factor

MPO Version: 1.3.0

Configuration for mobile-based two-factor authentication. Allows setup of token validity duration, resend rate, and type of verification mechanism.

interface Mobile2Factor = {
  mobile2FactorIsActive : Boolean;
  configuration : VerificationConfig;
}

Field	Description
mobile2FactorIsActive	Enables or disables two-factor authentication via mobile.
configuration	The configuration object for mobile-based two-factor authentication. Leave it null if mobile2FactorIsActive is false.

EmailVerification

MPO Version: 1.3.0

Defines the settings for verifying a user's email address. Includes token expiration duration, resend interval, and whether verification is handled via link or code.

interface EmailVerification = {
  emailVerificationIsActive : Boolean;
  configuration : VerificationConfig;
}

Field	Description
emailVerificationIsActive	Enables or disables email verification.
configuration	The configuration object for email verification. Leave it null if emailVerificationIsActive is false.

MobileVerification

MPO Version: 1.3.0

Defines the settings for verifying a user's mobile number. Includes resend interval, expiration period, and verification method (link or code).

interface MobileVerification = {
  mobileVerificationIsActive : Boolean;
  configuration : VerificationConfig;
}

Field	Description
mobileVerificationIsActive	Enables or disables mobile verification.
configuration	The configuration object for mobile verification. Leave it null if mobileVerificationIsActive is false.

AccessControl

MPO Version: 1.3.0

Configuration chapter for defining the access control architecture of the project. Mindbricks supports multiple authorization models including role-based, user-based, object-based, and attribute-based access controls. This section enables a unified, flexible, and scalable permission system that ensures resources and operations are securely accessed based on defined authorization rules across services.

interface AccessControl = {
  permissionBasics : PermissionBasics;
  roleSettings : RBACSettings;
  permissionTypes : PermissionTypes;
  objectBasedSettings : OBACPermission;
  attributeBasedSettings : AbacPermission;
}

Field	Description
permissionBasics	Defines the core permission vocabulary of the project, including permission groups and named permissions. These are referenced in access control logic across services.
roleSettings	Settings for Role-Based Access Control (RBAC), which defines how roles are assigned to users and how roles are mapped to permissions. This is the most common access control strategy in projects.
permissionTypes	Specifies which permission application methods are active in the project. Mindbricks supports role-based, user-based, user-group-based, object-based (OBAC), and attribute-based (ABAC) authorization models. Multiple types can be active concurrently.
objectBasedSettings	Settings related to Object-Based Access Control (OBAC). In this model, access is determined based on the user's relation to a specific object instance, such as ownership.
attributeBasedSettings	Settings for Attribute-Based Access Control (ABAC). In this model, access decisions are based on dynamic rules involving user, object, or contextual attributes.

PermissionBasics

MPO Version: 1.3.0

Defines the foundational permission model of the project. This section enables Permission-Based Access Control (PBAC) by allowing the architect to organize granular permissions into named groups. These permission groups act as the reference set for roles, users, and object-level rules throughout the project.

interface PermissionBasics = {
  pbacIsActive : Boolean;
  configuration : PermissionBasicsConfig;
}

Field	Description
pbacIsActive	A boolean flag indicating whether Permission-Based Access Control (PBAC) is active for this project. If enabled, Mindbricks will enforce permission checks according to the defined permission model.
configuration	The configuration object for permission basics. Leave it null if pbacIsActive is false.

PermissionBasicsConfig

MPO Version: 1.3.0

Configuration details for permission basics, including permission groups.

interface PermissionBasicsConfig = {
  permissionGroups : PermissionGroup[];
}

Field	Description
permissionGroups	An array of PermissionGroup objects that define the named permissions of the project grouped under logical categories. These groups help structure and reuse permission definitions across services.

PermissionGroup

MPO Version: 1.3.0

Defines a group of permissions under a shared namespace. Each permission group has a unique groupName and a list of permissions that are referenced across the project using either 'groupName.permission' or standalone permission identifiers. These groups simplify permission management in large-scale projects.

interface PermissionGroup = {
  groupName : String;
  permissions : String[];
}

Field	Description
groupName	The unique identifier of the permission group. It is used as a namespace in the format groupName.permission when referencing permissions in roles or other rules.
permissions	A list of permission names (strings) defined under this group. These should be unique across the project to ensure consistent access rules.

RBACSettings

MPO Version: 1.3.0

Configuration for Role-Based Access Control (RBAC) within the project. When enabled, RBAC allows permissions to be assigned to named roles, which are then associated with users. This setup supports both single-role and multi-role configurations, along with custom logical roles defined by dynamic lookup conditions.

interface RBACSettings = {
  rbacIsActive : Boolean;
  configuration : RBACSettingsConfig;
}

Field	Description
rbacIsActive	A boolean value to enable or disable role-based access control (RBAC) in the project. When enabled, access decisions can be made based on user roles.
configuration	The configuration object for RBAC settings. Leave it null if rbacIsActive is false.

RBACSettingsConfig

MPO Version: 1.3.0

Configuration details for RBAC, including roles, role ID data type, custom role lookups, and multi-role support.

interface RBACSettingsConfig = {
  rolesObject : RoleItem[];
  customRoleLookups : DataMapItem[];
  usersHaveMultipleRoles : Boolean;
}

Field	Description
rolesObject	Defines the list of roles available in the project. Each role is represented as a RoleItem object with a name and a value. These roles will be used to assign permissions and will appear in session data during authentication. Note that for single tenant applications, superAdmin, admin , user roles and for multi-tenant applications superAdmin, saasAdmin, tenantOwner, tenantAdmin, tenantUser roles are default system roles. And thery are active even RBAC is not active.Any role item in this rolesObject will be addtional role to these system roles.
customRoleLookups	An optional mapping of custom logical roles and their evaluation logic. Each entry maps a role name to an MScript condition that determines whether the role is assigned to a user dynamically.
usersHaveMultipleRoles	Indicates whether users can have multiple roles. If true, the `roleId` in the session and user model will be treated as an array of role values.

RoleItem

MPO Version: 1.3.0

Represents a role definition in the RBAC system. Each role includes a name for display and a value used in session data and permission checks.

interface RoleItem = {
  name : String;
  value : Any;
}

Field	Description
name	The display name of the role (e.g., 'Admin', 'Editor'). This name will be used for reference and documentation purposes.
value	The internal value of the role, which will be stored in the `roleId` field of the user or session data. This value is used during authorization checks and can be a string or number.

PermissionTypes

MPO Version: 1.3.0

Defines the active permission mechanisms in the project. Mindbricks supports multiple types of permission strategies including role-based (RBAC), user-specific overrides, user group-level permissions, object-level (OBAC), and tenant-specific rules. This configuration determines which of these models are enabled for the access control logic.

interface PermissionTypes = {
  roleBasedPermissionsIsActive : Boolean;
  userBasedPermissionsIsActive : Boolean;
  userGroupBasedPermissionsIsActive : Boolean;
  objectBasedPermissionsIsActive : Boolean;
  tenantBasedPermissionsIsActive : Boolean;
}

Field	Description
roleBasedPermissionsIsActive	Enables Role-Based Access Control (RBAC) for the project. When active, permissions can be assigned to roles, and users inherit access through their roles.
userBasedPermissionsIsActive	Enables user-specific permission overrides. When active, admins can assign custom permissions directly to individual users regardless of their roles or groups.
userGroupBasedPermissionsIsActive	Enables permission control via user groups. When active, permissions can be assigned to defined user groups and inherited by all members.
objectBasedPermissionsIsActive	Enables Object-Based Access Control (OBAC). When active, permission rules can be defined per individual data object (e.g., per record) and evaluated dynamically based on the object's relation to the user.
tenantBasedPermissionsIsActive	Activates tenant-specific permission logic. In multi-tenant projects, this allows SaaS administrators to define custom permission profiles per tenant, enabling isolated authorization policies.

OBACPermission

MPO Version: 1.3.0

Configuration for Object-Based Access Control (OBAC), which restricts access to specific data objects based on object ownership or association. If your system requires permissions that vary per object instance (e.g., 'only the creator can edit this record'), OBAC should be enabled and the relevant data objects listed.

interface OBACPermission = {
  objectBasedPermissionsIsActive : Boolean;
  dataObjects : DataObjectName[];
}

Field	Description
objectBasedPermissionsIsActive	A boolean value that enables object-level permission checks. When true, permissions can be enforced per record based on ownership or related fields.
dataObjects	An array of data object names to which object-level permissions will apply. These are the models for which individual access control should be enforced.

DataObjectName

MPO Version: 1.3.0

Represents a reference to a data object within the project. The value can be either a simple object name or a qualified reference in the format 'serviceName:objectName'. When using the qualified format, the part before the ':' specifies the service name, and the part after specifies the object name within that service. If only a single name is provided (without ':'), the system first searches for the object in the current service, then searches across other services in the project. As a best practice, when referencing data objects from other services, always fully qualified 'serviceName:objectName' format should be used to avoid potential naming conflicts.

interface DataObjectName = {
}

Field	Description

AbacPermission

MPO Version: 1.3.0

Configuration for Attribute-Based Access Control (ABAC), allowing fine-grained permission control using attribute-level rules on data objects. ABAC evaluates access by applying custom filter conditions to each object. When a rule matches, the user session may be granted specific permissions or even dynamic roles for that object. These rules can supplement or override standard RBAC or OBAC logic.

interface AbacPermission = {
  attributeBasedPermissionsIsActive : Boolean;
  abacDefinitions : ABACDefinititon[];
}

Field	Description
attributeBasedPermissionsIsActive	A boolean value that enables attribute-level access control. When true, data access will be filtered according to ABAC rules defined in `abacDefinitions`.
abacDefinitions	An object array to define ABAC (Attribute-Based Access Control) rules. Each rule applies a conditional filter to determine which records a user can access, and grants either dynamic permissions or a role for matching records.

ABACDefinititon

MPO Version: 1.3.0

Defines a single ABAC (Attribute-Based Access Control) rule for a given data object. Each rule applies a conditional filter to determine which records a user can access, and grants either dynamic permissions or a role for matching records.

interface ABACDefinititon = {
  name : String;
  dataObject : DataObjectName;
  whereClause : MScript;
  permissions : String[];
}

Field	Description
name	The unique identifier for this ABAC rule. It is used in the backend logic, database, and UI for reference.
dataObject	The name of the data object to which this ABAC rule applies.
whereClause	A JavaScript-style `where` clause defined using MScript syntax. This condition determines which records in the data object will match the rule and grant access.
permissions	A list of permission strings that will be granted when the ABAC rule matches a record. These permissions are context-specific and take precedence over less-specific permission types (such as role-based permissions).

SocialLoginSettings

MPO Version: 1.3.0

Configuration for enabling social login support within the project. This object defines integration settings for third-party authentication providers, such as Google and Apple, allowing users to sign in or register using their existing accounts. Each provider must be configured with its credentials and registration behavior.

interface SocialLoginSettings = {
  google : GoogleLoginSetting;
  apple : AppleLoginSetting;
  gitlab : GitlabLoginSetting;
  github : GithubLoginSetting;
}

Field	Description
google	Settings for enabling Google OAuth login and optional user registration. Defined as a GoogleLoginSetting object.
apple	Settings for enabling Apple OAuth login and optional user registration. Defined as an AppleLoginSetting object.
gitlab	Settings for enabling GitLab OAuth login and optional user registration. Defined as a GitlabLoginSetting object.
github	Settings for enabling GitHub OAuth login and optional user registration. Defined as a GithubLoginSetting object.

GoogleLoginSetting

MPO Version: 1.3.0

Configuration for Google OAuth login. This section defines whether Google login is enabled, the client ID and secret, and whether users can register using their Google accounts.

interface GoogleLoginSetting = {
  useGoogleLogin : Boolean;
  configuration : GoogleLoginConfig;
}

Field	Description
useGoogleLogin	A boolean value to enable or disable Google OAuth login. When true, users can sign in using their Google accounts.
configuration	The configuration object for Google OAuth login. Leave it null if useGoogleLogin is false.

GoogleLoginConfig

MPO Version: 1.3.0

Configuration details for Google OAuth login, including client ID, secret, and registration behavior. This object is used when Google login is enabled.

interface GoogleLoginConfig = {
  clientId : String;
  clientSecret : String;
  useForRegister : Boolean;
}

Field	Description
clientId	The Google OAuth client ID. This should match the identifier registered in your Google Developer Console.
clientSecret	The Google OAuth client secret. This is a confidential key issued by Google, stored securely in the Mindbricks secret store.
useForRegister	If true, users can register with their Google account. If false, Google login is permitted only for authentication of existing users.

AppleLoginSetting

MPO Version: 1.3.0

Configuration for Apple OAuth login. This section defines whether Apple login is enabled, the client ID, and whether users can register using their Apple accounts.

interface AppleLoginSetting = {
  useAppleLogin : Boolean;
  configuration : AppleLoginConfig;
}

Field	Description
useAppleLogin	A boolean value to enable or disable Apple OAuth login. When true, users can sign in using their Apple accounts.
configuration	The configuration object for Apple OAuth login. Leave it null if useAppleLogin is false.

AppleLoginConfig

MPO Version: 1.3.0

Configuration details for Apple OAuth login, including client ID and registration behavior. This object is used when Apple login is enabled.

interface AppleLoginConfig = {
  clientId : String;
  useForRegister : Boolean;
}

Field	Description
clientId	The Apple OAuth client ID, also known as the Service ID. This should match the identifier registered in your Apple Developer account.
useForRegister	If true, users can register with their Apple ID. If false, Apple login is permitted only for authentication of existing users.

GitlabLoginSetting

MPO Version: 1.3.0

Configuration for GitLab OAuth login. This section defines whether GitLab login is enabled, the client ID and secret, and whether users can register using their GitLab accounts.

interface GitlabLoginSetting = {
  useGitlabLogin : Boolean;
  configuration : GitlabLoginConfig;
}

Field	Description
useGitlabLogin	A boolean value to enable or disable GitLab OAuth login. When true, users can sign in using their GitLab accounts.
configuration	The configuration object for GitLab OAuth login. Leave it null if useGitlabLogin is false.

GitlabLoginConfig

MPO Version: 1.3.0

Configuration details for GitLab OAuth login, including client ID, secret, and registration behavior. This object is used when GitLab login is enabled.

interface GitlabLoginConfig = {
  clientId : String;
  clientSecret : String;
  useForRegister : Boolean;
}

Field	Description
clientId	The GitLab OAuth client ID. This should match the identifier registered in your GitLab application settings.
clientSecret	The GitLab OAuth client secret. This is a confidential key issued by GitLab, stored securely in the Mindbricks secret store.
useForRegister	If true, users can register with their GitLab account. If false, GitLab login is permitted only for authentication of existing users.

GithubLoginSetting

MPO Version: 1.3.0

Configuration for GitHub OAuth login. This section defines whether GitHub login is enabled, the client ID and secret, and whether users can register using their GitHub accounts.

interface GithubLoginSetting = {
  useGithubLogin : Boolean;
  configuration : GithubLoginConfig;
}

Field	Description
useGithubLogin	A boolean value to enable or disable GitHub OAuth login. When true, users can sign in using their GitHub accounts.
configuration	The configuration object for GitHub OAuth login. Leave it null if useGithubLogin is false.

GithubLoginConfig

MPO Version: 1.3.0

Configuration details for GitHub OAuth login, including client ID, secret, and registration behavior. This object is used when GitHub login is enabled.

interface GithubLoginConfig = {
  clientId : String;
  clientSecret : String;
  useForRegister : Boolean;
}

Field	Description
clientId	The GitHub OAuth client ID. This should match the identifier registered in your GitHub application settings.
clientSecret	The GitHub OAuth client secret. This is a confidential key issued by GitHub, stored securely in the Mindbricks secret store.
useForRegister	If true, users can register with their GitHub account. If false, GitHub login is permitted only for authentication of existing users.

DataProperty

MPO Version: 1.3.0

The definition of a data property within a data object. A data property is not just a storage field—it encapsulates the logic, behavior, and metadata associated with a specific piece of data. Through its settings, a data property can define relationships, context-aware values, session-based defaults, computed formulas, access filters, enums, and more. It serves as a powerful unit of business logic tightly integrated with the data model.

interface DataProperty = {
  basicSettings : PropertyBasicSettings;
  indexSettings : PropertyIndexSettings;
  enumSettings : PropertyEnumSettings;
  relationSettings : PropertyRelation;
  sessionSettings : PropertySessionSettings;
  staticJoin : PropertyStaticJoin;
  formulaSettings : PropertyFormulaSettings;
  contextSettings : PropertyContextSettings;
  filterSettings : PropertyFilterSettings;
}

Field	Description
basicSettings	Defines the foundational attributes of the data property, such as its name, type, whether it's an array, and its general description.
indexSettings	Controls how the property is indexed in storage systems to optimize lookup and uniqueness behaviors.
enumSettings	Enumerates the fixed set of values this property can take. Only used when the type is set to Enum.
relationSettings	Defines relationship mappings if the property refers to another data object, such as foreign keys or join references.
sessionSettings	Specifies how the property's value can be derived from the session context, such as assigning `userId` automatically on record creation.
staticJoin	Defines static join logic for enriching this property with data from other objects, useful for preloading dictionary or reference values.
formulaSettings	Allows the value of the property to be computed from a formula or script, typically used for derived or read-only fields.
contextSettings	Provides settings to dynamically set property values based on API execution context, such as input parameters or route metadata.
filterSettings	Specifies whether and how the property can be used as a filter parameter in API queries or search operations.

PropertyBasicSettings

MPO Version: 1.3.0

Defines the core structure and behavior of a data property. Beyond basic typing, this section governs how the property participates in data integrity, mutability, API exposure, and logic-driven behaviors such as hashing or auto-increment. Use this section to establish the foundational logic and identity of the property within your data object.

interface PropertyBasicSettings = {
  name : String;
  type : DataTypes;
  isArray : Boolean;
  description : Text;
  isRequired : Boolean;
  allowUpdate : Boolean;
  requiredInUpdate : Boolean;
  allowAutoUpdate : Boolean;
  autoIncrement : Boolean;
  hashed : Boolean;
  defaultValues : PropertyDefaults;
}

Field	Description
name	Unique identifier for the property within the data object. This name is used throughout route definitions, generated code, and logic expressions. Use camelCase formatting, avoid spaces and special characters, and ensure the name is unique within the same data object.
type	Defines the property's data type. Use a value from the `DataTypes`. The selected type impacts validation, storage schema, and frontend component inference.
isArray	Indicates if the property stores multiple values (array). Supported by databases like PostgreSQL and MongoDB. Default is `false`.
description	Optional textual description of the property's role in the domain. Useful for documentation and as a semantic hint across logic and UI components.
isRequired	If `true`, this property must be provided when a new object is created. It is enforced during validation.
allowUpdate	Controls whether the property can be modified after creation. If `false`, updates to this field are ignored unless overridden explicitly.
requiredInUpdate	If `true`, the property must be present in update operations. Commonly used for fields that must be kept consistent across updates (e.g. version, status).
allowAutoUpdate	If `true`, this property will be automatically included in the update parameters for default routes unless custom logic is applied. Helps streamline generic update routes.
autoIncrement	If `true`, this property will be auto-generated by incrementing the latest existing value. Suitable for numeric IDs or sequences managed internally.
hashed	If `true`, the property's value will be hashed before storage. This is irreversible and is typically used for storing passwords or other sensitive values.
defaultValues	Defines default values to be used during create or update operations when the property is missing. Values must match the property's `type` and `isArray` setting in JSON format.

DataTypes

These are the standardized data types used in microservice data models and BFF data views in Mindbricks.

DataTypesNames = [
  "ID",
  "String",
  "Text",
  "Integer",
  "Boolean",
  "Double",
  "Float",
  "Short",
  "Object",
  "Date",
  "Enum",
  "GeoPoint",
  "GeoRoute",
  "GeoArea",
];

const DataTypes = {
  ID: 0,
  String: 1,
  Text: 2,
  Integer: 3,
  Boolean: 4,
  Double: 5,
  Float: 6,
  Short: 7,
  Object: 8,
  Date: 9,
  Enum: 10,
  GeoPoint: 11,
  GeoRoute: 12,
  GeoArea: 13,
};

Enum	Description
ID	Represents a unique identifier. Implemented as UUID in SQL databases and ObjectID in NoSQL databases.
String	Represents short text values, typically capped at 255 characters.
Text	Represents long-form text content suitable for descriptions or rich text.
Integer	Represents 4-byte integer values used for whole numbers.
Boolean	Represents logical values true or false.
Double	Represents 8-byte double-precision floating-point numbers.
Float	Represents 4-byte single-precision floating-point numbers.
Short	Represents 2-byte short integers, useful for flags.
Object	Represents a generic JSON object, useful for flexible data structures.
Date	Represents date-time values, stored as ISO 8601 strings in UTC timezone.
Enum	Represents a fixed set of string values. Enum options are defined as an array of strings and internally stored as a short string.
GeoPoint	Repesents a geography point on the earth. It is a POINT GeoJson object storing lon and lat values.
GeoRoute	Represents a geography route on the earth. It is a LINESTRING GeoJson object, with an array of lon and lat pairs.
GeoArea	Represents a geography area on the earth. It is a POLYGON GeoJson object, with an array of lon and lat pairs. It hsould be closed as the last and first points should be equal. If not first point will be added automaticall as last point also.

PropertyDefaults

MPO Version: 1.3.0

Defines fallback values for create and update operations when the property is not explicitly provided. These settings ensure consistency and reduce frontend responsibility in form submission. Values must match the JSON representation of the property's type (DataTypes) and isArray setting. Examples: String→"text", Integer→123, Boolean→true, Date→"2024-01-01T00:00:00Z", Enum→"enumValueAsStr", Object→{}, or wrapped in arrays like ["text1","text2"] when isArray=true. Note that the Enum type is represented by string value here instead of the Integer index.

interface PropertyDefaults = {
  default : AnyComplex;
  defaultInUpdate : AnyComplex;
  alwaysCreateWithDefaultValue : Boolean;
}

Field	Description
default	Default value applied in create operations if the property is not provided. Commonly used to set initial values like statuses, flags, or timestamps. Set to `null` when no meaningful default exists. Value must match the property's `type` and `isArray` setting in JSON format.
defaultInUpdate	Default value applied in update operations if the property is required in update but not explicitly provided in the request payload. Set to `null` when no meaningful default exists. Value must match the property's `type` and `isArray` setting in JSON format.
alwaysCreateWithDefaultValue	If `true`, the default value will always be used during creation, even if the client provides a value for this property. This is useful for enforcing system-controlled initialization—such as setting fields based on minimal authorization rights—that should only be modified later by users with elevated privileges.

PropertyIndexSettings

MPO Version: 1.3.0

Index configuration for the data property across supported storage and caching layers. This includes Elasticsearch indexing for query performance, relational database indexing for faster selection, and Redis-based optimizations for efficient cache invalidation and retrieval. Use these settings to control how the property contributes to performance, queryability, and caching logic.

interface PropertyIndexSettings = {
  indexedInElastic : Boolean;
  fulltextSearch : Boolean;
  indexedInDb : Boolean;
  unique : Boolean;
  clusterInRedis : Boolean;
  cacheSelect : Boolean;
  isSecondaryKey : Boolean;
}

Field	Description
indexedInElastic	Determines whether the property is indexed in the Elasticsearch CQRS index. When enabled, this property can be used in DataView filters and search queries.
fulltextSearch	If set to true, Mindbricks will create an additional text index in elastic search other than the type based term query. Note that this feature is ignored if indexedInElastic is false. Text type data properties are alread have full text search.
indexedInDb	Specifies whether a native database index should be created for this property to accelerate selection queries. Recommended for frequently filtered or sorted fields.
unique	Indicates whether the property's value must be unique across all records. Enabling this will enforce a uniqueness constraint at the database level.
clusterInRedis	Specifies whether the property should contribute to Redis cluster keys for partial cache invalidation. This improves cache sensitivity but may increase Redis storage.
cacheSelect	Defines whether this property is used as a key in Redis entity cache for batch-select operations. Enables lookup by this value across cached entities.
isSecondaryKey	Marks the property as a secondary identifier, improving query performance on non-primary keys. Useful for access tokens, slugs, or alternative keys.

PropertyEnumSettings

MPO Version: 1.3.0

Enum configuration for the data property, applicable when the property type is set to Enum. While enum values are stored as integers in the database, defining the enum options here allows Mindbricks to enrich API responses with human-readable labels, easing interpretation and UI integration. If not defined, only the numeric value will be returned.

interface PropertyEnumSettings = {
  hasEnumOptions : Boolean;
  configuration : PropertyEnumSettingsConfig;
}

Field	Description
hasEnumOptions	Enables support for named enum values when the property type is Enum.
configuration	The configuration object for enum options. Leave it null if hasEnumOptions is false.

PropertyEnumSettingsConfig

MPO Version: 1.3.0

Configuration settings for enum options in a data property. This object defines the symbolic names that the enum type property can have. These labels are used in generated documentation and API responses.

interface PropertyEnumSettingsConfig = {
  enumOptions : String[];
}

Field	Description
enumOptions	An ordered list of enum string values representing the symbolic values that the enum property can have.

PropertyRelation

MPO Version: 1.3.0

Defines the relationship configuration for the data property. This is used when the property acts as a foreign key referencing another data object. It allows setting up parent-child relationships, cascade behaviors, and enriches both code generation and documentation with relational semantics.

interface PropertyRelation = {
  hasRelation : Boolean;
  configuration : PropertyRelationConfig;
}

Field	Description
hasRelation	Indicates whether this property represents a foreign key relationship to another data object. If enabled, additional settings like the target object and key must be provided.
configuration	The configuration object for the property relation. Leave it null if hasRelation is false.

PropertyRelationConfig

MPO Version: 1.3.0

Configuration object for property relations. Defines the details of the foreign key relationship, including the relation name, target object, target key, parent/child semantics, delete behavior, and whether the relation is required. Used only if hasRelation is true.

interface PropertyRelationConfig = {
  relationName : String;
  relationTargetObject : DataObjectName;
  relationTargetKey : PropRefer;
  relationTargetIsParent : Boolean;
  onDeleteAction : RelationOnDeleteAction;
  relationIsRequired : Boolean;
}

Field	Description
relationName	A single-word, human-readable name that identifies the relationship. This name is used in generated code and documentation to represent joined data via this relation.
relationTargetObject	The name of the data object this property relates to. This defines the target of the foreign key relationship.
relationTargetKey	The property name (usually 'id') in the target object that this property references. This is the destination key for the relation.
relationTargetIsParent	Specifies whether the related object should be treated as a parent in the domain model. If true, the current object is conceptually a child of the target object (e.g., user belongs to organization).
onDeleteAction	Determines what action should be taken if the related (parent) object is deleted. Options include cascading the delete or nullifying this property.
relationIsRequired	Defines whether the relation is mandatory. If true, the property must always reference a valid record in the related data object.

RelationOnDeleteAction

Defines the available strategies for handling related records when a referenced (parent) object is deleted.

RelationOnDeleteActionNames = ["doDelete", "setNull"];

const RelationOnDeleteAction = {
  doDelete: 0,
  setNull: 1,
};

Enum	Description
doDelete	Automatically delete this object if the referenced target object is deleted. This is a cascading delete.
setNull	Set this property to null when the referenced object is deleted, effectively removing the relation without deleting this object.

PropRefer

MPO Version: 1.3.0

Represents a reference to a property of a data object, optionally renaming it in the current context. It is a string data, however can store string pairs joined with ':'.The first part is the name ofthe property and the second part after ':' mark is how it will be renamed in the context. If no second partis provided, the property is named in the context with its original name. Renaming is useful for mapping remote object properties to local aliases or transforming naming for aggregation.

interface PropRefer = {
}

Field	Description

PropertySessionSettings

MPO Version: 1.3.0

Defines how this property is populated from the session context. Session-driven properties are commonly used to associate records with the current user or tenant automatically during create/update operations.

interface PropertySessionSettings = {
  isSessionData : Boolean;
  configuration : PropertySessionSettingsConfig;
}

Field	Description
isSessionData	Indicates whether this property is automatically populated from the session context. If true, additional configuration is required.
configuration	The configuration object for session mapping. Leave it null if isSessionData is false.

PropertySessionSettingsConfig

MPO Version: 1.3.0

Configuration object for session mapping. Defines the mapping between session properties and data object fields. This allows automatic population of data object properties from session data during create/update operations.

interface PropertySessionSettingsConfig = {
  sessionParam : String;
  isOwnerField : Boolean;
}

Field	Description
sessionParam	Specifies the name of the session field to bind to this property. Defaults to the property name if not explicitly provided. For example, if the session contains `userId`, that can be mapped to this field.
isOwnerField	Marks this property as the ownership field for the data object. When true, the property is used to enforce ownership-based access control (e.g., ensuring users can only modify their own records). This should be used when the property semantically identifies the owner of the record, typically a userId.

PropertyStaticJoin

MPO Version: 1.3.0

Static join settings define how this property's value is derived from another data object at the time of creation or update. This approach is useful when a field in the current object depends on a static value from a related object, and that value is not expected to change frequently. Unlike dynamic joins, static joins store the fetched value directly to allow for faster queries and avoid repeated lookups. A common use case is transferring tenant or client identifiers from a parent object into a child record. For example, when creating an email job for a specific user, the system can use the userId to join the User object, fetch its clientId, and statically assign it to the EmailJob object. This makes it easy to query email jobs by clientId without needing to join back to the User table at runtime. Note that, all static joins are executed before the property formula executions and the fetched data and read property (field) is written to the context like this.product and this.amount, so you can use these context data with in the calculated properties for either the same joint property or for another property.

interface PropertyStaticJoin = {
  isStaticJoin : Boolean;
  configuration : PropertyStaticJoinConfig;
}

Field

Description

isStaticJoin

Indicates whether this property should be populated from a static join with another data object. Static joins allow you to copy a fixed value from a related object (such as a foreign key reference) into this object at the time of creation or update. This enables fast lookups without needing runtime joins. Often used for propagating static values like tenantId, clientId, or status names. Enable this only when the source data is relatively stable and changes infrequently, as the joined value is stored statically and won't automatically update if the source changes.

configuration

The configuration object that defines the static join settings. Leave it null if the property is not a sttaic join.

PropertyStaticJoinConfig

MPO Version: 1.3.0

Configuration object for static joins. This object contains the settings that define how the static join is established, including the source object, the field to be joined, and the keys used for matching records. It is used in conjunction with the isStaticJoin property to enable static joins in data objects.

interface PropertyStaticJoinConfig = {
  jointSource : DataObjectName;
  jointRead : PropRefer;
  jointSourceKey : PropRefer;
  jointForeignKey : PropRefer;
}

Field	Description
jointSource	The name and optionally the service of the source object from which the value will be joined. If the source is in another service, Mindbricks will automatically use Elasticsearch indexing to perform the join.
jointRead	The name of the property in the source object whose value will be copied into the current property. Defaults to the same name as this property if not specified.
jointSourceKey	The key in the source object used to identify the matching record. This is typically 'id' as the primary identifier of the source object. This field acts as the join source in the static join relationship.
jointForeignKey	The property in the current object used as a reference to the source object (i.e., the foreign key). For example, if joining user.clientId via userId, the foreign key is 'userId'.

PropertyFormulaSettings

MPO Version: 1.3.0

Specifies formula-based logic for computing the value of a data property. Use this when the property should not be directly provided by the user but instead derived through predefined calculations during create or update operations. Note that formula caluclations are made at the final point of the data clause building, so you can acess other property values that are populated from other sources. The formulas are calculated in create and update api's, so these API's will automatically manage the calculated population of the related properties. If you need more complex calculations in API level, you can use dataClause settings of the API combined with Api actions.

interface PropertyFormulaSettings = {
  isCalculated : Boolean;
  configuration : PropertyFormulaSettingsConfig;
}

Field	Description
isCalculated	Indicates whether this property is calculated using an MScript formula. When enabled, the property’s value will be automatically derived instead of supplied directly by the client.
configuration	The configuration object for formula-based calculation. Leave it null if isCalculated is false.

PropertyFormulaSettingsConfig

MPO Version: 1.3.0

Configuration object for formula-based calculation. Defines the primary formula and optional update formula for computed properties. This allows dynamic calculation of values during create or update operations.

interface PropertyFormulaSettingsConfig = {
  formula : MScript;
  updateFormula : MScript;
  calculateWhenInputHas : PropRefer[];
  calculateAfterInstance : Boolean;
}

Field	Description
formula	The primary MScript formula used to compute the property's value during creation or when no update-specific formula is defined. Use `this.{property}` syntax to access other values in the same request context.
updateFormula	Optional MScript formula to override the default formula during update operations. If omitted, the main formula will be used for updates as well.
calculateWhenInputHas	List of field names that trigger recalculation during updates. If any of these fields appear in the input, the formula will be re-evaluated. This is useful for dependent computations.
calculateAfterInstance	Indicates whether the formula should be executed after the full instance is created or loaded. This is necessary when the formula depends on values not present in the input but available only after instantiation.

PropertyContextSettings

MPO Version: 1.3.0

Defines how this property is automatically populated from the request-time execution context. This is useful when the property value is fetched or computed externally before being written to the database—such as through API fetches, middleware injections, or upstream aggregations.

interface PropertyContextSettings = {
  isContextData : Boolean;
  configuration : PropertyContextSettingsConfig;
}

Field	Description
isContextData	Indicates whether this property derives its value from the execution context during a request. This enables dynamic assignment of the property using data available only at runtime.
configuration	The configuration object for context mapping. Leave it null if isContextData is false.

PropertyContextSettingsConfig

MPO Version: 1.3.0

Configuration object for context mapping. Defines the mapping between context properties and data object fields. This allows automatic population of data object properties from context data during create/update operations.

interface PropertyContextSettingsConfig = {
  contextParam : String;
}

Field	Description
contextParam	Specifies the key or path in the context object that holds the value for this property. Supports dot notation for nested context values (e.g., `company.name`).

PropertyFilterSettings

MPO Version: 1.3.0

Specifies if a data property should be exposed as a query parameter for filtering in auto-generated list endpoints. This allows users to filter records by this field when retrieving data via GET routes. The presence of this configuration determines how the backend interprets and applies client-side query filters.

interface PropertyFilterSettings = {
  isFilterParameter : Boolean;
  configuration : PropertyFilterSettingsConfig;
}

Field	Description
isFilterParameter	Determines whether the property can be used as a query parameter in list (GET) API routes. If enabled, clients can use this property to filter results when calling endpoints like `/customers`. The filtering logic is automatically handled based on the property type.
configuration	The configuration object for filter settings. Leave it null if isFilterParameter is false.

PropertyFilterSettingsConfig

MPO Version: 1.3.0

Configuration object for filter settings. Defines the custom name of the filter parameter in the query string. This is useful when the external API should expose a different term than the internal field name.

interface PropertyFilterSettingsConfig = {
  filterName : String;
}

Field	Description
filterName	Custom name of the filter parameter in the query string. Defaults to the property's name. This is useful when the external API should expose a different term than the internal field name.

BFFService

MPO Version: 1.3.0

The BFF (Backend-for-Frontend) service is strongly recommended in microservice-based projects to simplify and optimize data access for frontend clients. As data is distributed across multiple services, the BFF service acts as a unified gateway that aggregates and delivers the necessary information in a single response. Mindbricks supports a hybrid CQRS architecture using DataViews, which represent structured aggregations of service data. These can be configured as either Static or Dynamic DataViews. Static DataViews are persisted in Elasticsearch and are ideal for performance-critical or cross-service filtered queries. Dynamic DataViews, on the other hand, fetch and assemble data on-the-fly during each request, making them suitable for user-specific or context-dependent views without storing the output. If no DataViews are defined, the BFF service will not be generated as part of the project.

interface BFFService = {
  dataViews : DataView[];
}

Field	Description
dataViews	A list of DataView definitions that describe how data should be aggregated and exposed by the BFF service. These views can be optionally persisted in Elasticsearch for efficient querying, or resolved dynamically depending on performance and use case.

DataView

MPO Version: 1.3.0

A DataView defines an aggregated projection of data for the BFF service in Mindbricks. It serves as a unified structure that collects and combines information from multiple microservices. DataViews can be configured as either stored or dynamic. Stored DataViews persist their results in Elasticsearch and are optimal for queries requiring filtering, sorting, or cross-service joins. Dynamic DataViews are assembled at runtime during the request cycle and are suitable for lightweight, user-specific, or real-time scenarios. Both types aim to simplify frontend development by consolidating distributed data into a single, queryable view.

interface DataView = {
  viewBasics : ViewBasics;
  aggregates : ViewAggregate[];
  lookups : ViewLookup[];
  stats : ViewStat[];
}

Field	Description
viewBasics	Basic metadata and configuration for the DataView, including its name, storage strategy, source object, and selected properties. This section determines the fundamental structure and behavior of the view.
aggregates	A list of aggregate definitions that perform data joins from related objects, similar to SQL joins. These are used to enrich the DataView with related datasets, such as joining orders into a customer view.
lookups	A list of lightweight lookup definitions used to fetch reference values, typically for UI display purposes (e.g., converting a userType ID into a localized label like 'Administrator'). These join single values from dictionary-like sources.
stats	A list of statistical calculations performed within the view to enrich it with precomputed analytics.

ViewBasics

MPO Version: 1.3.0

Configuration for a DataView's identity and structure. It specifies whether the view is stored (in Elasticsearch) or dynamic (evaluated at runtime), the name of the view, the main source object it is built upon, and the list of core properties to retrieve from the main object.

interface ViewBasics = {
  name : String;
  isStored : Boolean;
  mainObject : DataObjectName;
  properties : PropRefer[];
}

Field	Description
name	A unique name for the DataView. Avoid using a name that matches any existing data object to prevent conflicts. Prefer descriptive names like 'UserDetailsView' that clearly indicate the view's purpose.
isStored	A boolean value that indicates whether the view is persisted in Elasticsearch. Set this to true for performance-optimized, filterable views. Set to false for dynamic, real-time data aggregations executed per request.
mainObject	The primary data object or existing view that the DataView is structured around. This object serves as the root of the aggregation.
properties	An array of property names from the main object that should be included in the view's result.

ViewAggregate

MPO Version: 1.3.0

Defines an aggregate (join) within a DataView that links related objects to the main object, similar to SQL-style joins. Aggregates are resolved at the Elasticsearch layer using replicated microservice data. Each aggregate pulls in one or more records from a child object based on matching keys and optional conditions, then embeds them under the specified property name in the final view output.

interface ViewAggregate = {
  name : String;
  childObject : DataObjectName;
  parentKey : PropRefer;
  childKey : PropRefer;
  oneToMany : Boolean;
  condition : MScript;
  properties : PropRefer[];
  checkIn : MScript;
}

Field	Description
name	The property name under which the joined data will be added in the DataView. This is typically a descriptive alias for the child object, like 'userRoles' or 'companyInfo'.
childObject	The name of the data object being joined (child object). This is the source of the aggregated data.
parentKey	The key field from the main object used to perform the join. Often this is a foreign key like 'companyId' or 'userId'.
childKey	The key field from the child object that is matched against the parent key. Typically this would be the child's primary identifier or a linking field.
oneToMany	Specifies whether the relationship is one-to-many (true) or one-to-one (false). If true, the result will be an array of records from the child object.
condition	An MScript condition evaluated on the main object to decide whether this aggregation should be executed.
properties	The list of property names to extract from the child object. Only these fields will be included in the aggregated result.
checkIn	An MScript condition evaluated on each child record to determine whether it should be included in the final aggregation result.

ViewLookup

MPO Version: 1.3.0

Defines a lookup operation in a DataView, typically used to enrich an object with a human-readable label or translated text from a dictionary index. Lookups are similar to aggregates but are optimized for fetching a single value, such as a label, for UI rendering. They are especially useful for localization (e.g., converting 'userType: 0' to 'Administrator') or enriching records with descriptive names from static dictionaries like country, city, or status lists. Multi-language lookups automatically resolve language-specific values based on the user's locale if the view is dynamic; if stored, all language variants are stored with suffixes.

interface ViewLookup = {
  name : String;
  lookupDict : String;
  multiLang : Boolean;
  lookupKey : String;
  lookupValue : String;
}

Field	Description
name	The name of the lookup field in the DataView output. This is the property that will hold the resolved value, such as 'userRoleName'. For stored DataViews, Mindbricks stores multilingual variants using suffixes like 'userRoleName_en', 'userRoleName_tr'. When returned to the client, only the relevant language value is exposed.
lookupDict	The name of the dictionary index where the lookup value resides. This can be any dictionary-like dataset, such as countries, roles, or labels. For multilingual dictionaries, Mindbricks automatically appends the language suffix (e.g., '_en', '_tr') to the index name during lookup.
multiLang	Whether the lookup dictionary is multilingual. If true, Mindbricks will automatically manage language-specific fields and suffixes. If false, a single language-independent value is returned.
lookupKey	The key field in the main object (or its aggregates) used to match against the dictionary index. This is typically a reference like 'roleId' or 'countryId'. The dictionary index's target key is always assumed to be 'id'.
lookupValue	The field in the dictionary index whose value will be returned. For example, 'name' or 'label'. This is what will appear in the DataView as the resolved text.

ViewStat

MPO Version: 1.3.0

Defines a statistical aggregation for a DataView. Unlike ViewAggregates that collect related records, ViewStats compute mathematical summaries such as sum, count, average, min, and max over grouped data. These groupings, or 'buckets', are constructed based on parent-child relationships between objects. This is conceptually similar to Elasticsearch's bucket-based aggregations. Each ViewStat joins the main object with a target object (child) using a foreign key relationship and computes one or more aggregates using the defined conditions. It's ideal for summarizing numerical data across associations, such as counting user orders or summing revenue per company.

interface ViewStat = {
  name : String;
  childObject : DataObjectName;
  parentKey : PropRefer;
  childKey : PropRefer;
  select : MScript;
  aggList : AggregateItem[];
}

Field	Description
name	The name of the statistic in the DataView result. This will appear as a property in the view (e.g., 'totalRevenue', 'userOrderCount').
childObject	The name of the target object to aggregate data from (e.g., orders, sessions, transactions). Can also be a previously defined view.
parentKey	The key from the main object that groups the stat results. Acts as the bucket owner (e.g., userId if calculating per user).
childKey	The foreign key in the target object used to relate it back to the main object. Typically a reference like 'userId' or 'companyId'.
select	An optional MScript filter applied before bucketing. Use this to narrow the child data (e.g., only 'canceled' orders in the last month).
aggList	The list of AggregateItems to apply on the grouped buckets. Each defines a numeric operation like sum, count, average. If empty, a default count is applied.

AggregateItem

MPO Version: 1.3.0

Defines a single mathematical operation to apply to a group of records within a ViewStat. Supports standard operations like sum, average, min, max, and count. Each AggregateItem targets a specific field in the child object and may apply additional filters. It is particularly useful when multiple grouped metrics are required from the same set of joined records, such as 'count of failed orders' vs. 'sum of successful order values'.

interface AggregateItem = {
  name : String;
  aggType : String;
  aggField : PropRefer;
  dataType : DataTypes;
  filterValue : MScript;
}

Field	Description
name	The identifier of the computed metric (e.g., 'orderCount', 'totalAmount'). Appears as a key in the result object.
aggType	The mathematical operation to perform (e.g., 'value_count', 'sum', 'average', 'min', 'max').
aggField	The field of the target object used in the aggregation (e.g., 'amount', 'id'). For count operations, typically use 'id'.
dataType	The expected data type of the result (e.g., 'Integer', 'Float'). Often reflects the type of the aggField but may differ (e.g., averaging integers produces floats).
filterValue	Optional MScript condition to filter records inside the bucket before applying the operation. Allows multiple filtered aggregations on the same group (e.g., 'totalCanceledAmount', 'totalCompletedAmount').

NotificationService

MPO Version: 1.3.0

Defines the global notification configuration for the project. This includes providers for different notification channels and the list of event-driven notification behaviors triggered by Kafka messages.

interface NotificationService = {
  serviceSettings : NotificationServiceSettings;
  eventNotifications : EventNotification[];
}

Field	Description
serviceSettings	NotificationServiceSettings defines the basic notification configuration for the project. This includes providers for different notification channels such as SMS, email, and push notifications.
eventNotifications	An array of event-based notification definitions. These are triggered when specific messages are received on Kafka topics. Each entry defines how and where a notification should be delivered.

NotificationServiceSettings

MPO Version: 1.3.0

Defines the basic notification configuration for the project. This includes the notification options providers for different notification channels such as SMS, email, and push notifications.

interface NotificationServiceSettings = {
  serviceOptions : NotificationServiceOptions;
  smtpSettings : SmtpSettings;
  amazonSNSSettings : AmazonSNSSettings;
  firebaseSettings : FirebaseSettings;
  sendGridSettings : SendGridSettings;
  twilioSettings : TwilioSettings;
  vonageSettings : VonageSettings;
  netGsmSettings : NetGSMSettings;
  oneSignalSettings : OneSignalSettings;
}

Field	Description
serviceOptions	Defines the global notification configuration for the project. This includes providers for different notification channels and the list of event-driven notification behaviors triggered by Kafka messages.
smtpSettings	Settings for using a custom SMTP server to send emails. Mindbricks includes a managed SMTP server by default. Override this setting if you want to use your own provider.
amazonSNSSettings	Settings for integrating Amazon SNS for messaging and notifications. Mindbricks does not provide a managed SNS setup, so you must supply your own credentials if you choose to use this service.
firebaseSettings	Settings for using Firebase services. Mindbricks does not include Firebase by default, so this setup is required only if Firebase will be used for messaging or real-time features.
sendGridSettings	Settings for integrating SendGrid to send transactional or notification emails. You must register a SendGrid account and provide your API key.
twilioSettings	Settings for using Twilio to send SMS or perform voice operations. Mindbricks does not provide a managed Twilio account, so integration must be configured here.
vonageSettings	Settings for integrating Vonage as an SMS provider. Provide credentials for your Vonage account if this service is used.
netGsmSettings	Settings for using the Turkish SMS provider NetGSM. You must supply your own credentials to use this service in Mindbricks.
oneSignalSettings	Settings for OneSignal push notifications. Mindbricks does not manage OneSignal accounts, so a valid app ID and API key must be provided.

NotificationServiceOptions

MPO Version: 1.3.0

interface NotificationServiceOptions = {
  storedNotice : Boolean;
  smsProvider : SmsProvider;
  emailProvider : EmailProvider;
  pushProvider : PushProvider;
}

Field	Description
storedNotice	Determines whether notifications will be persisted and listed within the app. If set to true, notifications are stored in the database and can be retrieved later. If false, notifications are sent transiently during the request cycle and are not stored. Disabling storage can improve performance in simple use cases where tracking historical notifications is unnecessary.
smsProvider	Specifies the SMS provider for project-level notifications. Supported values: amazonsns, fake, netgsm, twilio, vonage.
emailProvider	Specifies the email provider for project-level notifications. Supported values: amazonsns, fake, sendgrid, smtp.
pushProvider	Specifies the push notification provider for the project. Supported values: amazonsns, fake, firebase, onesignal.

SmsProvider

Defines valid SMS providers for project-wide notifications.

SmsProviderNames = ["amazonsns", "fake", "netgsm", "twilio", "vonage"];

const SmsProvider = {
  amazonsns: 0,
  fake: 1,
  netgsm: 2,
  twilio: 3,
  vonage: 4,
};

Enum	Description
amazonsns	Use Amazon SNS for SMS delivery.
fake	Use a mock provider for development/testing.
netgsm	Use NetGSM as an SMS gateway (common in Turkey).
twilio	Use Twilio for SMS notifications.
vonage	Use Vonage (formerly Nexmo) for SMS notifications.

EmailProvider

Defines valid email providers for project-wide notifications.

EmailProviderNames = ["amazonsns", "fake", "sendgrid", "smtp"];

const EmailProvider = {
  amazonsns: 0,
  fake: 1,
  sendgrid: 2,
  smtp: 3,
};

Enum	Description
amazonsns	Use Amazon SNS for sending emails.
fake	Use a mock provider for development/testing.
sendgrid	Use SendGrid for transactional or bulk email.
smtp	Use a custom SMTP server for email delivery.

PushProvider

Defines valid push notification providers for project-wide delivery.

PushProviderNames = ["amazonsns", "fake", "firebase", "onesignal"];

const PushProvider = {
  amazonsns: 0,
  fake: 1,
  firebase: 2,
  onesignal: 3,
};

Enum	Description
amazonsns	Use Amazon SNS to deliver push notifications.
fake	Use a mock provider for development/testing.
firebase	Use Firebase Cloud Messaging (FCM) for push notifications.
onesignal	Use OneSignal for cross-platform push delivery.

SmtpSettings

MPO Version: 1.3.0

Defines configuration for using a custom SMTP server to send emails. Mindbricks uses a managed cloud provider by default, but you may configure your own server here.

interface SmtpSettings = {
  useCustomSmptServer : Boolean;
  configuration : SmtpSettingsConfig;
}

Field	Description
useCustomSmptServer	Specifies whether a custom SMTP server should be used.
configuration	The configuration object for the SMTP server. Leave it null if useCustomSmptServer is false.

SmtpSettingsConfig

MPO Version: 1.3.0

Defines the configuration for a custom SMTP server. This object is used when useCustomSmptServer is set to true. It includes the host, port, authentication, and security details.

interface SmtpSettingsConfig = {
  emailFrom : String;
  emailHost : String;
  emailPort : Integer;
  emailUser : String;
  emailPass : String;
  isSecure : Boolean;
}

Field	Description
emailFrom	The default sender email address used in outgoing messages.
emailHost	The hostname of the SMTP server.
emailPort	The port number used by the SMTP server.
emailUser	The username used for SMTP authentication.
emailPass	The password used for SMTP authentication.
isSecure	Indicates whether the SMTP server connection should use SSL/TLS.

AmazonSNSSettings

MPO Version: 1.3.0

Defines configuration for integrating Amazon SNS for messaging and notifications. Mindbricks does not provide a managed SNS setup, so you must supply your own credentials if you choose to use this service.

interface AmazonSNSSettings = {
  useAmazonSNS : Boolean;
  configuration : AmazonSNSSettingsConfig;
}

Field	Description
useAmazonSNS	Specifies whether Amazon SNS should be enabled for the project.
configuration	The configuration object for the Amazon SNS service. Leave it null if useAmazonSNS is false.

AmazonSNSSettingsConfig

MPO Version: 1.3.0

Defines the configuration for Amazon SNS. This object is used when useAmazonSNS is set to true. It includes the secret key, access key, and region.

interface AmazonSNSSettingsConfig = {
  secretKey : String;
  accessKey : String;
  region : String;
}

Field	Description
secretKey	The secret access key for the Amazon SNS service.
accessKey	The access key ID for the Amazon SNS service.
region	The AWS region in which the SNS service is hosted.

FirebaseSettings

MPO Version: 1.3.0

Defines configuration for using Firebase services. Mindbricks does not include Firebase by default, so this setup is required only if Firebase will be used for messaging or real-time features.

interface FirebaseSettings = {
  useFirebase : Boolean;
  configuration : FirebaseSettingsConfig;
}

Field	Description
useFirebase	Specifies whether Firebase should be enabled.
configuration	The configuration object for the Firebase service. Leave it null if useFirebase is false.

FirebaseSettingsConfig

MPO Version: 1.3.0

Defines the configuration for Firebase. This object is used when useFirebase is set to true. It includes the API key for Firebase services.

interface FirebaseSettingsConfig = {
  firebaseKey : String;
}

Field	Description
firebaseKey	The API key used to access Firebase services.

SendGridSettings

MPO Version: 1.3.0

Defines configuration for integrating SendGrid to send transactional or notification emails. You must register a SendGrid account and provide your API key.

interface SendGridSettings = {
  useSendGrid : Boolean;
  configuration : SendGridSettingsConfig;
}

Field	Description
useSendGrid	Specifies whether SendGrid is enabled for the project.
configuration	The configuration object for the SendGrid service. Leave it null if useSendGrid is false.

SendGridSettingsConfig

MPO Version: 1.3.0

Defines the configuration for SendGrid. This object is used when useSendGrid is set to true. It includes the API key and sender email address.

interface SendGridSettingsConfig = {
  sendGridApiKey : String;
  sendGridFromEmail : String;
}

Field	Description
sendGridApiKey	The API key used to authenticate with the SendGrid service.
sendGridFromEmail	The sender email address to be used for outgoing messages.

TwilioSettings

MPO Version: 1.3.0

Defines configuration for using Twilio to send SMS or perform voice operations. Mindbricks does not provide a managed Twilio account, so integration must be configured here.

interface TwilioSettings = {
  useTwilio : Boolean;
  configuration : TwilioSettingsConfig;
}

Field	Description
useTwilio	Specifies whether Twilio is enabled.
configuration	The configuration object for the Twilio service. Leave it null if useTwilio is false.

TwilioSettingsConfig

MPO Version: 1.3.0

Defines the configuration for Twilio. This object is used when useTwilio is set to true. It includes the Account SID, authentication token, and sender identity.

interface TwilioSettingsConfig = {
  twilioAccountSid : String;
  twilioAuthToken : String;
  twilioSender : String;
}

Field	Description
twilioAccountSid	The Account SID for your Twilio service.
twilioAuthToken	The authentication token used with your Twilio account.
twilioSender	The default sender identity (phone number or name) for Twilio messages.

VonageSettings

MPO Version: 1.3.0

Defines configuration for integrating Vonage as an SMS provider. Provide credentials for your Vonage account if this service is used.

interface VonageSettings = {
  useVonage : Boolean;
  configuration : VonageSettingsConfig;
}

Field	Description
useVonage	Specifies whether Vonage is enabled.
configuration	The configuration object for the Vonage service. Leave it null if useVonage is false.

VonageSettingsConfig

MPO Version: 1.3.0

Defines the configuration for Vonage. This object is used when useVonage is set to true. It includes the token and sender name/number.

interface VonageSettingsConfig = {
  vonageToken : String;
  vonageSender : String;
}

Field	Description
vonageToken	The token used to authenticate with the Vonage service.
vonageSender	The sender name or number used for Vonage messages.

NetGSMSettings

MPO Version: 1.3.0

Defines configuration for using the Turkish SMS provider NetGSM. You must supply your own credentials to use this service in Mindbricks.

interface NetGSMSettings = {
  useNetGSM : Boolean;
  configuration : NetGSMSettingsConfig;
}

Field	Description
useNetGSM	Specifies whether NetGSM is enabled for the project.
configuration	The configuration object for the NetGSM service. Leave it null if useNetGSM is false.

NetGSMSettingsConfig

MPO Version: 1.3.0

Defines the configuration for NetGSM. This object is used when useNetGSM is set to true. It includes the username, password, and sender ID.

interface NetGSMSettingsConfig = {
  netGsmUsername : String;
  netGsmPassword : String;
  netGsmSender : String;
}

Field	Description
netGsmUsername	The username used to authenticate with NetGSM.
netGsmPassword	The password used to authenticate with NetGSM.
netGsmSender	The sender ID or label used for NetGSM messages.

OneSignalSettings

MPO Version: 1.3.0

Defines configuration for OneSignal push notifications. Mindbricks does not manage OneSignal accounts, so a valid app ID and API key must be provided.

interface OneSignalSettings = {
  useOneSignal : Boolean;
  configuration : OneSignalSettingsConfig;
}

Field	Description
useOneSignal	Specifies whether OneSignal is enabled for push notifications.
configuration	The configuration object for the OneSignal service. Leave it null if useOneSignal is false.

OneSignalSettingsConfig

MPO Version: 1.3.0

Defines the configuration for OneSignal. This object is used when useOneSignal is set to true. It includes the app ID and REST API key.

interface OneSignalSettingsConfig = {
  oneSignalAppId : String;
  oneSignalApiKey : String;
}

Field	Description
oneSignalAppId	The OneSignal application ID for the target app.
oneSignalApiKey	The REST API key for the OneSignal project.

EventNotification

MPO Version: 1.3.0

Defines a single event-triggered notification within the project. These notifications are triggered by messages on a Kafka topic and can be sent as email, SMS, push, or in-app messages depending on configuration.

interface EventNotification = {
  eventNotificationBasics : EventNotificationBasics;
  eventDataSettings : EventDataSettings;
  targets : NotificationTarget[];
  template : NotificationTemplate;
}

Field	Description
eventNotificationBasics	Basic properties of the event notification, including its name, description, storage behavior, and job type.
eventDataSettings	Settings for how the notification extracts and processes data from incoming Kafka messages. This includes the dataview source, paths, and any additional data to include.
targets	A list of NotificationTarget objects that define how to extract user(s) from the rendered data. Each target specifies a path in the notification data where user information can be found.
template	The notification template used to render the notification content.

EventNotificationBasics

MPO Version: 1.3.0

Defines the basic properties of an event notification, including its name, description, storage behavior, and job type. This section is used to configure how the notification behaves and what type of message it sends.

interface EventNotificationBasics = {
  name : String;
  description : Text;
  isStored : Boolean;
  jobType : NotificationJobTypes;
  actionDeepLink : MScript;
  actionText : MScript;
  fromUser : MScript;
}

Field	Description
name	The unique, human-readable name of the event notification. Use one-word camelCase names such as userCreated or orderShipped.
description	A brief explanation of the event notification's purpose and scope.
isStored	Determines whether the notification should be stored in the database for future reference. If true, notifications are saved and can be listed in the frontend. If false, they are only sent during the request lifecycle and are not retained.
jobType	The type of notification to send: email, sms, push, or inApp.
actionDeepLink	An MScript expression that generates a deep link for client-side actions. The frontend can use this to navigate or perform custom logic when the user interacts with the notification. Leave null for no integration case.
actionText	An MScript expression defining the display text for the action deep link in the frontend interface. Leave null for no integration case.
fromUser	An MScript expression identifying the sender of the notification (e.g., for inApp messages or email 'from' fields).

NotificationJobTypes

Specifies the medium through which the notification will be sent.

NotificationJobTypesNames = ["email", "sms", "push", "inApp"];

const NotificationJobTypes = {
  email: 0,
  sms: 1,
  push: 2,
  inApp: 3,
};

Enum	Description
email	Send the notification as an email using the configured email provider.
sms	Send the notification as an SMS using the configured SMS provider.
push	Send the notification as a push message using the configured push provider.
inApp	Create an in-app notification stored in the system. It will be listed in the default InAppNotification object with auto-generated routes.

EventDataSettings

MPO Version: 1.3.0

Defines how the event notification extracts and processes data from incoming Kafka messages. This includes the data source, paths to relevant information, and any additional data to include in the notification.

interface EventDataSettings = {
  channel : String;
  condition : MScript;
  dataViewName : String;
  dataViewIdPathInPayload : String;
  includeData : DataMapItem[];
}

Field	Description
channel	The Kafka topic name that will trigger this notification. The notification manager listens on this channel.
condition	An optional MScript condition to determine whether the notification should be triggered, based on the incoming Kafka message payload. To access data from both data source and the received Kafka event, use `this.dataSource`.
dataViewName	The name of the data view to use when the data source is 'dataView'.
dataViewIdPathInPayload	The path in the payload where the ID of the object needed by the data view can be found. Defaults to 'id'.
includeData	An optional list of key-value mappings to merge additional values from the event payload into the notification data. Useful when using dataView or narrowed payload paths.

NotificationTarget

MPO Version: 1.3.0

Defines a recipient or list of recipients for an event notification. Targets are derived from the notification data and can be conditional.

interface NotificationTarget = {
  targetName : String;
  targetPathInData : String;
  isArray : Boolean;
  targetUserIdInArrayTargetItem : String;
  targetItemNameInArray : String;
  condition : MScript;
}

Field	Description
targetName	A unique, human-readable name for the target. Use camelCase (e.g., 'customer', 'internalApprovers').
targetPathInData	The path to the user(s) inside the source notification dataview. If the target is a single user, this is the property name. If an array, it refers to the list. In case data is a multi-level nested object, `prop1.prop2.prop3` notation must be used.
isArray	Indicates whether the target path contains a list of users. If true, the notification will be sent to each user in the array.
targetUserIdInArrayTargetItem	When targeting a user array, this is the property name that holds the user ID inside each item.
targetItemNameInArray	If the target is an array, this is the property that holds each individual user object including the userId.Leave it empty if the user objects are already the target items.
condition	An MScript expression that determines whether the notification should be sent to this target, based on the target data. Access the target data using `target` (without `this`) and data source using `this.dataSource`.

NotificationTemplate

MPO Version: 1.3.0

Defines a notification template used to render the content of event notifications. Templates are written in EJS and can include dynamic data from the notification payload.

interface NotificationTemplate = {
  name : String;
  description : Text;
  subjectTemplate : Text;
  bodyTemplate : Text;
  parser : String;
}

Field	Description
name	The unique name of the notification template. This is used to reference the template in event notifications.
description	A brief description of the template's purpose and usage.
subjectTemplate	The EJS template text used to generate the notification subject line.
bodyTemplate	The EJS template text used to generate the notification body content.
parser	The template rendering engine. Currently, only 'ejs' is supported.

Service

MPO Version: 1.3.0

Defines the overall structure and configuration for a microservice within the project. Each service acts as an independent domain that encapsulates its own data model, business logic, and interface behaviors. While services primarily manage and expose domain-specific data, this module extends beyond basic CRUD operations by offering customizable patterns, libraries, authentication, and specialized route handling. Use this module to tailor the internal and external behaviors of your service—whether it's securing endpoints, defining edge routes, managing complex data objects, or integrating advanced logic. The service configuration ensures the resulting microservice is robust, secure, and aligned with the specific application requirements.

interface Service = {
  serviceSettings : ServiceSettings;
  dataObjects : DataObject[];
  businessLogic : BusinessApi[];
  library : ServiceLibrary;
  edgeControllers : EdgeController[];
}

Field	Description
serviceSettings	The general configuration for the service, including its basic metadata and authentication rules. This sets foundational behavior such as login requirements and token usage.
dataObjects	An array of data object definitions representing the internal data schema of the service. Each object defines its fields, relations, and business logic behavior.
businessLogic	BusinessApi enables the creation of sophisticated backend operations through declarative configuration. It should be used when a project needs to expose business logic as APIs - whether through REST endpoints, real-time WebSocket connections, event-driven Kafka handlers, or scheduled cron jobs. BusinessApi automatically handles CRUD operations on data objects, parameter extraction from multiple sources (request body, Redis, session), authentication, and complex workflows with validation, transformations, and inter-service calls. Use BusinessApi when you need to create, read, update, or delete data, process events, schedule background tasks, or orchestrate multi-step business operations without writing custom backend code.
library	The service's function library where custom business logic is written. Includes edge functions, and shared utilities callable across routes and controllers.
edgeControllers	A set of custom controller endpoints defined at the edge of the service, each connected to a function from the service library. Edge controllers offer custom REST APIs beyond the auto-generated business APIs.

ServiceSettings

MPO Version: 1.3.0

Defines the foundational settings of the service module, including basic metadata and authentication configurations. These settings must be established before designing the service's data model. They determine the service's identity, behavior within the project, and how it handles authentication. This configuration acts as the entry point for service-level behavior, ensuring consistency and security from the outset of development.

interface ServiceSettings = {
  serviceBasics : ServiceBasics;
  serviceOptions : ServiceOptions;
}

Field	Description
serviceBasics	Defines the basic metadata of the service, including its unique name, description, and optional custom configuration variables. These basics are used throughout code generation, routing, and documentation.
serviceOptions	Defines basic options of the service for authentication, http and data model

ServiceBasics

MPO Version: 1.3.0

Provides core identifiers and metadata for the service. Includes the service's internal ID, a unique name (used in code, routing, and service naming), a descriptive text for documentation, and any custom variables required for runtime configuration.

interface ServiceBasics = {
  id : String;
  name : String;
  description : Text;
  frontendDocument : Text;
  customVariables : DataMapSimpleItem[];
  nodejsPackages : NodeJsPackageItem[];
}

Field	Description
id	Unique identifier of the service, automatically managed within the project.
name	Service name used for naming files, folders, endpoints, and routes. Use short, single-word names in camelCase if needed. This field impacts many system-level identifiers.
description	A clear, human-readable explanation of what the service does. This description appears in service-level documentation and interface annotations.
frontendDocument	A text based information to inform the frontend developer or frontend AI agent about the service specific UX behaviour of the service logic based on user stories and use cases. The format may be either text or markdown(recommended). Write the document as an AI prompt and describe service gneric UX behaviours. Any data object specific information should be given as a brief key sentence, since they will be detailed in their own objects. Note that this document will be given to the AI agent or human developer combined with all technical details that is generated from the servic design,so this document should only focus on service-specific behavioral UX business logic.
customVariables	A list of custom key-value pairs that will be available to all scripts and functions within the service. Useful for environment-specific settings or reusable values.
nodejsPackages	A list of npm packages to be added to the nodejs package json of the service. They will be imported in the business api context if required.

NodeJsPackageItem

MPO Version: 1.3.0

An object to define a nodejs npm package requirement to be added to the nodejs package json of the service

interface NodeJsPackageItem = {
  packageName : String;
  version : String;
  defaultImportConst : String;
}

Field	Description
packageName	The official import name of the package in the npm cloud. It may be a single string or a path like string
version	The version of the package that will be imported. Use an asterix (*) if you need the latest version
defaultImportConst	A const name like `axios` that will be the main default import of the librarry.

ServiceOptions

MPO Version: 1.3.0

Defines a configuration class for the basic options of the service for authentication, http and data model

interface ServiceOptions = {
  serviceRequiresLogin : Boolean;
  serviceAllowsUserToLogin : Boolean;
  httpPort : Integer;
  routerSuffix : String;
  dataModelName : String;
  dbType : DbTypes;
  useSoftDelete : Boolean;
}

Field	Description
serviceRequiresLogin	If true, all API calls to this service require a valid login token unless explicitly marked otherwise.
serviceAllowsUserToLogin	Keep this false unless you know what you are doing. If true, the service provides login endpoints for users, allowing it to act as an authentication provider. This option is used if you want to make your own auth/user service instead of the default one created with authentication module configuration.
httpPort	The port number that the service will use to listen for HTTP traffic. Recommended to use ports in the 3000-3099 range for consistency across microservices.
routerSuffix	Use this in your custom deployment if you have any suffix in your service url to be removed before evaluated in express router. AI Agents should keep this null.
dataModelName	The name identifier of the data model configuration. For current Mindbricks versions, use 'main' or 'default'. In future versions with support for multiple data models per service, this name will distinguish them.
dbType	Specifies the type of database engine used for storing the service's data. It must be one of the values in the DbTypes enum. Currently, PostgreSQL is fully supported; MongoDB is in beta.
useSoftDelete	Indicates whether records are soft-deleted (i.e., marked inactive using an 'isActive' flag) instead of being physically removed from the database. This setting applies globally unless overridden at the data object level.

DbTypes

Enumeration of supported database types for service-level data models.

DbTypesNames = ["postgresql", "mongodb"];

const DbTypes = {
  postgresql: 0,
  mongodb: 1,
};

Enum	Description
postgresql	Use PostgreSQL for relational database management.
mongodb	Use MongoDB for document-oriented data storage (currently in beta).

DataObject

MPO Version: 1.3.0

A DataObject is the core building block of a service in Mindbricks. It represents both the data schema (like a table in SQL or a collection in MongoDB) and the business logic that operates around it. Each DataObject includes a set of DataProperties (fields), and it governs how the data is stored, validated, secured, and exposed through automatically generated business APIs. Beyond simple data modeling, DataObjects enable complex logic configurations, such as access control, field-level behaviors, validation, and custom API route behavior. They serve not only as data containers but also as logical units of functionality within the microservice.

interface DataObject = {
  objectSettings : ObjectSettings;
  properties : DataProperty[];
}

Field	Description
objectSettings	Settings that define general behavior and characteristics of the data object, such as naming, indexing, visibility, and access options.
properties	The list of data properties of the data object. Each property represents a field and encapsulates both the type of the data and behavioral configurations like default values, constraints, visibility, or computed logic. Note: Mindbricks automatically creates standard fields (`id`, `isActive`, `createdAt`, `updatedAt`), so avoid defining these manually.

ObjectSettings

MPO Version: 1.3.0

Configuration settings that govern the behavior, access control, and optimization strategies of a data object. These settings allow fine-grained control over how the data object behaves in terms of authorization, caching, indexing, payment processing, and membership relationships. This is the central point to define how the object integrates with infrastructure and security policies in a microservice.

interface ObjectSettings = {
  basicSettings : ObjectBasicSettings;
  authorization : ObjectAuthorization;
  redisEntityCacheSettings : RedisEntityCacheSettings;
  compositeIndexSettings : CompositeIndex[];
  stripeOrder : StripeOrder;
  membershipSettings : MembershipSettings;
}

Field	Description
basicSettings	Core definitions of the data object such as its name, label, and description. These settings influence how the object appears in documentation and interfaces.
authorization	Rules and permissions that control access to this data object. These object-level rules enhance or override project-level authorization to implement fine-grained security models.
redisEntityCacheSettings	Configuration for enabling Redis-based entity-level caching. Useful for frequently accessed, lightweight records that benefit from high-speed lookups and smart cache invalidation.
compositeIndexSettings	Defines one or more composite indexes to ensure uniqueness across multiple fields and improve the efficiency of compound queries. This is especially critical for enforcing business constraints or query performance in relational databases. Please note that if you need unique constraints on a single field, you can use the `unique` property of the DataProperty instead.
stripeOrder	Activates e-commerce order support for the data object through Stripe integration. Automatically configures order and payment processing infrastructure when the object represents billable entities like purchases or subscriptions.
membershipSettings	Settings to enable access control for this object through an external membership relationship. This object represents the protected resource (such as a project), and access to it is managed by another object (such as projectMember) that links users or roles to this resource. Useful in multi-user collaboration domains where permissions are scoped per resource instance.

ObjectBasicSettings

MPO Version: 1.3.0

Basic configuration for a data object, including its identity, documentation, and deletion strategy. A data object acts as a logical model for a database table or MongoDB collection, and is central to defining how data is stored, queried, and managed within a microservice.

interface ObjectBasicSettings = {
  name : String;
  description : Text;
  frontendDocument : Text;
  useSoftDelete : Boolean;
}

Field	Description
name	A unique identifier for the data object used consistently across generated code, API routes, and documentation. The name must be a single, camelCase word without spaces or special characters, and should be unique within the project. Use a singular noun that clearly represents the entity (e.g., 'product', 'order', 'task').
description	A descriptive explanation of what the data object represents. This description is used in documentation and helps clarify the business domain the object serves.
frontendDocument	A text based information to inform the frontend developer or frontend AI agent about the data object specific UX behaviour of the data object logic based on user stories and use cases. The format may be either text or markdown(recommended). Write the document as an AI prompt and describe data object specific UX behaviours. Note that this document will be given to the AI agent or human developer combined with all technical details that is generated from the data object design,so this document should only focus on data object-specific behavioral UX business logic.
useSoftDelete	Overrides the default data model setting to enable or disable soft deletion for this object. If enabled, records will not be physically deleted but marked inactive using an 'isActive' flag. These records will be excluded from normal queries unless explicitly requested.

ObjectAuthorization

MPO Version: 1.3.0

Defines access control scope for this data object, including tenant scoping and public accessibility. These settings are applied globally unless explicitly overridden at the Business API level.

interface ObjectAuthorization = {
  dataObjectAccess : DataObjectAccess;
  objectDataIsInTenantLevel : Boolean;
}

Field	Description
dataObjectAccess	Specifies the default access level for this DataObject and its related get/list APIs. The value is defined by the DataObjectAccess enum, which determines whether the object is private (restricted to owner/admins), protected (available to all authenticated project users), or public (open to everyone, including anonymous). API-level configurations may override this default.
objectDataIsInTenantLevel	Determines whether this object is scoped per tenant in a multi-tenant architecture. If true, an implicit tenant ID field (e.g., clientId) will be added to segregate data per tenant. Use this for tenant-owned data like projects or documents.

DataObjectAccess

Defines the possible access levels for a DataObject. This type captures whether the object is only visible to its owner/admins (private), shared with authenticated project users (protected), or exposed to the public including anonymous users (public). The key difference is between restricted vs. shared access, and within shared access whether authentication is required.

DataObjectAccessNames = ["accessPrivate", "accessProtected", "accessPublic"];

const DataObjectAccess = {
  accessPrivate: 0,
  accessProtected: 1,
  accessPublic: 2,
};

Enum	Description
accessPrivate	Only the object owner and system administrators can access.
accessProtected	All authenticated project users can access.
accessPublic	All users, including anonymous, can access.

RedisEntityCacheSettings

MPO Version: 1.3.0

Configuration for Redis-based entity-level caching. Enables fast access to frequently used data by storing and serving object-level records from Redis, with support for custom cache criteria and smart expiration.

interface RedisEntityCacheSettings = {
  useEntityCaching : Boolean;
  configuration : RedisEntityCacheConfig;
}

Field	Description
useEntityCaching	Enables Redis entity caching for this object. When active, individual records are cached in Redis, improving read performance for high-frequency access patterns.
configuration	Configuration settings for Redis entity caching. Includes cache criteria and expiration logic. Leave it null if useEntityCaching is false.

RedisEntityCacheConfig

MPO Version: 1.3.0

interface RedisEntityCacheConfig = {
  useSmartCaching : Boolean;
  cacheCriteria : MScript;
  checkCriteriaOnlyInCreateAndUpdates : Boolean;
}

Field	Description
useSmartCaching	Activates smart cache expiration logic. TTL (time-to-live) is dynamically calculated based on access frequency, which is useful for large datasets with volatile usage patterns.
cacheCriteria	A condition (written as an MScript Query object) that determines whether a specific record should be cached. Useful for filtering which records are cache-worthy (e.g., only active events, unexpired tickets).
checkCriteriaOnlyInCreateAndUpdates	If true, cache criteria will be evaluated only during create and update operations, ideal for conditions based solely on internal record fields. Set false to re-evaluate criteria at read time when the condition depends on external context (e.g., current date).

CompositeIndex

MPO Version: 1.3.0

Defines a composite index for a data object. Composite indexes improve database performance for queries that filter or sort based on multiple fields. Each index is created at the database level and can optionally handle duplicate conflicts during insert operations. Note that if you need unique constraints on a single field, you can use the unique property of the DataProperty instead. Composite indexes are particularly useful for optimizing complex queries that involve multiple fields, such as searching for users by email and client ID simultaneously or whne you need to ensure uniqueness across multiple fields (e.g., email and clientId). They are defined at the data object level and will be used across all related Business APIs.

interface CompositeIndex = {
  indexName : String;
  indexFields : PropRefer[];
  onDuplicate : OnDuplicate;
}

Field	Description
indexName	Unique name of the database index. Used in DDL statements and must be unique within the scope of the current data object. Choose a descriptive name that reflects the indexed fields (e.g., userEmailIndex).
indexFields	List of field names that form the composite index. The order of fields matters for query optimization. For example, ['email', 'clientId'] allows fast lookups for email within a specific client context.
onDuplicate	Defines the behavior when an insert operation encounters a duplicate key on this index. Options include updating the existing row or throwing an error. Useful for implementing upsert logic.

OnDuplicate

Enumeration that defines the conflict resolution strategy when a new record would violate a composite index constraint.

OnDuplicateNames = ["doUpdate", "throwError", "stopOperation", "doInsert"];

const OnDuplicate = {
  doUpdate: 0,
  throwError: 1,
  stopOperation: 2,
  doInsert: 3,
};

Enum	Description
doUpdate	Update the existing record if a duplicate key is encountered. Equivalent to an upsert operation.
throwError	Throw a database error when a duplicate key is encountered. Prevents the insertion of conflicting data.
stopOperation	Stop the operation silently if a duplicate key is encountered. The existing record remains unchanged and no error is thrown.
doInsert	Proceed with the operation without checking for duplicates. Use this option when your composite index is designed for search purposes only and duplicates are allowed.

StripeOrder

MPO Version: 1.3.0

Defines the settings for integrating this data object with Stripe to handle e-commerce orders and payments. When enabled, Mindbricks automatically generates the required logic and auxiliary objects for managing payment workflows. Ensure Stripe credentials are set at the project level to activate this integration.

interface StripeOrder = {
  objectIsAnOrderObject : Boolean;
  configuration : StripeOrderConfig;
}

Field	Description
objectIsAnOrderObject	Enables Stripe order logic for this object. When true, the object is treated as an order and integrated with Stripe payment flows.
configuration	The configuration object for Stripe order integration. Leave it null if objectIsAnOrderObject is false.

StripeOrderConfig

MPO Version: 1.3.0

Configuration settings for Stripe order integration. Defines the order name, ID, amount, currency, description, and other properties used in the Stripe payment flow.

interface StripeOrderConfig = {
  orderName : String;
  orderId : MScript;
  amount : MScript;
  currency : MScript;
  description : MScript;
  orderStatusProperty : PropRefer;
  orderStatusUpdateDateProperty : PropRefer;
  orderOwnerIdProperty : PropRefer;
  mapPaymentResultToOrderStatus : PaymentResultMap;
  onCheckoutError : OnCheckoutError;
}

Field	Description
orderName	The name of the order as it will appear in Stripe and internal records.
orderId	MScript expression to extract the order's unique identifier.
amount	MScript expression to determine the order amount for payment.
currency	MScript expression to determine the currency for the order.
description	MScript expression for the order description, shown in Stripe and receipts.
orderStatusProperty	The field name in the data object that holds the current order status. This will be automatically updated based on payment results.
orderStatusUpdateDateProperty	The field name that records the timestamp of the last order status update. This is auto-managed during payment events.
orderOwnerIdProperty	The field that holds the ID of the user who owns the order. This is used to ensure correct access control in payment flows.
mapPaymentResultToOrderStatus	Defines how Stripe's payment results (started, success, failed, canceled) map to internal order statuses using MScript expressions.
onCheckoutError	Determines the system's behavior if a checkout error occurs. Options are 'continueRoute' to proceed or 'throwError' to stop with an error.

OnCheckoutError

Enum options for handling errors that occur during the Stripe checkout process.

OnCheckoutErrorNames = ["continueRoute", "throwError"];

const OnCheckoutError = {
  continueRoute: 0,
  throwError: 1,
};

Enum	Description
continueRoute	Continue processing, log the error, and set status to 'failed'.
throwError	Throw an error and halt processing when a checkout error occurs.

PaymentResultMap

MPO Version: 1.3.0

Defines how various Stripe payment outcomes map to internal order status values using MScript expressions.

interface PaymentResultMap = {
  paymentResultStarted : MScript;
  paymentResultCanceled : MScript;
  paymentResultFailed : MScript;
  paymentResultSuccess : MScript;
}

Field	Description
paymentResultStarted	MScript for mapping the Stripe 'started' status to an internal order status.
paymentResultCanceled	MScript for mapping the Stripe 'canceled' status to an internal order status.
paymentResultFailed	MScript for mapping the Stripe 'failed' status to an internal order status.
paymentResultSuccess	MScript for mapping the Stripe 'success' status to an internal order status.

MembershipSettings

MPO Version: 1.3.0

Configuration settings for membership-based access control of a data object. This object does not define access itself but relies on a separate membership data object to manage which users can access this data object. For example, an 'organization' object might have access control defined through an 'organizationMember' object, which holds references to both the user and the organization.

interface MembershipSettings = {
  hasMembership : Boolean;
  configuration : MembershipSettingsConfig;
}

Field	Description
hasMembership	Indicates whether this data object uses an external membership object to manage access rights. If set to true, access to this object is governed by entries in another object. Default is false.
configuration	The configuration object for membership settings. Leave it null if hasMembership is false.

MembershipSettingsConfig

MPO Version: 1.3.0

interface MembershipSettingsConfig = {
  membershipObjectName : DataObjectName;
  membershipObjectIdProperty : PropRefer;
  membershipUserIdProperty : PropRefer;
  membershipStatusCheck : MScript;
}

Field	Description
membershipObjectName	Specifies the name of the external data object used to manage membership. This object contains membership entries linking users to this object.
membershipObjectIdProperty	The field name in the membership object that refers back to this data object (e.g., organizationId). It links the membership entry to this object.
membershipUserIdProperty	The field name in the membership object that refers to the user who holds membership. This is typically linked to the user's session during authorization checks.
membershipStatusCheck	Optional MScript condition to determine if a membership entry is valid. Can be used to check fields like status, startDate, or endDate. This filter is applied at query time when evaluating access.

BusinessApi

MPO Version: 1.3.0

Defines a Business API, a high-level abstraction representing a specific business operation on a primary data object. It encapsulates intent (e.g., get, create, delete), parameters, trigger mechanisms, and a structured workflow composed of modular actions. Each Business API offers more expressive and decoupled control over behavior and access.

interface BusinessApi = {
  apiOptions : ApiOptions;
  authOptions : ApiAuthOptions;
  customParameters : BusinessApiParameter[];
  redisParameters : RedisApiParameter[];
  restSettings : ApiRestSettings;
  grpcSettings : ApiGrpcSettings;
  kafkaSettings : ApiKafkaSettings;
  socketSettings : ApiSocketSettings;
  cronSettings : ApiCronSettings;
  selectClause : SelectClauseSettings;
  dataClause : DataClauseSettings;
  whereClause : WhereClauseSettings;
  deleteOptions : DeleteOptions;
  getOptions : GetOptions;
  listOptions : ListOptions;
  paginationOptions : PaginationOptions;
  actions : BusinessApiActionStore;
  workflow : BusinessWorkflow;
}

Field	Description
apiOptions	Defines the name,type, dataObject and description of the business api as well as its basic options
authOptions	Defines core authentication and authorization settings for a Business API. These settings cover session validation, role and ownership checks, and access scope (e.g., tenant vs. SaaS-level). While these options are sufficient for most use cases, more fine-grained access control—such as conditional permissions or contextual ownership—should be implemented using explicit access control actions (e.g., `PermissionCheckAction`, `MembershipCheckAction`, `ObjectPermissionCheckAction`).
customParameters	An array of manually defined parameters that are extracted from the incoming request (e.g., body, query, session). These are configured using `BusinessApiParameter` and are written to the context as `this.<name>` before workflow execution begins.
redisParameters	An array of parameters fetched from Redis based on dynamically computed keys. These are defined using `RedisApiParameter` and are written to the context as `this.<name>`, just like custom parameters.
restSettings	Defines HTTP REST controller settings such as method and route path. Automatically generated using naming conventions, but can be customized for fine-grained control over REST behavior, parameter mapping, or URL design.
grpcSettings	Enables gRPC access for this Business API and configures the request and response schemas. gRPC is disabled by default unless explicitly configured.
kafkaSettings	Enables this Business API to be triggered by Kafka events. This controller listens for messages published to configured Kafka topics, allowing the API to respond to system-level events (e.g., file uploaded, user signed up) or external integrations. This is commonly used for decoupled orchestration between services or for reacting to events emitted by backend libraries and storage providers.
socketSettings	Enables invocation of this Business API over WebSocket channels. Useful for real-time communication where APIs must respond to push-based client interactions.
cronSettings	Schedules this Business API for automatic execution at specified intervals. Useful for background tasks, data cleanup, or scheduled jobs. Uses cron expressions to define timing.
selectClause	Specifies which fields will be selected from the main data object during a `get` or `list` operation. Leave blank to select all properties. This applies only to `get` and `list` type APIs.
dataClause	Defines custom field-value assignments used to modify or augment the default payload for `create` and `update` operations. These settings override values derived from the session or parameters if explicitly provided.
whereClause	Defines the criteria used to locate the target record(s) for the main operation. This is expressed as a query object and applies to `get`, `list`, `update`, and `delete` APIs. All API types except `list` are expected to affect a single record.
deleteOptions	Contains settings specific to `delete` type APIs, such as soft-delete configurations or cascade options.
getOptions	Contains settings specific to `get` type APIs, such as instance enrichment, fallback behaviors, or object caching.
listOptions	Defines list-specific options including filtering logic, default sorting, and result customization for APIs that return multiple records.
paginationOptions	Contains settings to configure pagination behavior for `list` APIs. Includes options like page size, offset, cursor support, and total count inclusion.
actions	Represents the available logic actions that can be referenced by the Business API's workflow. Actions include data fetches, validation, permission checks, interservice calls, transformations, and output shaping.
workflow	Defines the logical flow of the Business API, composed of sequenced action ids grouped by lifecycle stages. This workflow is generated visually in the architecture UI or programmatically inferred from the API's type.

ApiOptions

MPO Version: 1.3.0

Main configuration section for a Business API. This object includes essential attributes such as naming, access control, event handling, input generation, and fallback strategies. In many cases, configuring this section alone is sufficient to define the primary behavior of an API entry point.

interface ApiOptions = {
  dataObjectName : LocalDataObjectName;
  crudType : CrudTypes;
  name : String;
  apiDescription : Text;
  frontendDocument : Text;
  raiseApiEvent : Boolean;
  raiseDbLevelEvents : Boolean;
  autoParams : Boolean;
  readFromEntityCache : Boolean;
}

Field	Description
dataObjectName	Specifies the primary data object that this Business API interacts with. This object is the core target of the API's operation, such as reading, updating, or deleting records.
crudType	Defines the primary operation type for this API. Possible values are `get`, `list`, `create`, `update`, and `delete`. This classification drives the behavior and flow of the API lifecycle.
name	A unique, human-readable name for the API, used for referencing in documentation and the UI. This is not a code-level identifier; instead, generated class and function names are derived from this value. Use camelCase formatting, avoid spaces or special characters, and ensure uniqueness within the same service. If you want the API to behave like a default RESTful endpoint, use a verb-noun combination like `createUser`, `getOrder`, or `deleteItem`, which will enforce expected parameters and URL patterns (e.g., `/users/:userId`).
apiDescription	A brief explanation of the API's business purpose or logic. Helps clarify its intent for developers and documentation readers.
frontendDocument	A text based information to inform the frontend developer or frontend AI agent about the api specific UX behaviour of the api logic based on user stories and use cases. The format may be either text or markdown(recommended). Write the document as an AI prompt and describe api specific UX behaviours. Note that this document will be given to the AI agent or human developer combined with all technical details that is generated from the business api design,so this document should only focus on data api-specific behavioral UX business logic.
raiseApiEvent	Indicates whether the Business API should emit an API-level event after successful execution. This is typically used for audit trails, analytics, or external integrations.
raiseDbLevelEvents	If true, database-level events will be emitted for each affected data object. This is useful for APIs that interact with multiple related objects and need fine-grained event tracking.
autoParams	Determines whether input parameters should be auto-generated from the schema of the associated data object. Set to `false` if you want to define all input parameters manually.
readFromEntityCache	If enabled, the API will attempt to read the target object from the Redis entity cache before querying the database. This can improve performance for frequently accessed records.

CrudTypes

CrudTypes define the fundamental operation mode of a route. Each route is classified by a CRUD type that reflects its intended data operation: create, update, read, or delete.

CrudTypesNames = ["create", "update", "get", "list", "delete"];

const CrudTypes = {
  create: 0,
  update: 1,
  get: 2,
  list: 3,
  delete: 4,
};

Enum	Description
create	Specifies that the route handles creation operations. It inserts a new record into the associated data object. Mindbricks auto-generates default behavior for create routes, but custom logic can be defined via the route’s createSettings.
update	Specifies that the route handles update operations for a single existing record. The primary access criterion is the record's ID. Mindbricks auto-generates default behavior for update routes, but customizations can be added using updateSettings.
get	Specifies that the route retrieves a single record of the data object. The primary access criterion is the record's ID. Mindbricks provides default logic, but route-specific getSettings can be applied for custom retrieval.
list	Specifies that the route retrieves multiple records of the data object. By default, results are filtered by authorization rules. List-level customizations can be configured through listOptions and paginationOptions
delete	Specifies that the route handles deletion of a single record. The access criterion is the record's ID. Mindbricks supports both hard and soft deletes, with behavior controlled through deleteOptions.

LocalDataObjectName

MPO Version: 1.3.0

Represents a reference to a data object within the same service. The value must be a simple object name; not a qualified reference in the format 'serviceName:objectName'.

interface LocalDataObjectName = {
}

Field	Description

ApiAuthOptions

MPO Version: 1.3.0

Defines core authentication and authorization settings for a Business API. These settings cover session validation, role and ownership checks, and access scope (e.g., tenant vs. SaaS-level). While these options are sufficient for most use cases, more fine-grained access control—such as conditional permissions or contextual ownership—should be implemented using explicit access control actions (e.g., PermissionCheckAction, MembershipCheckAction, ObjectPermissionCheckAction).

interface ApiAuthOptions = {
  apiInSaasLevel : Boolean;
  loginRequired : Boolean;
  ownershipCheck : Boolean;
  parentOwnershipChecks : String[];
  absoluteRoles : String[];
  checkRoles : String[];
  defaultPermissions : String[];
}

Field	Description
apiInSaasLevel	If true, this API can be accessed across tenants (SaaS-wide). This bypasses tenant ID filtering and is only allowed for users with SaaS-level roles. Use this for global admin tools or cross-tenant analytics.
loginRequired	Specifies whether the user must be authenticated to access the API. By default, this inherits the login requirement from the associated data object, but it can be overridden here.
ownershipCheck	Defines whether ownership should be enforced on the main data object. This check restricts access to the object’s owner and will be applied via the query in list operations and after the instance is fetched in others.
parentOwnershipChecks	Specifies additional parent objects (e.g., `organization`, `project`) whose ownership must also be verified. This supports enforcing nested ownership rules across related entities.
absoluteRoles	A list of role names that grant unconditional access to this API in terms of authentication and authorization. Users with any of these roles will bypass all auth checks—including role, permission, ownership, and membership and custom 401-403 validations. However, business-level validations (e.g., required fields, value constraints) will still apply to ensure domain correctness.
checkRoles	A list of roles that are required to pass basic role checks for this API. These are not absolute—users with these roles still undergo other validations and access control checks unless also included in `absoluteRoles`. Multiple roles are combined using OR logic.
defaultPermissions	Defines a list of required permissions that the user must have globally or through roles/groups. For `get`, `update`, and `delete` APIs, object-level overrides may also be considered if the main data object supports object permissions. Multiple permissions are combined using AND logic. For complex, conditional, or cross-object permissions, use `PermissionCheckAction` or `ObjectPermissionCheckAction` instead.

BusinessApiParameter

MPO Version: 1.3.0

Defines a customizable input parameter for a Business API. Parameters are extracted from the incoming request, transformed and validated, and then written directly to the API context under this.<name>. These parameters may originate from any request part (e.g., body, query, session), and can be combined with Redis-based or auto-generated parameters.

interface BusinessApiParameter = {
  name : String;
  type : DataTypes;
  required : Boolean;
  defaultValue : AnyComplex;
  httpLocation : RequestLocations;
  dataPath : String;
  transform : MScript;
  hidden : Boolean;
  description : Text;
}

Field	Description
name	The name of the parameter in the API context. The value will be available at `this.<name>` during Business API execution. This does not need to match the incoming request key.
type	The expected data type of the parameter, selected from the standard `DataTypes` enum (e.g., String, Number, Boolean). Used for validation and casting.
required	Indicates whether the parameter must be present in the incoming request. If true and the parameter is missing, the API will return a validation error.
defaultValue	Optional fallback value to use when the parameter is not present. If provided, it allows the parameter to be optional without causing validation errors.
httpLocation	The section of the HTTP request to extract the parameter from (e.g., `body`, `query`, `session`). Chosen from the `RequestLocations` enum.
dataPath	A dot-path expression to locate the parameter value in its specified source (e.g., `user.email`, `input.cart.total`).
transform	An optional MScript expression to post-process the raw input before validation. This is useful for trimming, normalizing, or coercing types.
hidden	Make a parameter hidden to hide it in Api-Face, Swagger, Mcp or other API automation tools. This is usefull when you want to define a higly technical parameeter which will be used by frontend or other integration developers for specific reasons in rare cases.
description	Human-readable explanation of the parameter’s purpose. For auto-generated parameters, this inherits the description from the linked data object property. For manually defined parameters, the developer should provide one.

RedisApiParameter

MPO Version: 1.3.0

Defines a parameter whose value is fetched from Redis before Business API execution begins. The result is written directly to the context as this.<name>, making it accessible like any other parameter. This is useful for injecting server-side or cached state without requiring the client to send it explicitly.

interface RedisApiParameter = {
  name : String;
  type : DataTypes;
  required : Boolean;
  defaultValue : AnyComplex;
  redisKey : String;
}

Field	Description
name	The name under which the Redis value will be stored in the context. For example, setting this to `tenantConfig` makes it accessible as `this.tenantConfig`.
type	The expected data type for the Redis value (e.g., String, Boolean, Object). Used for validation and type enforcement.
required	If true, the API will throw an error if the Redis key is missing or the value is null. If false, the value is optional and `defaultValue` may apply.
defaultValue	Optional fallback value if the Redis lookup fails. Use this to allow Redis parameters to be optional in logic flow.
redisKey	An MScript expression that evaluates to the Redis key from which to read the value. This can include dynamic tokens like `this.session.userId`.

ApiRestSettings

MPO Version: 1.3.0

Defines the REST controller configuration for a Business API. REST is the default HTTP interface in Mindbricks. These settings allow enabling/disabling REST access and customizing the endpoint path.

interface ApiRestSettings = {
  hasRestController : Boolean;
  configuration : ApiRestSettingsConfig;
}

Field	Description
hasRestController	Controls whether the Business API is exposed as a REST endpoint. Set to false to disable HTTP access.
configuration	Optional configuration object for customizing the REST path. Leave null to use the default path.

ApiRestSettingsConfig

MPO Version: 1.3.0

Customizes the REST endpoint path for a Business API. If omitted or set to $default, Mindbricks auto-generates the path based on the API name and crudType.

interface ApiRestSettingsConfig = {
  routePath : String;
  forcePOSTMethod : Boolean;
}

Field	Description
routePath	Custom REST path override. Leave as `$default` to auto-generate from the API name (e.g., `POST /users`, `GET /users/:id`).
forcePOSTMethod	The http method will ve set according to the crud type, use this setting if you want to force the HttpMethod to POST. Not recommended if you dont have a specific reason.

ApiGrpcSettings

MPO Version: 1.3.0

Enables gRPC interface for the Business API. Useful for high-performance service-to-service communication.

interface ApiGrpcSettings = {
  hasGrpcController : Boolean;
  configuration : ApiGrpcSettingsConfig;
}

Field	Description
hasGrpcController	Controls whether this API exposes a gRPC method.
configuration	Optional configuration object for gRPC settings. Leave null if gRPC is disabled.

ApiGrpcSettingsConfig

MPO Version: 1.3.0

Configuration for gRPC method behavior and response format.

interface ApiGrpcSettingsConfig = {
  responseFormat : GrpcApiResponseFormat;
  responseType : GrpcApiResponseType;
}

Field	Description
responseFormat	Defines whether the gRPC response returns a single data item or full JSON response.
responseType	Specifies whether the gRPC method returns a single result or a stream of results.

GrpcApiResponseFormat

Controls the structure of the gRPC response.

GrpcApiResponseFormatNames = ["dataItem", "fullResponse"];

const GrpcApiResponseFormat = {
  dataItem: 0,
  fullResponse: 1,
};

Enum	Description
dataItem	Returns only the core data item.
fullResponse	Returns the full JSON API response with metadata and pagination.

GrpcApiResponseType

Controls whether the gRPC method returns a single message or a stream.

GrpcApiResponseTypeNames = ["single", "stream"];

const GrpcApiResponseType = {
  single: 0,
  stream: 1,
};

Enum	Description
single	Returns one response message.
stream	Returns multiple streamed messages (for list-type APIs).

ApiKafkaSettings

MPO Version: 1.3.0

Configures Kafka as a trigger mechanism for the Business API. This supports both asynchronous processing and integration-based event handling (e.g., storage triggers, audit flows).

interface ApiKafkaSettings = {
  hasKafkaController : Boolean;
  configuration : ApiKafkaSettingsConfig;
}

Field	Description
hasKafkaController	Enables the Kafka controller for this API. When true, the API can be triggered by Kafka messages.
configuration	Kafka configuration details. Leave null if the controller is disabled.

ApiKafkaSettingsConfig

MPO Version: 1.3.0

Configuration object for Kafka topic bindings for triggering the Business API.

interface ApiKafkaSettingsConfig = {
  requestTopicName : String;
  responseTopicName : String;
}

Field	Description
requestTopicName	Name of the Kafka topic to listen to. Can be custom or auto-generated from the API name.
responseTopicName	Topic name to which the API response will be published. Optional.

ApiSocketSettings

MPO Version: 1.3.0

Enables real-time WebSocket access to the Business API, allowing interaction through socket-based event systems (e.g., chat, notifications, dashboards).

interface ApiSocketSettings = {
  hasSocketController : Boolean;
  configuration : ApiSocketSettingsConfig;
}

Field	Description
hasSocketController	Enables the WebSocket controller for this API.
configuration	Optional socket configuration. Leave null if disabled.

ApiSocketSettingsConfig

MPO Version: 1.3.0

WebSocket server configuration, including the port on which the socket server will listen.

interface ApiSocketSettingsConfig = {
  socketPort : Integer;
}

Field	Description
socketPort	The port for the WebSocket server. If not provided, Mindbricks defaults to 50001.

ApiCronSettings

MPO Version: 1.3.0

Schedules the Business API for periodic execution using a cron expression. Ideal for background jobs or recurring tasks.

interface ApiCronSettings = {
  hasCronController : Boolean;
  configuration : ApiCronSettingsConfig;
}

Field	Description
hasCronController	Enables or disables the cron controller. If true, the API will run at the interval defined in the configuration.
configuration	Optional configuration object for customizing the cron scheduling.

ApiCronSettingsConfig

MPO Version: 1.3.0

Cron configuration for scheduling Business API execution.

interface ApiCronSettingsConfig = {
  cronExpression : String;
}

Field	Description
cronExpression	Cron expression defining the schedule (e.g., '0 * * * *' for hourly execution).

SelectClauseSettings

MPO Version: 1.3.0

Defines which fields are included in the response of a Business API. Use this to limit returned properties for performance or visibility. This only affects the output of get and list APIs.

interface SelectClauseSettings = {
  selectProperties : PropRefer[];
  selectJoins : SelectJoin[];
}

Field	Description
selectProperties	An array of property names to return in the response. Leave empty to return all fields.
selectJoins	An array of join definition to a related object with the properties to be selected from the join. The result is encapsulated in the result with the `joinName` of the SelectJoin.

SelectJoin

MPO Version: 1.3.0

Select join is a definition object for a join from the main object to another related data object to select additional properties from it.

interface SelectJoin = {
  joinName : String;
  condition : MScript;
  joinedDataObject : DataObjectName;
  properties : PropRefer[];
  sort : SortByItem[];
  topPick : Integer;
}

Field	Description
joinName	A human readable single code safe word to name the SelectJoin definition. This name is also used as the property name of the joined object or object list in the main data object.
condition	An MScript expression evaluates to Boolean and specifies whether this join should be made or not in code level, e.g (this.includeProductData). Note that this condition can not reference to the main object or main object list, for complex joins use a BFF View.
joinedDataObject	The name of the data object to be joined. Note that this object should be defined as a related object in the relation settings of one of the main object properties. Or the joined object should have got a relation defined in one of its properties. If the main object is defined as a parent of the joined object, the join result will be an array for an object list. The relation may be either in the same service or in a remote service. Mindbricks will arrange the code to make the join either through db or the elastic search index.
properties	An array of property names to return in the join response. Leave empty to return all fields.
sort	undefined
topPick	A number to limit the number of objects in array result fecthed in case the tarrget has a parental relation with the main object. Leave it null for one to one joins where only one or no object will be fetched. If top pick is 1, the result will be a single object even though teh fetch is an array. Example usage, to get the older member of a club in a getClub api, the member join will be sorted by -age desc- and topPick will be 1.

SortByItem

MPO Version: 1.3.0

Sort clause configuration for list operations.

interface SortByItem = {
  property : PropRefer;
  order : SortOrder;
  name : String;
}

Field	Description
property	A property reference to define the field that the sort will be done by.
order	The sort order, it should be either asc or desc
name	A human readable code safe name to define the sort item

SortOrder

Defines sorting direction — ascending (asc) or descending (desc).

SortOrderNames = ["asc", "desc"];

const SortOrder = {
  asc: 0,
  desc: 1,
};

Enum	Description
asc	Ascending order (default).
desc	Descending order.

DataClauseSettings

MPO Version: 1.3.0

Defines additional data values to be used in create or update operations. This clause augments the auto-generated data object by injecting or overriding values from context.

interface DataClauseSettings = {
  customData : DataMapItem[];
}

Field	Description
customData	An array of key-value assignments (MScript) to apply during create or update. These values override the corresponding properties of the main data object if defined.

WhereClauseSettings

MPO Version: 1.3.0

Defines how records are filtered in a Business API. This includes:- selectBy: strict selection logic based on required field equality - fullWhereClause: an optional override for complex, flexible query logic - additionalClauses: optional conditional query fragments that are always appended to the WHERE clause, whether it is derived from selectBy or fullWhereClause. Use selectBy when your selection logic is static and business-critical (e.g., ['id']). Use fullWhereClause when the WHERE clause needs to be built dynamically using MScript. additionalClauses allow context-aware filtering such as role-based visibility or soft-delete exclusion.

interface WhereClauseSettings = {
  selectBy : PropRefer[];
  fullWhereClause : MScript;
  additionalClauses : ExtendedClause[];
}

Field	Description
selectBy	A list of fields that must be matched exactly as part of the WHERE clause. This is not a filter — it is a required selection rule. In single-record APIs (`get`, `update`, `delete`), it defines how a unique record is located. In `list` APIs, it scopes the results to only entries matching the given values.
fullWhereClause	An MScript query expression that overrides all default WHERE clause logic. Use this for fully customized queries.
additionalClauses	A list of conditionally applied MScript query fragments. These clauses are appended only if their conditions evaluate to true.

ExtendedClause

MPO Version: 1.3.0

Defines an optional filtering clause that is dynamically included in the query when certain conditions are met. Enables route-level filtering to adapt to session, context, or other logic at runtime.

interface ExtendedClause = {
  name : String;
  doWhen : MScript;
  excludeWhen : MScript;
  whereClause : MScript;
}

Field	Description
name	A descriptive label used for internal documentation or UI purposes. Does not impact runtime behavior.
doWhen	An MScript expression that determines whether the whereClause should be added to the query. If true, the clause will be applied.
excludeWhen	An MScript expression that, when false, triggers the inclusion of the whereClause. Acts as an inverse condition to doWhen.
whereClause	The conditional query fragment to include, written as an MScript Query. This clause is merged into the final query if doWhen is true or excludeWhen is false. If both are omitted, the clause is always applied.

DeleteOptions

MPO Version: 1.3.0

Defines behavior for delete-type Business APIs, including soft deletion logic.

interface DeleteOptions = {
  useSoftDelete : Boolean;
}

Field	Description
useSoftDelete	If true, the record will be marked as deleted instead of removed. The implementation depends on the data object’s soft delete configuration.

GetOptions

MPO Version: 1.3.0

Options specific to get-type Business APIs for customizing how a single record is fetched.

interface GetOptions = {
  setAsRead : DataMapItem[];
}

Field	Description
setAsRead	An optional array of field-value mappings that will be updated after the read operation. Useful for marking items as read or viewed.

ListOptions

MPO Version: 1.3.0

Behavioral options for Business APIs of type list. These control sorting, grouping, filtering, and caching logic.

interface ListOptions = {
  listSortBy : SortByItem[];
  listGroupBy : PropRefer[];
  queryCache : Boolean;
  setAsRead : DataMapItem[];
  permissionFilters : ListPermissionFilter[];
  membershipFilters : ListMembershipFilter[];
  searchFilter : ListSearchFilter;
  jointFilters : ListJointFilterSettings;
}

Field	Description
listSortBy	Sort order definitions for the result set. Multiple fields can be provided with direction (asc/desc).
listGroupBy	Grouping definitions for the result set. This is typically used for visual or report-based grouping.
queryCache	If true, caching is enabled for this query.
setAsRead	Optionally mark records as read after listing, based on provided field mappings.
permissionFilters	Optional filter array that applies permission constraints to the query dynamically based on session or object roles. If given more than one permission filter, all will be applied with @and operator.
membershipFilters	An array for membership settings to filter to the WHERE clause of the list. If given more than one membership, one of all will be enough to select the object.
searchFilter	A ListSearchFilter object that collects an id list from ElasticSearch main object index search and appends to the where clause so that db select is done according to the search results of ElasticSearch
jointFilters	A setting for one or more ListJointFilter to filter the list result with a criteria in a joined data object, more than one filters will be combined by (AND) or (OR) according to the operator parameter

ListPermissionFilter

MPO Version: 1.3.0

Permission-based filter that operate on list queries before execution. This is used for object based permissions assigned to a specific role or user

interface ListPermissionFilter = {
  name : String;
  condition : MScript;
  permission : String;
}

Field	Description
name	A human readable and source-code safe to define the permission filter.
condition	An optional MScript expression that skips the permission check entirely if it evaluates to false. Useful for exempting trusted users such as object owners or platform admins.
permission	The name of the permission that the filter wil be built for

ListMembershipFilter

MPO Version: 1.3.0

A settings object to add a membership filter to the WHERE clause of the list. If given more than any one membership of all will be enough to select the object.

interface ListMembershipFilter = {
  name : String;
  dataObjectName : DataObjectName;
  objectKeyIdField : PropRefer;
  userKey : MScript;
  checkFor : MScript;
  condition : MScript;
}

Field	Description
name	A human readable and source-code safe to define the membership filter.
dataObjectName	The name of the data object whose membership configuration should be used to validate access. If omitted, the Business API’s main data object is assumed. Use this field when you need to check access against a related or parent object (e.g., checking `Organization` membership when updating a `Project`).
objectKeyIdField	An property reference that returns the ID of the object from the expected list item whose membership should be checked. Typically it will the id of the list item, but you may want to apply filter through another field of the list item like projectId of a task.
userKey	An MScript expression that returns the user ID to check against the target object’s membership configuration. Typically `this.session.userId`, but may also reference delegated users or owners.
checkFor	An optional MScript expression to validate specific aspects of the membership (such as role or permissions). If omitted, any valid membership grants access.
condition	An optional MScript expression that skips the membership check entirely if it evaluates to false. Useful for exempting trusted users such as object owners or platform admins.

ListSearchFilter

MPO Version: 1.3.0

Searches one or more records from the main data object and uses the id array in the where clause of the list. The search is made in elastic search index and the result id array is appended to the where clause of the main query.

interface ListSearchFilter = {
  hasSearchFilter : Boolean;
  condition : MScript;
  keyword : MScript;
  searchProperties : PropRefer[];
}

Field	Description
hasSearchFilter	A Boolean value to define if a search filter definition is active in the api or not
condition	An optional MScript which evaluates to a boolean that defines id the search filter will be used or not
keyword	An MScript expression whose result will be used as the key to match against the target object's searched properties. For example, `this.keyword`.
searchProperties	The properties of the target object used for matching.

ListJointFilterSettings

MPO Version: 1.3.0

The settings definition for a list api to define any joint filter and combine them with an AND or OR operator

interface ListJointFilterSettings = {
  operator : FilterOperator;
  filters : ListJointFilter[];
}

Field	Description
operator	The combination operator of multi joint filters, will be used if there are more than one joint filter, default value is `AND`
filters	The ListJointFilter array to define one or more joint filter to a related object

FilterOperator

Filter combination is used to define how any multiple id arrayy based list filters will be combined

FilterOperatorNames = ["AND", "OR"];

const FilterOperator = {
  AND: 0,
  OR: 1,
};

Enum	Description
AND	Combine the multiple filters by AND operator
OR	Combine the multiple filters by OR operator

ListJointFilter

MPO Version: 1.3.0

ListJointFilter definition object for a joint filter from the main object to another related data object to filter the main list result. This is like lefy join in the where clause. If you want to filter your list result with a criteria which is evaluated in a related object other than main object, you can use joint filter.

interface ListJointFilter = {
  name : String;
  condition : MScript;
  joinedDataObject : DataObjectName;
  whereClause : MScript;
}

Field	Description
name	A human readble single code safe word to name the JointFilter deifnition.
condition	An MScript expression evaluates to Boolean and specifies wheather this filtering should be made or not in code level. Note that this condition can not reference to the main object list, for complex joint filters use a BFF View.
joinedDataObject	The name of the data object to be joined. Note that this object should be defined a s a related object in the relation settings of one of the main object properties. Or the joined object should have got a relation defined in one of its properties. The relation may be either in the same service or in a remote service. Mindbricks will arrange the code to make the join either through db or the elastic search index.
whereClause	An Mscript query to select the object id array from th target object. Note that the result object id list will be used in the main where clause.

PaginationOptions

MPO Version: 1.3.0

Defines how pagination is handled in list-type Business APIs.

interface PaginationOptions = {
  paginationEnabled : Boolean;
  defaultPageRowCount : Integer;
}

Field	Description
paginationEnabled	If false, pagination is disabled and the full result set is returned. Use with caution on large datasets.
defaultPageRowCount	Default number of rows returned per page if pagination is enabled.

BusinessApiActionStore

MPO Version: 1.3.0

Represents the centralized registry of all executable logic units (actions) that can be used inside a Business API's workflow. Each action is categorized by purpose and referenced by name within the workflow stages. This store enables declarative composition of API behavior, including data manipulation, inter-service communication, access control, AI operations, and more.

interface BusinessApiActionStore = {
  fetchObjectActions : FetchObjectAction[];
  fetchStatsActions : FetchStatsAction[];
  fetchParentActions : FetchParentAction[];
  searchObjectActions : SearchObjectAction[];
  fetchFromElasticActions : FetchFromElasticAction[];
  collateListsActions : CollateListsAction[];
  functionCallActions : FunctionCallAction[];
  arrowFunctionActions : ArrowFunctionAction[];
  listMapActions : ListMapActions[];
  interserviceCallActions : InterserviceCallAction[];
  createCrudActions : CreateCrudAction[];
  deleteCrudActions : DeleteCrudAction[];
  updateCrudActions : UpdateCrudAction[];
  apiCallActions : ApiCallAction[];
  aiCallActions : AiCallAction[];
  membershipCheckActions : MembershipCheckAction[];
  permissionCheckActions : PermissionCheckAction[];
  objectPermissionActions : ObjectPermissionCheckAction[];
  readJwtTokenActions : ReadJwtTokenAction[];
  validationActions : ValidationAction[];
  addToContextActions : AddToContextAction[];
  addToResponseActions : AddToResponseAction[];
  removeFromResponseActions : RemoveFromResponseAction[];
  renderDataActions : RenderDataAction[];
  dataToFileActions : DataToFileAction[];
  redirectActions : RedirectAction[];
  createJWTTokenActions : CreateJWTTokenAction[];
  createObjectActions : CreateObjectAction[];
  createBucketTokenActions : CreateBucketTokenAction[];
  publishEventActions : PublishEventAction[];
  readFromRedisActions : ReadFromRedisAction[];
  writeToRedisActions : WriteToRedisAction[];
  sendMailActions : SendMailAction[];
  sendSmsActions : SendSmsAction[];
  sendPushNotificationActions : SendPushNotificationAction[];
  refineByAiActions : RefineByAiAction[];
  checkoutActions : CheckoutAction[];
  verifyWebhookActions : VerifyWebhookAction[];
  integrationActions : IntegrationAction[];
  loopActions : LoopAction[];
  parallelActions : ParallelAction[];
}

Field	Description
fetchObjectActions	Actions that fetch a related or foreign object instance from another data object, based on a matching key or query.
fetchStatsActions	Actions that perform aggregate computations (count, sum, min, max) across a data object, often for contextual summaries or conditional logic.
fetchParentActions	Actions that retrieve parent object data of the current context, typically for display enrichment or validation.
searchObjectActions	Actions that searches the main object or a related object in elastic search index with a keyword and returns an id array
fetchFromElasticActions	Actions that make a fetch from elastic using a raw elastic query, the result is returned as a normalized object.
collateListsActions	Actions that collate objects of a source array to a target array's objects using key matching like collating an address list with a user list.
functionCallActions	Actions that invoke a custom or reusable library function written in MScript. Useful for transformation, derived value computation, or conditional logic.
arrowFunctionActions	Actions that defines an arrow function to be called with its context name in other MScripted areas.
listMapActions	Actions that defines a list map, to create a new list out of a current list by mapping its items. Renders a js array map function.
interserviceCallActions	Actions that perform a call to another Business API defined in a different microservice. These enable inter-service orchestration.
createCrudActions	Actions that create related records in other data objects during or after the main operation. Often used in transactional aggregations.
deleteCrudActions	Actions that delete related child or linked objects. Useful in cleanup workflows or cascade logic.
updateCrudActions	Actions that update properties of related objects using a conditional query. Used for post-processing or child updates.
apiCallActions	Actions that make external or internal HTTP API requests. Often used to integrate with third-party systems or auxiliary internal services.
aiCallActions	Actions that call an LLM (e.g., OpenAI or Anthropic) with structured prompts and fetch textual or JSON responses. Used for generation, enrichment, or inference.
membershipCheckActions	Actions that validate whether a user is a member of a related object (e.g., organization, team) using configured membership rules.
permissionCheckActions	Actions that verify whether the current user has a global (non-object-scoped) permission before continuing workflow logic.
objectPermissionActions	Actions that check object-scoped permissions, validating whether a user has specific rights on an instance loaded into the context.
readJwtTokenActions	Actions that read a JWT encoded token from a reference and write its back to context as a validatedd and decoded payloa dobject.
validationActions	Custom validation logic actions that run MScript boolean checks and optionally block further execution based on result.
addToContextActions	Actions that write computed or fixed values to the runtime context (`this`) for later use in logic, conditions, or response shaping.
addToResponseActions	Actions that explicitly add computed values or context properties to the final API response payload.
removeFromResponseActions	Actions that remove properties from the API response before it is sent to the client. Used for cleanup or filtering.
renderDataActions	Actions that apply a template (e.g., EJS/Markdown) to context data to generate rendered output.
dataToFileActions	Actions that serialize a context object into a downloadable file format (e.g., CSV, PDF, JSON).
redirectActions	Actions that redirect the API response to another URL or internal API path. Typically used in post-auth flows or chained APIs.
createJWTTokenActions	Actions that create JWT tokens with a payload and store them in context or response.
createObjectActions	Actions that create javascript objects in the context.
createBucketTokenActions	Actions that create JWT bucket tokens to be used for accessing to Mindbricks bucket service deployed with your project microservices.
publishEventActions	Actions that emit custom domain events to a message bus or pub/sub system. Used for decoupled workflows, domain events, or business-specific notifications. Note: When `raiseApiEvent` under `ApiOptions` is true, a standard API-level event is automatically emitted, so this should only contain additional custom events beyond the default API event.
readFromRedisActions	Actions that read a Redis key directly and store its value into the context. This enables other actions—limited to context scope—to access Redis-sourced values.
writeToRedisActions	Actions that write a value to Redis under a computed key, either for session continuity or caching.
sendMailActions	Actions that send an email using a configured provider, with dynamic subject/body/to fields.
sendSmsActions	Actions that send an SMS message to a target phone number with a given body and sender info.
sendPushNotificationActions	Actions that send push notifications to mobile or web clients with title and content.
refineByAiActions	Actions that refine or transform a plain text value using an AI model. Common use cases include phrasing suggestions, tone adjustment, or summarization.
checkoutActions	Actions to start, to complete or to refresh a checkout operation using the native integrated payment systems. Currently `Stripe` is supported. For other payment gateways use integration actions.
verifyWebhookActions	Actions to verify a webhook call of a provider using the webhook secret signature key. Currently `Stripe` is supported.
integrationActions	Actions that call native API provider integrations (e.g., AWS S3, Airtable, Salesforce). These integrations are pre-coded inside Mindbricks and abstract provider-specific logic.
loopActions	Actions that repeat a sequence of workflow steps for each item in a list (defined by an MScript expression).
parallelActions	Actions that execute multiple child actions in parallel without waiting for each to finish sequentially. Ideal for non-dependent logic flows.

FetchObjectAction

MPO Version: 1.3.0

Fetches one or more records from a foreign or related data object and stores the result in the context or response. Supports key-based lookup or complex query filtering. Commonly used to enrich the current object with external data before proceeding with workflow logic.

interface FetchObjectAction extends BusinessApiAction = {
  targetObject : DataObjectName;
  matchValue : MScript;
  localKey : PropRefer;
  whereClause : MScript;
  properties : PropRefer[];
  isArray : Boolean;
}

Field	Description
targetObject	Specifies the name of the foreign data object to fetch data from. Can reference a data object in the same service or any service within the Mindbricks system.
matchValue	An MScript expression whose result will be used as the key to match against the target object's property. For example, `this.customerId`.
localKey	The property of the target object used for matching. Defaults to `id`, but can be any unique/indexed field like `email` or `slug`.
whereClause	Optional MScript query to define an advanced condition for the fetch. If provided, it overrides `matchValue` and `localKey`.
properties	An array of field names to include in the result. Leave empty to fetch all fields. Dot notation is allowed for nested fields (e.g., `profile.name`).
isArray	If true, the action will return a list of objects. If false, a single object is expected. This affects both response shape and loop behavior.

FetchStatsAction

MPO Version: 1.3.0

An action used to compute inline aggregate statistics (e.g., count, min, max, sum) from a data object. Ideal for Business APIs that need quick numerical insights tied to context. Use for simple stat enrichment for single or multiple bindings; for complex use cases, consider dedicated stat APIs or BFF services. Note that this action collects the stat values from elastc search using aggregations features.

interface FetchStatsAction extends BusinessApiAction = {
  targetObject : DataObjectName;
  matchValue : MScript;
  localKey : PropRefer;
  whereClause : MScript;
  stats : String[];
  bucketBy : PropRefer;
}

Field	Description
targetObject	The name of the data object from which statistical metrics will be aggregated. Can be a local or foreign object.
matchValue	MScript expression for the value to match on the target object. Typically references a foreign key like `this.projectId`.
localKey	The property of the target object to be matched against. Defaults to `id`, but can be set to any indexed field.
whereClause	Optional MScript query that replaces match logic. Use this for compound stat filters or joins.
stats	An array of stat operations like `count`, `sum(price)`, `min(quantity)`, or `max(score)`. Each must be a valid SQL-style aggregate expression.
bucketBy	Optional property reference to group the scoped items and calculate the stat(s) in buckets as an array. Keep null to have a total single reseult. The array result can be collated with main or any other data list in fyrther actions.

FetchParentAction

MPO Version: 1.3.0

Fetches selected properties from a parent object related to the current object in context. Typically used to enrich the response or inform access and validation logic with values inherited from a higher-level entity (e.g., organization, project).

interface FetchParentAction extends BusinessApiAction = {
  parentObject : DataObjectName;
  properties : PropRefer[];
}

Field	Description
parentObject	Specifies the parent data object to fetch from. This is used when a child object in context needs data inherited or referenced from its parent.
properties	List of property names to fetch from the parent object. Leave empty to retrieve all fields. Uses dot notation for nested fields when needed.

SearchObjectAction

MPO Version: 1.3.0

Searches one or more records from the main data object or a foreign or related data object and stores the result in the context as an id array. The search is made in elastic search index and the returned id array can be used in the where clause of the main query.

interface SearchObjectAction extends BusinessApiAction = {
  targetObject : DataObjectName;
  keyword : MScript;
  searchProperties : PropRefer[];
}

Field	Description
targetObject	Specifies the name of the data object to make the search data from. Can reference to the main data object, a different data object in the same service or any service within the Mindbricks system.
keyword	An MScript expression whose result will be used as the key to match against the target object's searched properties. For example, `this.keyword`.
searchProperties	The properties of the target object used for matching.

FetchFromElasticAction

MPO Version: 1.3.0

Fetches data object data from its elastic search index, using a given elastic raw search body, and returning elastic response as half baked, an items array for normalized hits result and an aggreagtions object in elastic search aggregation resul format. Top_hits style aggregations are also normalized as items array.

interface FetchFromElasticAction extends BusinessApiAction = {
  targetObject : DataObjectName;
  body : MScript;
}

Field	Description
targetObject	Specifies the name of the data object to make the fetch data from. Can reference to the main data object, a different data object in the same service or any service within the Mindbricks system.
body	An MScript expression which is evaluated a js object representing the elastic search api body. Note that this object uses elastics own operators and own query format not the abstract MScript query format.

CollateListsAction

MPO Version: 1.3.0

Use CollateListsAction to collate a list of objects to another list of objects like aggregating an adress list to a user list.

interface CollateListsAction extends BusinessApiAction = {
  sourceList : MScript;
  targetList : MScript;
  sourceKey : String;
  targetKey : String;
  nameInTarget : String;
  targetIsArray : Boolean;
}

Field	Description
sourceList	An Mscript that will be evaluated to the source object array where the source objects will be collected from.
targetList	An MScript that will be evealuted to the target object array that the collected objects will be aggregated to.
sourceKey	The name of the property of the source object to match with the target object. If multiple objects are collected and targetIsArray is afalse, only the first object will be aggregated.
targetKey	The name of the property of the target object to match with the osurce object. If multiple targets are found the source objects will be copied to all matching targets.
nameInTarget	The name of the property that will be created in the target object to store the copied source object or objects.
targetIsArray	Make this option true if you want the target property to be an array that will expect multiple source objects.

FunctionCallAction

MPO Version: 1.3.0

Defines a reusable logic step that calls a library-defined function using MScript syntax. This action allows for custom transformation, enrichment, or computation during the execution of a Business API. It is often used to prepare derived values, calculate totals, or apply shared service logic prior to validation or response shaping.

interface FunctionCallAction extends BusinessApiAction = {
  callScript : MScript;
}

Field	Description
callScript	An MScript expression that defines the function call. The script may reference a predefined library function and pass contextual arguments. Example: `LIB.calculateTotal(this.items)`.

ArrowFunctionAction

MPO Version: 1.3.0

This action defines a reusable function and sets it to the context with the contextPropertyName name.

interface ArrowFunctionAction extends BusinessApiAction = {
  parameterNames : String[];
  functionBody : Text;
}

Field	Description
parameterNames	An array of strings to represent the names of the function parameters
functionBody	A text area to represent the js code of the function body, keep it in js block ().

InterserviceCallAction

MPO Version: 1.3.0

Calls another Business API defined in a different microservice. This enables inter-service coordination within a Mindbricks-powered system. The response can be extracted into the context or added to the API response. This action supports dynamic parameters and flexible response handling.

interface InterserviceCallAction extends BusinessApiAction = {
  targetService : String;
  targetApi : String;
  apiParameters : DataMapItem[];
  responseProperty : String;
  isArray : Boolean;
}

Field	Description
targetService	The logical name of the microservice where the target Business API is defined.
targetApi	The name of the target Business API to call in the foreign service.
apiParameters	A list of key-value MScript expressions passed as input parameters to the target API. These are dynamically evaluated using the current context.
responseProperty	If defined, only the specified property will be extracted from the target API response. Otherwise, the full response object is stored.
isArray	If true, the result is expected to be an array. This influences how the response is processed and stored.

CreateCrudAction

MPO Version: 1.3.0

Defines an embedded creation operation for a related data object—typically a child or associated entity—within a Business API. These actions enable transactional or cascading object creation as part of a larger business operation. Often used when the main API creates or updates a parent object and simultaneously needs to initialize dependent records (e.g., child tasks, audit logs, attachments).

interface CreateCrudAction extends BusinessApiAction = {
  childObject : DataObjectName;
  dataClause : ApiAggregateData[];
}

Field	Description
childObject	Specifies the related data object to be created. This is usually a child entity or a peer linked via a foreign key to the main data object of the Business API.
dataClause	An array of property-value mappings that define what data to write into the new object. Each entry uses MScript to evaluate a value from the current context. Required fields of the child object must be included explicitly.

ApiAggregateData

MPO Version: 1.3.0

Defines a single property-value pair used to populate a related data object during an aggregated operation. This structure is used in CreateCrudAction and UpdateCrudAction to specify how each property of the child object should be assigned—either statically or dynamically—from the API execution context.

interface ApiAggregateData = {
  dataProperty : PropRefer;
  dataValue : MScript;
}

Field	Description
dataProperty	The name of the target property on the child object that will be set during the operation. This must match a valid property name defined in the child data object schema.
dataValue	The MScript expression or static value used to assign a value to the specified property. This can reference current context (`this`), a parameter (`this.input`), or loop item (`crudItem`) if executed in list mode.

DeleteCrudAction

MPO Version: 1.3.0

Defines an embedded delete operation to remove related records—typically child or connected entities—within a Business API. This action allows declarative, conditional deletion of external data objects that are linked to the primary object. It is typically used for cascading deletes, cleanup logic, or enforcing referential integrity in business processes.

interface DeleteCrudAction extends BusinessApiAction = {
  childObject : DataObjectName;
  whereClause : MScript;
}

Field	Description
childObject	The name of the related data object from which records will be deleted. This is typically a child or logically connected entity linked to the main data object of the API.
whereClause	An MScript-based query that defines the selection condition for records to be deleted. This field is required and must identify which records in the child object will be affected.

UpdateCrudAction

MPO Version: 1.3.0

Defines an embedded update operation for related data objects—typically child or connected entities—within a Business API. This action is used when the API needs to selectively update external records based on a condition. It is commonly applied after creating or modifying a parent object to ensure consistency or to propagate business state changes across related objects.

interface UpdateCrudAction extends BusinessApiAction = {
  childObject : DataObjectName;
  whereClause : MScript;
  dataClause : ApiAggregateData[];
}

Field	Description
childObject	The name of the related data object that will be updated. This object must exist in the same service or be recognized as a connected entity. Usually a child or sibling object related to the main data object of the Business API.
whereClause	An MScript-based query that determines which records in the child object should be updated. This is a required field and must uniquely or conditionally identify the target set of records.
dataClause	A list of key-value assignments to apply to the matched records. Each item in the list defines a property of the child object and its new value (evaluated via MScript). Required fields must be included explicitly, and all values are resolved in the current context.

ApiCallAction

MPO Version: 1.3.0

Calls an external or internal HTTP API during Business API execution. This is ideal for integrating with third-party services or internal utility endpoints. The fetched result is stored in context and optionally written to the response. Input and output transformation are supported.

interface ApiCallAction extends BusinessApiAction = {
  apiCallRequest : HTTPRequest;
  isArray : Boolean;
  apiFetchProperty : String;
}

Field	Description
apiCallRequest	Configuration object defining the HTTP call. Includes method, URL, headers, query parameters, and body.
isArray	If true, the result is expected to be an array and will be treated as such during response and context processing.
apiFetchProperty	Used when the response is a complex object but only one specific property is needed. The extracted property will be stored in context.

HTTPRequest

MPO Version: 1.3.0

Defines a reusable HTTP request configuration to interact with a remote service and retrieve a JSON response. This object is used across the platform for scenarios such as remote authentication, remote data access, and integration with external APIs (CRUD operations, searches, etc.).

interface HTTPRequest = {
  httpRequestUrl : String;
  httpRequestMethod : HTTPRequestMethods;
  tokenLocation : RequestLocations;
  tokenName : String;
  tokenValue : String;
  httpRequestParameters : HTTPRequestParameters;
  cacheResponse : Boolean;
}

Field	Description
httpRequestUrl	The full URL of the remote service endpoint.
httpRequestMethod	The HTTP method to use when making the request. Supported methods are GET, POST, PUT, PATCH, DELETE.
tokenLocation	The section of the request where the authentication token should be placed (e.g., header, cookie).
tokenName	The name or key under which the token will be sent in the specified location.
tokenValue	The token value to be sent, if static. This field is optional and typically used for hardcoded tokens or fallback defaults.
httpRequestParameters	The parameters to send with the request, including body, query string, headers, and cookies.
cacheResponse	Indicates whether the response of this request should be cached for reuse. Useful for minimizing repeated remote calls.

HTTPRequestMethods

An enum representing the HTTP method to use in a request.

HTTPRequestMethodsNames = ["GET", "POST", "PUT", "PATCH", "DELETE"];

const HTTPRequestMethods = {
  GET: 0,
  POST: 1,
  PUT: 2,
  PATCH: 3,
  DELETE: 4,
};

Enum	Description
GET	Retrieve data from the remote service.
POST	Submit new data to the remote service.
PUT	Replace existing data in the remote service.
PATCH	Partially update existing data in the remote service.
DELETE	Remove data from the remote service.

HTTPRequestParameters

MPO Version: 1.3.0

Defines the parameters to be sent with an HTTP request. This includes data sent in the request body, query string, headers, or cookies.

interface HTTPRequestParameters = {
  httpRequestBody : DataMapItem[];
  httpRequestQuery : DataMapItem[];
  httpRequestHeaders : DataMapItem[];
  httpRequestCookies : DataMapItem[];
}

Field	Description
httpRequestBody	Key-value pairs to include in the body of the request. Defined as an array of DataMapItems.
httpRequestQuery	Key-value pairs to include as query string parameters. Defined as an array of DataMapItems.
httpRequestHeaders	Custom headers to include in the request. Defined as an array of DataMapItems.
httpRequestCookies	Cookies to be attached to the request. Defined as an array of DataMapItems.

AiCallAction

MPO Version: 1.3.0

Invokes an AI model such as OpenAI or Anthropic to perform text generation, refinement, classification, or summarization. The prompt is composed from a template and context, and the result is stored in the context and optionally exposed in the response.

interface AiCallAction extends BusinessApiAction = {
  promptTemplate : AIPromptTemplate;
  isArray : Boolean;
  aiFetchProperty : String;
  responseFormat : String;
  model : String;
}

Field	Description
promptTemplate	Defines both the static system message and dynamic user message. These are passed to the AI model to guide its behavior. Supports MScript in the user prompt.
isArray	If true, the response is expected to contain a list of results. Use when the model is expected to return multiple items.
aiFetchProperty	Optional: If the model returns a structured object and only one property is needed, specify it here to extract just that portion.
responseFormat	Indicates the expected format of the AI's output—either `json` for structured responses or `text` for plain text.
model	The identifier of the LLM model to be used, such as `gpt-4`, `claude-3`, or any provider-accessible variant.

AIPromptTemplate

MPO Version: 1.3.0

Defines the structure of an AI prompt using a two-part design: a static system-level instruction and a dynamic user message populated via MScript from the current context. Used in AiCallAction to guide AI model behavior.

interface AIPromptTemplate = {
  systemPrompt : Text;
  userPrompt : MScript;
}

Field	Description
systemPrompt	A fixed instruction string that sets the tone or role for the AI model. Examples include guidance like 'You are a helpful assistant' or 'You are a strict validator'.
userPrompt	A dynamic MScript expression that generates the user-facing part of the prompt. This often references contextual variables such as `this.username`, `this.itemName`, or `this.description` to personalize or situate the model's response.

MembershipCheckAction

MPO Version: 1.3.0

Defines access control based on membership rules configured on a data object. This is used when access to a Business API operation depends on whether the current user is a member of a related entity, such as a project, team, or organization. The dataObjectName field specifies which object’s membership rules should be applied—if omitted, the main data object of the Business API is used by default. This action supports direct and nested membership checks, such as validating access to a parent organization while updating a child project.

interface MembershipCheckAction extends BusinessApiAction = {
  dataObjectName : DataObjectName;
  objectKey : MScript;
  userKey : MScript;
  checkFor : MScript;
  checkType : ApiCheckType;
  errorMessage : String;
}

Field	Description
dataObjectName	The name of the data object whose membership configuration should be used to validate access. If omitted, the Business API’s main data object is assumed. Use this field when you need to check access against a related or parent object (e.g., checking `Organization` membership when updating a `Project`).
objectKey	An MScript expression that returns the ID of the object whose membership should be checked. For example, if checking access to a project, this would return a `projectId`.
userKey	An MScript expression that returns the user ID to check against the target object’s membership configuration. Typically `this.session.userId`, but may also reference delegated users or owners.
checkFor	An optional MScript expression to validate specific aspects of the membership (such as role or permissions). If omitted, any valid membership grants access.
checkType	Specifies whether this membership check should enforce access immediately (`liveCheck`) or simply write the result to context (`storedCheck`). Use `storedCheck` when the result will be used later in a conditional or validation flow.
errorMessage	A message to display when the membership check fails. Use this to provide a meaningful explanation to the user, such as 'You must be a member of this team to perform this action.'

ApiCheckType

Defines how the result of a validation, permission, or membership check is used within the Business API lifecycle.

ApiCheckTypeNames = ["storedCheck", "liveCheck"];

const ApiCheckType = {
  storedCheck: 0,
  liveCheck: 1,
};

Enum	Description
storedCheck	The result of the check is written to the context and does not interrupt API execution. This allows deferred decision-making or combining the result with other checks later in the workflow (e.g., in conditionals or response shaping).
liveCheck	If the check fails, the Business API will immediately throw an authorization or validation error and halt execution. Use this mode when the check outcome must strictly control access or behavior.

PermissionCheckAction

MPO Version: 1.3.0

Defines a global permission check that evaluates whether the user holds specific platform or service-level permissions. This check is not tied to any particular object instance and is useful for validating roles such as canAccessAdminPanel, canExportData, or canSendEmails. You can either enforce the result immediately or store it in context for conditional usage later in the flow.

interface PermissionCheckAction extends BusinessApiAction = {
  permissionName : String;
  checkType : ApiCheckType;
}

Field Description

permissionName The name of the permission that the user must possess. The check will only succeed if the user has the given permission.

checkType Specifies how the result of the check should be handled. When set to liveCheck, the Business API will immediately throw an authorization error if the check fails, halting execution. When set to storedCheck, the result is stored in context and does not interrupt execution—even if the check fails. This allows for advanced, combinational authorization logic where multiple checks may be evaluated together later in the workflow.

ObjectPermissionCheckAction

MPO Version: 1.3.0

Performs a permission check scoped to a specific object instance. It evaluates whether the current user has the required permissions on the resolved object, based on all applicable sources: directly assigned object permissions, inherited permissions from parent contexts (e.g., user or role permissions), and dynamic ABAC rules that intersect with the object’s attributes. This check is used when fine-grained, instance-level authorization is required.

interface ObjectPermissionCheckAction extends BusinessApiAction = {
  permissionName : String[];
  readObjectIdFrom : MScript;
  checkType : ApiCheckType;
}

Field	Description
permissionName	The name of the permission that the user must possess on the resolved object instance.
readObjectIdFrom	An MScript expression that evaluates to the ID of the specific instance whose permissions should be checked. This could reference input parameters, session values, or context-fetched records (e.g., `this.projectId` or `this.parent.organizationId`).
checkType	Specifies how the result of the check is handled. If set to `liveCheck`, the API will immediately throw a permission error if the check fails. If set to `storedCheck`, the result is stored in the context and does not interrupt execution—allowing you to combine multiple permission checks later in the workflow.

ReadJwtTokenAction

MPO Version: 1.3.0

Defines a read jwt token operation from either context, session or request and write its payload to the context with the contextPropertyName after validating it. The token signature should be in HMAC format. The token payload may be used for allowing access to an object via a signed token instead of standard authentication. This is typically used for public or limited-access sharing workflows (e.g., view-only links). Once the token payload is in context any other validations may be performed using the payload values in further actions.

interface ReadJwtTokenAction extends BusinessApiAction = {
  readTokenFrom : MScript;
  jwtKey : MScript;
  isRequired : Boolean;
  statusCheck : MScript;
}

Field	Description
readTokenFrom	An MScript value that evaluates to the decoded value of token. It may be in the context through parameters like `this.accessToken`, it may be read directly from controller request like `this.request.query.payToken` or it may be read from the session in cases where users have their own tokens for authorization like this.session.userSubscrition.
jwtKey	An MScript value that evaluates to the Jwt key to validate the token signature. It may be an hardcoded value like `1234560987abcdef` or a reference to context like this.jwtKey or a env reference like process.env.SUBS_KEY.
isRequired	A Boolean value to define if the token is required. Set it true if you want the application throw an error if the token is null or can not be validated.
statusCheck	If you want to check the payload across some specific requirements use this check script. If the check is not validated the token will be considered invalid. You can also use this script if you will use token for only single business logic validation, if you need the validation in many steps then dont use this script other than general status checks.

ValidationAction

MPO Version: 1.3.0

Defines a flexible business rule that performs a dynamic condition check during Business API execution. Unlike permission or membership checks, a ValidationAction is fully script-based and domain-specific, allowing complex logical conditions such as subscription status, object states, quota limits, feature flags, or compliance rules. If the validation fails, the system either throws an error (liveCheck) or stores the result in context for later decision-making (storedCheck).

interface ValidationAction extends BusinessApiAction = {
  description : Text;
  shouldBeTrue : Boolean;
  checkType : ApiCheckType;
  validationScript : MScript;
  errorMessage : String;
  errorStatus : ErrorStatus;
}

Field	Description
description	A short, human-readable description explaining the intent of the validation—such as 'User must be active subscriber', 'Quota must not be exceeded', or 'Document must be in draft state'.
shouldBeTrue	Indicates the expected outcome of the validation logic. If `true`, the validation passes when the condition evaluates to `true`. Set to `false` when the validation should pass on a `false` condition (e.g., `!isUserBanned`).
checkType	Specifies how the result of the validation is handled. If `liveCheck`, the API throws an error immediately when the validation fails. If `storedCheck`, the result is saved to context and execution continues—allowing deferred or compound logic.
validationScript	An MScript expression that returns a boolean value based on current API context. This defines the actual validation condition. If the result does not match `shouldBeTrue`, the validation fails.
errorMessage	Message returned to the client if the validation fails and `checkType` is `liveCheck`. This should be clear and relevant to the context, e.g., 'Your plan does not allow creating more projects.'
errorStatus	The HTTP status code to return when the validation fails and `checkType` is set to `liveCheck`. If the status code is `401` (Unauthorized) or `403` (Forbidden), Mindbricks treats the failure as an authorization error—which is automatically bypassed for users with absolute roles assigned to the current API (e.g., `superAdmin`). Use `400` (Bad Request) for business rule violations that should apply to all users regardless of role.

ErrorStatus

Mindbricks error status codes represent standardized HTTP-style error responses used across all controller types. These codes provide consistent semantic feedback for route errors, especially in REST APIs.

ErrorStatusNames = ["400", "401", "403", "404", "500"];

const ErrorStatus = {
  400: 0,
  401: 1,
  403: 2,
  404: 3,
  500: 4,
};

Enum	Description
400	BadRequestError — Returned when request parameters are invalid, malformed, or missing required data.
401	NotAuthenticatedError — Returned when no valid user session is found. Typically indicates a login is required.
403	ForbiddenError — Returned when the user is authenticated but does not have sufficient permissions or rights for the requested operation.
404	NotFoundError — Returned when a required resource or data entry is not found in the system, such as a missing record or object.
500	HttpSystemError — Returned for internal server or system-level errors, such as database failures or unexpected exceptions.

AddToContextAction

MPO Version: 1.3.0

Adds one or more calculated values to the runtime context (this) at a specific point in the Business API flow. This is typically used to prepare values that will be referenced in later actions, such as computed totals, enriched properties, or temporary flags. The values are evaluated via MScript and written under the names you specify.

interface AddToContextAction extends BusinessApiAction = {
  context : ContextData[];
}

Field	Description
context	An array of `ContextData` objects. Each defines a property name and an MScript expression to compute its value. These values will be written to the runtime context (`this.<contextName>`), making them accessible in subsequent steps.

ContextData

MPO Version: 1.3.0

ContextData is a container object to represent any key-value pair to write or read to/from context.

interface ContextData = {
  contextName : String;
  contextValue : MScript;
}

Field	Description
contextName	The name of the variable to store in the context (e.g., `totalCost`, `userQuota`). The value will be accessible in later steps as `this.<contextName>`.
contextValue	An MScript expression used to compute the value for this property. Can reference other context fields, parameters, session values, or constants (e.g., `this.items.length * this.price`).

AddToResponseAction

MPO Version: 1.3.0

Adds one or more properties from the current context to the final response object after the main operation completes. This is useful when some values are computed or fetched indirectly (e.g., session-based, Redis-loaded, or generated) and need to be exposed in the API response explicitly.

interface AddToResponseAction extends BusinessApiAction = {
  context : ContextData[];
}

Field	Description
context	An array of `ContextData` entries. Each defines a name-value pair to be copied from the evaluated MScript into the response object. The property will appear in the final API output.

RemoveFromResponseAction

MPO Version: 1.3.0

Removes one or more properties from the final API response before it is returned to the client. This is useful for eliminating internal, sensitive, or unnecessary fields that were added by earlier actions or populated from context. Commonly used to enforce privacy, avoid leaking implementation details, or to conform to specific output schemas.

interface RemoveFromResponseAction extends BusinessApiAction = {
  properties : String[];
}

Field	Description
properties	An array of property names (strings) that will be removed from the final API response. Use this to clean up sensitive or internal fields before the response is returned.

RenderDataAction

MPO Version: 1.3.0

Generates a formatted string output by applying a predefined template to structured data using MScript. This is typically used to render email bodies, documents, files, or markdown/html content from API context values. The rendered result is saved into context (with contextPropertyName) and can be reused in subsequent actions such as email sending, file export, or response shaping.

interface RenderDataAction extends BusinessApiAction = {
  inputData : MScript;
  template : String;
}

Field	Description
inputData	An MScript expression that evaluates to the structured input data (object or array) to be passed into the template engine. Typically constructed from parameters or context (e.g., `this.userProfile`).
template	The name or identifier of the template to apply to the input data. Templates must be defined in the `templates` section of the service’s library module. The selected template is applied to the input data using a rendering engine (e.g., EJS), producing a formatted string output.

DataToFileAction

MPO Version: 1.3.0

Converts a given input into a downloadable file format such as CSV, JSON, or PDF. The data is prepared using an MScript expression and can be either returned to the client immediately or saved for internal use. Use this action when you need to export structured output from a Business API response or context.

interface DataToFileAction extends BusinessApiAction = {
  inputData : MScript;
  outputFormat : FileFormats;
  sendToClient : Boolean;
}

Field	Description
inputData	An MScript expression that resolves to a pre-rendered textual output to be saved as a file. This should be a string representing the actual content—such as a rendered CSV, JSON string, or HTML body—rather than raw structured data. If the input is a raw object, it will be automatically converted to a JSON string.
outputFormat	The format of the file to be generated. Common values include `json`, `csv`, `pdf`, based on supported `FileFormats` enum.
sendToClient	If true, the generated file will be sent to the client as a downloadable attachment in the API response. If false, the file is only generated internally.

FileFormats

Specifies supported output formats for content generation, serialization, or export. These are primarily text-based formats, suitable for structured data, document rendering, and developer-facing outputs.

FileFormatsNames = [
  "json",
  "xml",
  "csv",
  "tsv",
  "txt",
  "html",
  "md",
  "yaml",
  "yml",
  "svg",
  "pdf",
  "rtf",
  "log",
  "tex",
];

const FileFormats = {
  json: 0,
  xml: 1,
  csv: 2,
  tsv: 3,
  txt: 4,
  html: 5,
  md: 6,
  yaml: 7,
  yml: 8,
  svg: 9,
  pdf: 10,
  rtf: 11,
  log: 12,
  tex: 13,
};

Enum	Description
json	JavaScript Object Notation — structured, widely used for API and machine-readable exports.
xml	Extensible Markup Language — structured, verbose format common in enterprise and legacy systems.
csv	Comma-Separated Values — simple flat data format, best for spreadsheets or tabular exports.
tsv	Tab-Separated Values — like CSV but uses tabs, better for escaping commas in data.
txt	Plain Text — raw string content without formatting.
html	HyperText Markup Language — suitable for browser rendering and templated output.
md	Markdown — lightweight markup language for documentation and developer-friendly reports.
yaml	YAML Ain’t Markup Language — human-readable config format, commonly used in CI/CD pipelines and devops.
yml	YAML shorthand extension (alias of `.yaml`).
svg	Scalable Vector Graphics — XML-based vector image format used in charts and exports.
pdf	Portable Document Format — styled, paginated, formal format for reports, receipts, or printable content.
rtf	Rich Text Format — supports basic styling, used in word processors.
log	Log file — typically used for line-based event or debug data.
tex	LaTeX — markup format used for academic or mathematical document generation.

RedirectAction

MPO Version: 1.3.0

Redirects the client to a new URL after the API execution. This is often used in web-based flows like OAuth callbacks, login success handlers, or conditional navigation.

interface RedirectAction extends BusinessApiAction = {
  redirectUrl : HTTPRequest;
}

Field	Description
redirectUrl	The URL to redirect the client to. Supports templated HTTPRequest objects, which may include path parameters or query strings dynamically generated using MScript.

CreateJWTTokenAction

MPO Version: 1.3.0

Generates a signed JWT token from a given payload. This token can be stored in context or included in the API response for client use. Typically used for authentication or temporary session flows.

interface CreateJWTTokenAction extends BusinessApiAction = {
  JWTKey : MScript;
  payload : MScript;
}

Field	Description
JWTKey	An MScript expression that defines the value of the JWT key to sign the payload. It is mostly an environement variable reference.
payload	An MScript expression that defines the object payload to be encoded inside the JWT. May include user ID, scopes, expiration, or other claims.

CreateObjectAction

MPO Version: 1.3.0

Constructs an in-memory JavaScript object from key-value pairs and writes it to the context. This action does not persist data to the database. It is typically used to prepare structured data for use in other actions such as sending emails, rendering templates, API calls, or forming response objects.

interface CreateObjectAction extends BusinessApiAction = {
  payload : ObjectData[];
  mergeObject : MScript;
}

Field	Description
payload	An array of key-value pairs (as `ObjectData`) representing the base fields of the constructed object. Values are evaluated using MScript.
mergeObject	An optional MScript expression that returns an object. Its keys and values will be shallow-merged into the base object after `payload` is evaluated. This allows for dynamic or computed properties.

ObjectData

MPO Version: 1.3.0

Represents a single property assignment used when constructing a new object via CreateObjectAction. The value is evaluated dynamically from context.

interface ObjectData = {
  key : String;
  value : MScript;
}

Field	Description
key	The name of the property to assign on the created object (e.g., `status`, `createdBy`).
value	An MScript expression used to compute the value assigned to this property. Can include references to `this`, `session`, or other computed context.

CreateBucketTokenAction

MPO Version: 1.3.0

Generates a signed JWT token including a standard bucket permission paylod. This token can be stored in context or included in the API response for client use. Typically used for accessing Mindbricks Bucket service.

interface CreateBucketTokenAction extends BusinessApiAction = {
  bucketPermissions : BucketPermission[];
}

Field	Description
bucketPermissions	A list of bucket permissions that will included in the token payload. Typically a single bucket permission is issued through one API, but you can create multiple bucket permissions.

BucketPermission

MPO Version: 1.3.0

An object to define an access to a specific bucket with a specific permission.

interface BucketPermission = {
  bucketName : String;
  bucketId : MScript;
  permissionType : BucketPermissionType;
  isPublic : Boolean;
}

Field	Description
bucketName	A human readable string for the bucket name that will be given access. Eg. `privateProjectBucket`
bucketId	An MScript expression that evaluates to a unique id that will define the bucket. Eg. `${this.projectId}-private` If a bucket with this id doesn't exist, it will be created automatically.
permissionType	An Enum value (read or write) that defines the access right of the token on the bucket. Read is used to access files in non public buckets, write is used to create, update or delete a file in a public or private bucket.
isPublic	A Boolean value to define if the bucket is public or not. If it is set true, the bucket will be marked as public when first created. A public bucket can be accessed for reading without token, a private public will always need a token.

BucketPermissionType

An enum type to define the access right of a bucket token.

BucketPermissionTypeNames = ["read", "write"];

const BucketPermissionType = {
  read: 0,
  write: 1,
};

Enum	Description
read	Anyone with this bucket token can request to read a file in the private bucket with bucketId from the Bucket Service.
write	Anyone with this bucket token can request to create/update/delete a file in the private/public bucket with bucketId from the Bucket Service.

PublishEventAction

MPO Version: 1.3.0

Publishes a message to an event topic (such as a message bus, queue, or pub/sub channel) as part of the Business API flow. This action is used to emit domain events or trigger asynchronous workflows that are consumed by other services or systems. The payload is defined using MScript and can include structured data from the API context.

interface PublishEventAction extends BusinessApiAction = {
  topic : String;
  message : MScript;
}

Field	Description
topic	The name of the topic, channel, or event key to which the message will be published. This string typically matches the naming convention of the consuming system (e.g., `project.created`, `user.signup`).
message	An MScript expression that evaluates to the message payload to send. This can be a primitive value, object, or string and may reference `this`, session data, or previous action results.

ReadFromRedisAction

MPO Version: 1.3.0

Reads a value from Redis using a dynamically computed key and writes the result into the context under a specified property name (contextPropertyName). This action is typically used to retrieve session data, temporary values, or cached results that are needed later in the API flow. The retrieved value becomes accessible to other actions using this.<contextName>.

interface ReadFromRedisAction extends BusinessApiAction = {
  redisKey : MScript;
}

Field	Description
redisKey	An MScript expression that evaluates to the Redis key to fetch. Can include values from the current context, session, or request (e.g., `this.session.userId`).

WriteToRedisAction

MPO Version: 1.3.0

Writes a value to Redis under a computed key. The value is defined via MScript and can include dynamic data from the current context. This is typically used for storing transient data such as verification tokens, process state, or temporary API results.

interface WriteToRedisAction extends BusinessApiAction = {
  redisKey : MScript;
  message : MScript;
}

Field	Description
redisKey	An MScript expression that resolves to the Redis key where the message will be stored. You can use contextual values to create scoped or namespaced keys.
message	An MScript expression that evaluates to the value to store. This can be a string, number, or object. Complex objects will be serialized to JSON automatically.

SendMailAction

MPO Version: 1.3.0

Sends an email using a configured email provider. The subject, body, and recipient addresses are defined via MScript and can be dynamically constructed from context. This action is commonly used for transactional notifications, confirmations, or alerts.

interface SendMailAction extends BusinessApiAction = {
  provider : String;
  subject : MScript;
  body : MScript;
  to : MScript;
  from : MScript;
  cc : MScript;
}

Field	Description
provider	The identifier of the configured email provider (e.g., `smtp`, `sendgrid`, `mailjet`). Must match a provider setup in the projects’s notification configuration.
subject	An MScript expression that evaluates to the email subject. Can include context variables like `this.user.name`.
body	An MScript expression that evaluates to the email content, usually a rendered HTML or plaintext string. Often prepared using `RenderDataAction`.
to	An MScript expression that evaluates to the recipient email address (or a list of addresses).
from	An MScript expression defining the sender email address. Can be static or context-driven.
cc	Optional MScript expression to specify CC recipients. Can be a single address or array.

SendSmsAction

MPO Version: 1.3.0

Sends an SMS message using a configured SMS provider. The recipient phone number, message content, and sender ID are defined using MScript expressions. Useful for OTPs, short notifications, or alerts.

interface SendSmsAction extends BusinessApiAction = {
  provider : String;
  subject : MScript;
  body : MScript;
  to : MScript;
  from : MScript;
}

Field	Description
provider	The identifier of the configured SMS provider (e.g., `twilio`, `nexmo`). Must be defined in the service’s messaging configuration.
subject	Optional subject line, if supported by the SMS provider. Otherwise ignored. Can be used for internal categorization or template labeling.
body	An MScript expression that evaluates to the message body. This should be a short, plaintext message suitable for mobile delivery.
to	An MScript expression that resolves to the recipient's phone number (in international format).
from	The sender identifier, either a short code or alphanumeric sender name, depending on provider capabilities.

SendPushNotificationAction

MPO Version: 1.3.0

Sends a push notification using a configured provider (e.g., Firebase, OneSignal). Subject and body are rendered via MScript and sent to the recipient device or user ID. Suitable for in-app or mobile alerts.

interface SendPushNotificationAction extends BusinessApiAction = {
  provider : String;
  subject : MScript;
  body : MScript;
  to : MScript;
  from : MScript;
}

Field	Description
provider	The name of the push notification provider to use (e.g., `firebase`, `onesignal`). Must be configured in the service’s notification setup.
subject	The notification title or heading, rendered via MScript. This typically appears as the bold title on a mobile push alert.
body	The body text of the notification, defined via MScript. Should be concise and actionable.
to	The recipient device ID or user identifier, evaluated from context. Format depends on the configured provider.
from	Optional sender or topic ID. Used to label or route notifications by source when supported by the provider.

RefineByAiAction

MPO Version: 1.3.0

Refines or transforms a given text using an AI provider such as OpenAI or Anthropic. The action supports adjustable refinement depth via temperature and mode, and allows instruction control through a system prompt. The result is stored in the context and can be reused in rendering, messaging, or responses. Use this for rephrasing, summarizing, tone-shifting, or grammar correction.

interface RefineByAiAction extends BusinessApiAction = {
  provider : String;
  inputData : MScript;
  systemPrompt : String;
  temperature : Double;
  mode : String;
}

Field	Description
provider	The name of the AI provider to use (e.g., `openai`, `anthropic`). Must be configured in the service's AI settings.
inputData	An MScript expression that evaluates to the input string to be refined. This should be a plain text value from the context, parameters, or a prior action.
systemPrompt	An optional system-level instruction string to guide the AI's tone or intent. Example: 'You are a professional editor. Keep meaning intact, improve clarity and grammar.'. Leave it null if you want to use default prompt.
temperature	A value between 0 and 1 indicating how much variation the model should apply. Use low values (~0.2) for subtle fixes, and higher values (~0.7) for more creative rewrites.
mode	Optional label representing the level or style of refinement. Common values might include `preserve`, `light`, `reword`, `rewrite`, `summarize`. This can be interpreted by your backend to choose a prompt template.

CheckoutAction

MPO Version: 1.3.0

Calls the proper native payment gateway functions according to the current stage of checkout lifecyle. Currentlu Stripeis supported natively, for other gateways use integrations.

interface CheckoutAction extends BusinessApiAction = {
  gateway : String;
  stage : CheckoutStage;
}

Field	Description
gateway	The name of thepayment gateway that is supported natively. Current support is only for Stripe, so this value should be `Stripe`.
stage	The type of the stage call that the action will make. It can start, complete or refresh a checkout, it can accept a gateway webhook.

CheckoutStage

The target stage of the payment lifecyle on which the action's decision for next step to be executed is based.

CheckoutStageNames = ["simple", "start", "complete", "refresh", "callback"];

const CheckoutStage = {
  simple: 0,
  start: 1,
  complete: 2,
  refresh: 3,
  callback: 4,
};

Enum	Description
simple	The lifecycle is simple it is just one sync call to handle everything, creating the charge immedeatly.
start	The payment operation is wanted to be started, mostly an intent is created on the frontend side, but also it can be started in the server side.
complete	The payment operation is wanted to be completed, the intent will be a real charge.
refresh	The payment operation data in the gateway server will be fetched and the application payment tickets and order status will be refreshed according to the server. Use this if you dont want to use a webhook.
callback	The api is called by the gateway webhook, so the refresh operation will be held asyncronously. Use this option if you provide your api as a webhook to the provider.

VerifyWebhookAction

MPO Version: 1.3.0

Verifies a webhook call of a provider with its signature secret and reads the parameeters and writes them to the context.

interface VerifyWebhookAction extends BusinessApiAction = {
  provider : String;
  secretKey : MScript;
}

Field	Description
provider	The name of the provider to verify the webhook. Current support is only for stripe, so this value should be `stripe`.
secretKey	An MScript value to represent ot to reach the secret key of the webhook signature

IntegrationAction

MPO Version: 1.3.0

Calls a native API integration provided by Mindbricks (e.g., AWS S3, Airtable, Stripe, Asana). Each integration exposes a set of predefined actions, and this object triggers one of them with dynamically computed parameters. The result is stored in the context and can be used in follow-up steps. This allows low-code access to third-party systems using structured inputs.

interface IntegrationAction extends BusinessApiAction = {
  provider : IntegrationProvider;
  action : String;
  parameters : IntegrationParameter[];
}

Field	Description
provider	The identifier of the external service provider to call (e.g., `aws`, `asana`, `salesforce`). Must match a supported integration configured within Mindbricks.
action	The specific action or operation to invoke on the provider. For example: `uploadFile`, `createRecord`, `deleteObject`, `listItems`. Action names must match those exposed by the selected integration provider.
parameters	An array of parameter objects that define the inputs to pass to the integration action. Each parameter includes a name and a dynamically evaluated value from context.

IntegrationParameter

MPO Version: 1.3.0

Defines a single named input to be passed to a native integration provider action. Parameter values are evaluated using MScript and can be derived from session, context, or external input.

interface IntegrationParameter = {
  parameterName : String;
  parameterValue : MScript;
}

Field	Description
parameterName	The name of the parameter as expected by the integration action (e.g., `bucketName`, `filePath`, `email`).
parameterValue	An MScript expression that resolves to the parameter value. This can reference current context, session variables, request parameters, or computed logic.

LoopAction

MPO Version: 1.3.0

Defines a repeated execution block within a Business API workflow. It loops over the result of an MScript expression and executes a list of actions for each item. The current item is exposed as a local variable named by loopItemName, directly accessible in MScript. Loop actions can be nested to support multi-level iteration, enabling hierarchical or grid-like data processing patterns.

interface LoopAction extends BusinessApiAction = {
  loopFor : MScript;
  loopItemName : String;
  isParallel : Boolean;
  actions : String[];
}

Field	Description
loopFor	An MScript expression that evaluates to an iterable (such as an array). Each element of the result will be bound to the variable defined by `loopItemName` and processed through the listed actions.
loopItemName	The name of the variable representing the current item in each loop iteration. This variable is directly accessible in MScript without `this.`. For example, if `loopItemName` is `customerItem`, you can reference `customerItem.id` or `customerItem.status` inside any action executed in the loop.
isParallel	A boolean value to control the non-blockin behaviour of the loop steps. If isParallel set to true, all loop steps will be called as async together, but the loop itself will be awaited. If it is false, all steps are awaited and executed one by one. Use the async option if you are sure that the target source (like db, redis, cpu, disk) will be able manage multiple jobs at once.
actions	An array of action names (as strings) to execute during each loop iteration. These actions must be previously defined in the Business API's action store.

ParallelAction

MPO Version: 1.3.0

Defines a non-blocking execution group in which multiple actions are executed in parallel. Each action runs independently using the same input context. Parallel actions are useful for concurrent fetches, validations, or other side-effect-free logic. This action can also include nested ParallelAction or LoopAction steps, enabling concurrent or branched execution across multiple layers of the workflow.

interface ParallelAction extends BusinessApiAction = {
  actions : String[];
}

Field	Description
actions	An array of action names (as strings) to be executed concurrently. Each action in this list will run using the shared context. Nested parallel and loop actions are supported for composing deeply concurrent workflows.

BusinessWorkflow

MPO Version: 1.3.0

Defines the execution flow milestones of a Business API. Only one of the sub-flows (create, update, delete, get, list) will be populated, based on the crudType of the API. Each workflow contains ordered arrays of action ids to be executed at predefined lifecycle milestones (e.g., after reading parameters, after the main DB operation). These workflows allow complete control of the API's logic and are fully compatible with visual workflow editors.

interface BusinessWorkflow = {
  create : CreateBusinessWorkflow;
  update : UpdateBusinessWorkflow;
  delete : DeleteBusinessWorkflow;
  get : GetBusinessWorkflow;
  list : ListBusinessWorkflow;
}

Field	Description
create	The milestone execution flow for a `create`-type API. Contains action arrays tied to standard lifecycle stages of record creation.
update	The milestone execution flow for an `update`-type API. Contains action arrays tied to record lookup, validation, mutation, and response shaping.
delete	The milestone execution flow for a `delete`-type API. Contains action arrays for lookup, conditional deletion, side-effects, and cleanup.
get	The milestone execution flow for a `get`-type API. Contains actions that run at fixed read-only stages like parameter validation, access checks, and enrichment.
list	The milestone execution flow for a `list`-type API. Enables filtering, paging, sorting, and post-query actions such as formatting or permission-based shaping.

CreateBusinessWorkflow

MPO Version: 1.3.0

Defines the standard execution milestones for a create-type Business API. Each field represents a milestone (a fixed lifecycle stage), and its value is an ordered list of action ids executed by the API manager. These steps include all default, hardcoded logic (e.g., session handling, parameter extraction, DB insert) while leaving space for user-defined actions after each milestone. You can modify this workflow programmatically or visually.

interface CreateBusinessWorkflow = {
  afterStartBusinessApi : String[];
  afterReadParameters : String[];
  afterTransposeParameters : String[];
  afterCheckParameters : String[];
  afterCheckBasicAuth : String[];
  afterBuildDataClause : String[];
  afterMainCreateOperation : String[];
  afterBuildOutput : String[];
  afterSendResponse : String[];
  afterApiEvent : String[];
}

Field	Description
afterStartBusinessApi	Executed before everything just after the api is started by the controller. Context has just got the raw request object and the session object populated by the controller. Use this stage for fundemantal validations or to manüpulate the context before everything.
afterReadParameters	Triggered after all parameters are read from the request or Redis. Use this to perform early validation or context enrichment based on raw input.
afterTransposeParameters	Executed after parameters are normalized or transformed. Use this for logic that depends on preprocessed values (e.g., derived inputs or structure remapping).
afterCheckParameters	Runs after parameter validations complete. Use this for business logic checks or to raise field-specific errors (e.g., pricing thresholds, invalid combinations).
afterCheckBasicAuth	Fires after role and permission validations. Typically used to enforce fine-grained access checks or audit preparation logic.
afterBuildDataClause	Executed after the data clause object is constructed and before the actual create operation. Use this to inject additional fields or adjust payload structure.
afterMainCreateOperation	Runs immediately after the database insert operation completes. Ideal for events, side-effects, or chained actions based on the created record.
afterBuildOutput	Allows final shaping of the response payload before it is sent. You can inject, modify, or strip fields at this stage.
afterSendResponse	Triggered after the response is sent to the client. Use for post-response operations like analytics, logging, or delayed workflows.
afterApiEvent	Triggered after the Business API emits an API-level event (if configured). This is the final milestone in the API execution flow and is typically used for cleanup, async queues, or chained notifications that depend on event dispatch success.

UpdateBusinessWorkflow

MPO Version: 1.3.0

Defines the execution milestones for an update-type Business API, used to modify an existing record. Each field represents a fixed lifecycle milestone. Custom action ids placed under a milestone will be executed in order after that point. These workflows enable full customization of business logic without overriding default update behavior, and they support visual modeling of logic steps.

interface UpdateBusinessWorkflow = {
  afterStartBusinessApi : String[];
  afterReadParameters : String[];
  afterTransposeParameters : String[];
  afterCheckParameters : String[];
  afterCheckBasicAuth : String[];
  afterBuildWhereClause : String[];
  afterFetchInstance : String[];
  afterCheckInstance : String[];
  afterBuildDataClause : String[];
  afterMainUpdateOperation : String[];
  afterBuildOutput : String[];
  afterSendResponse : String[];
  afterApiEvent : String[];
}

Field	Description
afterStartBusinessApi	Executed before everything just after the api is started by the controller. Context has just got the raw request object and the session object populated by the controller. Use this stage for fundemantal validations or to manüpulate the context before everything.
afterReadParameters	Triggered after all parameters are read from the request or Redis. Use this to perform early validation or context enrichment based on raw input.
afterTransposeParameters	Executed after parameters are normalized or transformed. Use this for logic that depends on preprocessed values (e.g., derived inputs or structure remapping).
afterCheckParameters	Runs after parameter validations complete. Use this for business logic checks or to raise field-specific errors (e.g., pricing thresholds, invalid combinations).
afterCheckBasicAuth	Fires after role and permission validations. Typically used to enforce fine-grained access checks or audit preparation logic.
afterBuildWhereClause	Occurs once the main `WHERE` clause is generated for the query. Insert actions here to log or modify query conditions or add scoped audit logic. This where clause will be first used to fetch the instance to be updated.
afterFetchInstance	Fires after manager fetches the target record before it is updated and written to the context for pre-operation checks. Insert your own actions here to add your own checks or to mnanipulate default instance check which will be executed next.
afterCheckInstance	Triggered after the instance is dispatched and check for basic requirements like existence or ownership. Insert actions here to make your own checks on the instance that will be updated.
afterBuildDataClause	Executed after the update data clause object is constructed and before the actual update operation. Use this to inject additional fields or adjust payload structure.
afterMainUpdateOperation	Runs immediately after the database update operation completes. Ideal for events, side-effects, or chained actions based on the updated record.
afterBuildOutput	Allows final shaping of the response payload before it is sent. You can inject, modify, or strip fields at this stage.
afterSendResponse	Triggered after the response is sent to the client. Use for post-response operations like analytics, logging, or delayed workflows.
afterApiEvent	Triggered after the Business API emits an API-level event (if configured). This is the final milestone in the API execution flow and is typically used for cleanup, async queues, or chained notifications that depend on event dispatch success.

DeleteBusinessWorkflow

MPO Version: 1.3.0

Defines the execution milestones for a delete-type Business API, which removes or soft-deletes a single record. Each field corresponds to a lifecycle milestone. Custom actions inserted at any milestone are executed in order after that point. This enables fine-grained control over logic such as confirmation checks, permission gating, logging, or external integrations—without needing to override the default deletion behavior.

interface DeleteBusinessWorkflow = {
  afterStartBusinessApi : String[];
  afterReadParameters : String[];
  afterTransposeParameters : String[];
  afterCheckParameters : String[];
  afterCheckBasicAuth : String[];
  afterBuildWhereClause : String[];
  afterFetchInstance : String[];
  afterCheckInstance : String[];
  afterMainDeleteOperation : String[];
  afterBuildOutput : String[];
  afterSendResponse : String[];
  afterApiEvent : String[];
}

Field	Description
afterStartBusinessApi	Executed before everything just after the api is started by the controller. Context has just got the raw request object and the session object populated by the controller. Use this stage for fundemantal validations or to manüpulate the context before everything.
afterReadParameters	Triggered after all parameters are read from the request or Redis. Use this to perform early validation or context enrichment based on raw input.
afterTransposeParameters	Executed after parameters are normalized or transformed. Use this for logic that depends on preprocessed values (e.g., derived inputs or structure remapping).
afterCheckParameters	Runs after parameter validations complete. Use this for business logic checks or to raise field-specific errors (e.g., pricing thresholds, invalid combinations).
afterCheckBasicAuth	Fires after role and permission validations. Typically used to enforce fine-grained access checks or audit preparation logic.
afterBuildWhereClause	Occurs once the main `WHERE` clause is generated for the query. Insert actions here to log or modify query conditions or add scoped audit logic. This where clause will be first used to fetch the instance to be deleted.
afterFetchInstance	Fires after manager fetches the target record before it is deleted and written to the context for pre-operation checks. Insert your own actions here to add your own checks or to mnanipulate default instance check which will be executed next.
afterCheckInstance	Triggered after the instance is dispatched and check for basic requirements like existence or ownership. Insert actions here to make your own checks on the instance that will be deleted.
afterMainDeleteOperation	Runs immediately after the database delete operation completes. Ideal for events, side-effects, or chained actions based on the deleted record.
afterBuildOutput	Allows final shaping of the response payload before it is sent. You can inject, modify, or strip fields at this stage.
afterSendResponse	Triggered after the response is sent to the client. Use for post-response operations like analytics, logging, or delayed workflows.
afterApiEvent	Triggered after the Business API emits an API-level event (if configured). This is the final milestone in the API execution flow and is typically used for cleanup, async queues, or chained notifications that depend on event dispatch success.

GetBusinessWorkflow

MPO Version: 1.3.0

Defines the execution milestones for a get-type Business API, which retrieves a single record. Each milestone represents a predefined point in the API lifecycle. Action ids listed under a milestone will be executed in the given order immediately after that point is reached. This structure enables customized behaviors like access control, derived property enrichment, or API shaping without overriding core logic.

interface GetBusinessWorkflow = {
  afterStartBusinessApi : String[];
  afterReadParameters : String[];
  afterTransposeParameters : String[];
  afterCheckParameters : String[];
  afterCheckBasicAuth : String[];
  afterBuildWhereClause : String[];
  afterMainGetOperation : String[];
  afterCheckInstance : String[];
  afterBuildOutput : String[];
  afterSendResponse : String[];
  afterApiEvent : String[];
}

Field	Description
afterStartBusinessApi	Executed before everything just after the api is started by the controller. Context has just got the raw request object and the session object populated by the controller. Use this stage for fundemantal validations or to manüpulate the context before everything.
afterReadParameters	Executed after parameters are extracted from the request. This is the earliest milestone and is ideal for initial validation, normalization, or preprocessing.
afterTransposeParameters	Runs after parameter transformation, such as type coercion or merging Redis parameters. Use this stage to derive dependent values or reformat inputs.
afterCheckParameters	Triggered after core validations on required or custom parameters complete. Insert validation actions here to enforce business-specific input rules.
afterCheckBasicAuth	Executed after basic role and permission checks are performed. Use this for object-level access guards or dynamic access logic based on user roles.
afterBuildWhereClause	Occurs once the main `WHERE` clause is generated for the query. Insert actions here to log or modify fetch conditions or add scoped audit logic.
afterMainGetOperation	Runs immediately after the object is fetched from the database. This is the best point for enrichment actions like fetching related data or computing derived properties.
afterCheckInstance	Triggered after the response is dispatched. Use for non-blocking post-response actions like logging, analytics, or starting asynchronous flows.
afterBuildOutput	Executes after the response payload is constructed but before it is sent. Use this to adjust formatting, inject extra context, or remove sensitive fields.
afterSendResponse	Triggered after the response is dispatched. Use for non-blocking post-response actions like logging, analytics, or starting asynchronous flows.
afterApiEvent	Runs after the optional API-level event has been emitted. This is the final milestone and is ideal for actions that should occur after the workflow is complete.

ListBusinessWorkflow

MPO Version: 1.3.0

Defines the execution milestones for a list-type Business API, which returns a paginated set of records. Each field represents a fixed lifecycle milestone. Action ids added to a milestone will be executed in order after that point. This structure enables modular extension of logic for filtering, permission enforcement, data enrichment, and more—without overriding the main query behavior.

interface ListBusinessWorkflow = {
  afterStartBusinessApi : String[];
  afterReadParameters : String[];
  afterTransposeParameters : String[];
  afterCheckParameters : String[];
  afterCheckBasicAuth : String[];
  afterBuildWhereClause : String[];
  afterMainListOperation : String[];
  afterBuildOutput : String[];
  afterSendResponse : String[];
  afterApiEvent : String[];
}

Field	Description
afterStartBusinessApi	Executed before everything just after the api is started by the controller. Context has just got the raw request object and the session object populated by the controller. Use this stage for fundemantal validations or to manüpulate the context before everything.
afterReadParameters	Executed immediately after request and Redis parameters are read into context. Use this stage for early validations or transformations on raw inputs.
afterTransposeParameters	Runs after parameter reshaping or normalization logic. Use this for refining structured inputs or deriving helper values for downstream use.
afterCheckParameters	Executed after required and custom parameters have been validated. Place custom validation or cross-field logic actions here.
afterCheckBasicAuth	Runs after role-based access checks. Use this milestone to insert actions that enforce access based on session, membership, or other dynamic conditions.
afterBuildWhereClause	Triggered after the main query’s `WHERE` clause has been finalized. Insert logic here for audit logging or external query construction monitoring.
afterMainListOperation	Runs after the paginated list has been retrieved from the database. Use this milestone for data enrichment, parallel fetches, or computed fields.
afterBuildOutput	Executed after the response payload has been shaped. This is the best point to inject additional context, sanitize outputs, or apply output transformations.
afterSendResponse	Runs after the list result has been sent to the client. Use this for analytics, usage tracking, or triggering asynchronous actions.
afterApiEvent	Executed after the optional API-level event is published (if configured). This is the final milestone for clean-up or system-level broadcasting.

ServiceLibrary

MPO Version: 1.3.0

Defines a custom service library for your Mindbricks service. A ServiceLibrary is a modular container for user-defined code, templates, and assets. It allows developers to inject business-specific logic or reusable components into the service. You can define functions, templates, and assets, as well as edge functions (used by edge controllers to fully control the route lifecycle). These modules can be referenced throughout the service—for example, in validations, permissions, conditions, or hooks.

interface ServiceLibrary = {
  functions : LibModule[];
  edgeFunctions : LibModule[];
  templates : LibModule[];
  assets : LibModule[];
  public : LibModule[];
}

Field	Description
functions	List of reusable JavaScript functions available in the service. These are general-purpose functions used in validations, permissions, and other scripts. Each function is defined as a `LibModule`, exporting a callable function or a structured object.
edgeFunctions	Functions invoked by edge controllers, enabling fully custom handling of requests. These modules must export an async function that accepts a single request parameter and returns an API response or throws an error. Standard validations will still apply before execution. A sample helloWorld edge function would be like following.

{ 'moduleName': 'helloWorld', 'moduleExtension': 'js', 'moduleBody': 'module.exports = async (request) => { return { status: 200, message: "Hello from the edge function", date: new Date().toISOString() }; }' }
```
| templates     | Templates used within the service to render dynamic content such as emails, documents, or downloads. Typically written in `ejs`, they are evaluated with route data before rendering the final output.                                                                                                                                                                                                                                                                                                                                                      |
| assets        | Static text or image-based files (e.g., credentials, configs, illustrations) used by the business logic. These can be used internally or for generating downloadable content. Each is defined as a `LibModule`.                                                                                                                                                                                                                                                                                                                                             |
| public        | Public files exposed via a static URL, accessible directly by frontend or client-side apps. Used for assets like logos, PDFs, or other client-facing files.                                                                                                                                                                                                                                                                                                                                                                                                 |

#### LibModule

**MPO Version:** 1.3.0

Defines a module file in the service library. This object is used for declaring code, templates, or file assets that enhance your business logic. A `LibModule` can be a JavaScript function, an HTML template, or a static text/image file. JavaScript modules should export functions or objects conforming to their assigned context, such as validations, edge functions.

```typescript
interface LibModule = {
  moduleName : String;
  moduleExtension : String;
  moduleBody : Text;
}

Field	Description
moduleName	The name of the module. Should be unique within the library. Use lowercase or camelCase (e.g., `updateParent`). This name is used to reference the function or file in route logic.
moduleExtension	The file extension of the module, such as `js`, `json`, `ejs`, `txt`, `svg`, or `pdf`. This defines how Mindbricks interprets or stores the content.
moduleBody	The content of the module. This may be JavaScript code, template HTML, or any other textual asset depending on its extension.

EdgeController

MPO Version: 1.3.0

An edge controller defines a fully customized route handled by a developer-defined function. Unlike standard Busines APIs, it gives full control over the request processing by directly calling a function from the service library. This allows advanced operations like database queries, external API calls, or dynamic responses without following the CRUD cycle. Edge controllers are ideal for building special-purpose APIs or custom flows outside Mindbricks' automatic route generation.

interface EdgeController = {
  edgeControllerOptions : EdgeControllerOptions;
  edgeRestSettings : EdgeRestSettings;
}

Field	Description
edgeControllerOptions	Configuration object for the edge controller. It defines which edge function will be executed and whether login is required to access it.
edgeRestSettings	HTTP settings for exposing the edge controller as a REST API. It allows specifying the URL path and HTTP method that will trigger the edge function.

EdgeControllerOptions

MPO Version: 1.3.0

Options that define the execution behavior of the edge controller, including the function to call and login requirement.

interface EdgeControllerOptions = {
  functionName : String;
  loginRequired : Boolean;
}

Field	Description
functionName	The name of the function defined in the service library that will handle this controller’s logic. The function must be an async module under 'edgeFunctions' and should return an object or throw an error as response.
loginRequired	Whether the caller must be logged in to access this edge route. If true, Mindbricks will enforce authentication using session or token checks before invoking the function.

EdgeRestSettings

MPO Version: 1.3.0

Defines the public REST endpoint for the edge controller. Specifies how the route is exposed via HTTP, including path and method.

interface EdgeRestSettings = {
  path : String;
  method : HTTPRequestMethods;
}

Field	Description
path	The relative URL path for this controller. It determines where the edge function will be accessible in the REST API (e.g., '/generate-invoice').
method	The HTTP method that will trigger the edge controller. Typical values include GET, POST, PUT, DELETE, etc.

Was this page helpful?

Built with Documentation.AI

Last updated 1 day ago