Service

Business Api

BusinessApi

MPO Version: 1.3.0

Defines a Business API, a high-level abstraction representing a specific business operation on a primary data object. It encapsulates intent (e.g., get, create, delete), parameters, trigger mechanisms, and a structured workflow composed of modular actions. Each Business API offers more expressive and decoupled control over behavior and access.

interface BusinessApi = {
  apiOptions : ApiOptions;
  authOptions : ApiAuthOptions;
  customParameters : BusinessApiParameter[];
  redisParameters : RedisApiParameter[];
  restSettings : ApiRestSettings;
  grpcSettings : ApiGrpcSettings;
  kafkaSettings : ApiKafkaSettings;
  sseSettings : ApiSseSettings;
  cronSettings : ApiCronSettings;
  selectClause : SelectClauseSettings;
  dataClause : DataClauseSettings;
  whereClause : WhereClauseSettings;
  deleteOptions : DeleteOptions;
  getOptions : GetOptions;
  listOptions : ListOptions;
  paginationOptions : PaginationOptions;
  actions : BusinessApiActionStore;
  workflow : BusinessWorkflow;
}

Field	Description
apiOptions	Defines the name,type, dataObject and description of the business api as well as its basic options
authOptions	Defines core authentication and authorization settings for a Business API. These settings cover session validation, role and ownership checks, and access scope (e.g., tenant vs. SaaS-level). While these options are sufficient for most use cases, more fine-grained access control—such as conditional permissions or contextual ownership—should be implemented using explicit access control actions (e.g., `PermissionCheckAction`, `MembershipCheckAction`, `ObjectPermissionCheckAction`).
customParameters	An array of manually defined parameters that are extracted from the incoming request (e.g., body, query, session). These are configured using `BusinessApiParameter` and are written to the context as `this.<name>` before workflow execution begins.
redisParameters	An array of parameters fetched from Redis based on dynamically computed keys. These are defined using `RedisApiParameter` and are written to the context as `this.<name>`, just like custom parameters.
restSettings	Defines HTTP REST controller settings such as method and route path. Automatically generated using naming conventions, but can be customized for fine-grained control over REST behavior, parameter mapping, or URL design.
grpcSettings	Enables gRPC access for this Business API and configures the request and response schemas. gRPC is disabled by default unless explicitly configured.
kafkaSettings	Enables this Business API to be triggered by Kafka events. This controller listens for messages published to configured Kafka topics, allowing the API to respond to system-level events (e.g., file uploaded, user signed up) or external integrations. This is commonly used for decoupled orchestration between services or for reacting to events emitted by backend libraries and storage providers.
sseSettings	Enables Server-Sent Events (SSE) streaming for this Business API. When enabled, the API can stream its response as chunks (for large datasets, file exports, LLM token streaming) or emit progress events (for long-running operations) over an SSE connection.
cronSettings	Schedules this Business API for automatic execution at specified intervals. Useful for background tasks, data cleanup, or scheduled jobs. Uses cron expressions to define timing.
selectClause	Specifies which fields will be selected from the main data object during a `get` or `list` operation. Leave blank to select all properties. This applies only to `get` and `list` type APIs.
dataClause	Defines custom field-value assignments used to modify or augment the default payload for `create` and `update` operations. These settings override values derived from the session or parameters if explicitly provided.
whereClause	Defines the criteria used to locate the target record(s) for the main operation. This is expressed as a query object and applies to `get`, `list`, `update`, and `delete` APIs. All API types except `list` are expected to affect a single record.
deleteOptions	Contains settings specific to `delete` type APIs, such as soft-delete configurations or cascade options.
getOptions	Contains settings specific to `get` type APIs, such as instance enrichment, fallback behaviors, or object caching.
listOptions	Defines list-specific options including filtering logic, default sorting, and result customization for APIs that return multiple records.
paginationOptions	Contains settings to configure pagination behavior for `list` APIs. Includes options like page size, offset, cursor support, and total count inclusion.
actions	Represents the available logic actions that can be referenced by the Business API's workflow. Actions include data fetches, validation, permission checks, interservice calls, transformations, and output shaping.
workflow	Defines the logical flow of the Business API, composed of sequenced action ids grouped by lifecycle stages. This workflow is generated visually in the architecture UI or programmatically inferred from the API's type.

ApiOptions

MPO Version: 1.3.0

Main configuration section for a Business API. This object includes essential attributes such as naming, access control, event handling, input generation, and fallback strategies. In many cases, configuring this section alone is sufficient to define the primary behavior of an API entry point.

interface ApiOptions = {
  dataObjectName : LocalDataObjectName;
  dataViewName : String;
  crudType : CrudTypes;
  name : String;
  apiDescription : Text;
  frontendDocument : Text;
  raiseApiEvent : Boolean;
  raiseDbLevelEvents : Boolean;
  autoParams : Boolean;
  readFromEntityCache : Boolean;
  blockMcp : Boolean;
  isDefaultApi : Boolean;
}

Field	Description
dataObjectName	Specifies the primary data object that this Business API interacts with. This object is the core target of the API's operation, such as reading, updating, or deleting records. Required even when dataViewName is set — the DataView's mainObject must match this dataObject.
dataViewName	Optional. Specifies the name of a DataView defined in the BFF service whose mainObject matches this API's dataObject. When set, all read/fetch operations (get, list, and fetchInstance for update/delete) use ElasticIndexer to query the DataView's Elasticsearch index. Write operations (create, update, delete) still execute against the database. For create, the result is enriched from the DataView after the DB insert. The dataObjectName is always required and must match the DataView's mainObject.
crudType	Defines the primary operation type for this API. Possible values are `get`, `list`, `create`, `update`, and `delete`. This classification drives the behavior and flow of the API lifecycle.
name	A unique, human-readable name for the API, used for referencing in documentation and the UI. This is not a code-level identifier; instead, generated class and function names are derived from this value. Use camelCase formatting, avoid spaces or special characters, and ensure uniqueness within the same service. If you want the API to behave like a default RESTful endpoint, use a verb-noun combination like `createUser`, `getOrder`, or `deleteItem`, which will enforce expected parameters and URL patterns (e.g., `/users/:userId`).
apiDescription	A brief explanation of the API's business purpose or logic. Helps clarify its intent for developers and documentation readers.
frontendDocument	A text based information to inform the frontend developer or frontend AI agent about the api specific UX behaviour of the api logic based on user stories and use cases. The format may be either text or markdown(recommended). Write the document as an AI prompt and describe api specific UX behaviours. Note that this document will be given to the AI agent or human developer combined with all technical details that is generated from the business api design,so this document should only focus on data api-specific behavioral UX business logic.
raiseApiEvent	Indicates whether the Business API should emit an API-level event after successful execution. This is typically used for audit trails, analytics, or external integrations.
raiseDbLevelEvents	If true, database-level events will be emitted for each affected data object. This is useful for APIs that interact with multiple related objects and need fine-grained event tracking.
autoParams	Determines whether input parameters should be auto-generated from the schema of the associated data object. Set to `false` if you want to define all input parameters manually.
readFromEntityCache	If enabled, the API will attempt to read the target object from the Redis entity cache before querying the database. This can improve performance for frequently accessed records.
blockMcp	When true, this Business API will not be exposed as an MCP tool. Use this for APIs that require frontend-specific flows (e.g., payment with credit card input, 3DS verification) and should not be called by AI agents directly.
isDefaultApi	If true, marks this API as the default API for its crudType on the associated data object. Frontend generators and AI agents will use default APIs for standard CRUD operations (create, update, delete, get, list). Only one API per crudType per data object should be marked as default. If no default is set, the frontend generator will auto-discover the most general API for each operation.

CrudTypes

CrudTypes define the fundamental operation mode of a route. Each route is classified by a CRUD type that reflects its intended data operation: create, update, read, or delete.

const CrudTypes = {
  create: "create",
  update: "update",
  get: "get",
  list: "list",
  delete: "delete",
};

Enum	Description
create	Specifies that the route handles creation operations. It inserts a new record into the associated data object. Mindbricks auto-generates default behavior for create routes, but custom logic can be defined via the route’s createSettings.
update	Specifies that the route handles update operations for a single existing record. The primary access criterion is the record's ID. Mindbricks auto-generates default behavior for update routes, but customizations can be added using updateSettings.
get	Specifies that the route retrieves a single record of the data object. The primary access criterion is the record's ID. Mindbricks provides default logic, but route-specific getSettings can be applied for custom retrieval.
list	Specifies that the route retrieves multiple records of the data object. By default, results are filtered by authorization rules. List-level customizations can be configured through listOptions and paginationOptions
delete	Specifies that the route handles deletion of a single record. The access criterion is the record's ID. Mindbricks supports both hard and soft deletes, with behavior controlled through deleteOptions.

LocalDataObjectName

MPO Version: 1.3.0

Represents a reference to a data object within the same service. The value must be a simple object name; not a qualified reference in the format 'serviceName:objectName'.

interface LocalDataObjectName = {
}

Field	Description

ApiAuthOptions

MPO Version: 1.3.0

Defines core authentication and authorization settings for a Business API. These settings cover session validation, role and ownership checks, and access scope (e.g., tenant vs. SaaS-level). While these options are sufficient for most use cases, more fine-grained access control—such as conditional permissions or contextual ownership—should be implemented using explicit access control actions (e.g., PermissionCheckAction, MembershipCheckAction, ObjectPermissionCheckAction).

interface ApiAuthOptions = {
  apiInSaasLevel : Boolean;
  M2MAllowed : Boolean;
  loginRequired : Boolean;
  ownershipCheck : Boolean;
  parentOwnershipChecks : String[];
  absoluteRoles : String[];
  checkRoles : String[];
  defaultPermissions : String[];
}

Field	Description
apiInSaasLevel	If true, this API can be accessed across tenants (SaaS-wide). This bypasses tenant ID filtering and is only allowed for users with SaaS-level roles. Use this for global admin tools or cross-tenant analytics.
M2MAllowed	If true, this API can be accessed using machine-to-machine (M2M) tokens without requiring a user session. When enabled, services can call this API using M2M tokens in addition to (or instead of) user session tokens. This allows for secure inter-service communication. Can be combined with loginRequired to allow both M2M tokens and user sessions, or set loginRequired to false for M2M-only access.
loginRequired	Specifies whether the user must be authenticated to access the API. By default, this inherits the login requirement from the associated data object, but it can be overridden here.
ownershipCheck	Defines whether ownership should be enforced on the main data object. This check restricts access to the object’s owner and will be applied via the query in list operations and after the instance is fetched in others.
parentOwnershipChecks	Specifies additional parent objects (e.g., `organization`, `project`) whose ownership must also be verified. This supports enforcing nested ownership rules across related entities.
absoluteRoles	A list of role names that grant unconditional access to this API in terms of authentication and authorization. Users with any of these roles will bypass all auth checks—including role, permission, ownership, and membership and custom 401-403 validations. However, business-level validations (e.g., required fields, value constraints) will still apply to ensure domain correctness.
checkRoles	A list of roles that are required to pass basic role checks for this API. These are not absolute—users with these roles still undergo other validations and access control checks unless also included in `absoluteRoles`. Multiple roles are combined using OR logic.
defaultPermissions	Defines a list of required permissions that the user must have globally or through roles/groups. For `get`, `update`, and `delete` APIs, object-level overrides may also be considered if the main data object supports object permissions. Multiple permissions are combined using AND logic. For complex, conditional, or cross-object permissions, use `PermissionCheckAction` or `ObjectPermissionCheckAction` instead.

BusinessApiParameter

MPO Version: 1.3.0

Defines a customizable input parameter for a Business API. Parameters are extracted from the incoming request, transformed and validated, and then written directly to the API context under this.<name>. These parameters may originate from any request part (e.g., body, query, session), and can be combined with Redis-based or auto-generated parameters.

interface BusinessApiParameter = {
  name : String;
  type : DataTypes;
  required : Boolean;
  defaultValue : AnyComplex;
  httpLocation : RequestLocations;
  dataPath : String;
  transform : MScript;
  hidden : Boolean;
  description : Text;
}

Field	Description
name	The name of the parameter in the API context. The value will be available at `this.<name>` during Business API execution. This does not need to match the incoming request key.
type	The expected data type of the parameter, selected from the standard `DataTypes` enum (e.g., String, Number, Boolean). Used for validation and casting.
required	Indicates whether the parameter must be present in the incoming request. If true and the parameter is missing, the API will return a validation error.
defaultValue	Optional fallback value to use when the parameter is not present. If provided, it allows the parameter to be optional without causing validation errors.
httpLocation	The section of the HTTP request to extract the parameter from (e.g., `body`, `query`, `session`). Chosen from the `RequestLocations` enum.
dataPath	A dot-path expression to locate the parameter value in its specified source (e.g., `user.email`, `input.cart.total`).
transform	An optional MScript expression to post-process the raw input before validation. This is useful for trimming, normalizing, or coercing types.
hidden	Make a parameter hidden to hide it in Api-Face, Swagger, Mcp or other API automation tools. This is usefull when you want to define a higly technical parameeter which will be used by frontend or other integration developers for specific reasons in rare cases.
description	Human-readable explanation of the parameter’s purpose. For auto-generated parameters, this inherits the description from the linked data object property. For manually defined parameters, the developer should provide one.

RedisApiParameter

MPO Version: 1.3.0

Defines a parameter whose value is fetched from Redis before Business API execution begins. The result is written directly to the context as this.<name>, making it accessible like any other parameter. This is useful for injecting server-side or cached state without requiring the client to send it explicitly.

interface RedisApiParameter = {
  name : String;
  type : DataTypes;
  required : Boolean;
  defaultValue : AnyComplex;
  redisKey : String;
}

Field	Description
name	The name under which the Redis value will be stored in the context. For example, setting this to `tenantConfig` makes it accessible as `this.tenantConfig`.
type	The expected data type for the Redis value (e.g., String, Boolean, Object). Used for validation and type enforcement.
required	If true, the API will throw an error if the Redis key is missing or the value is null. If false, the value is optional and `defaultValue` may apply.
defaultValue	Optional fallback value if the Redis lookup fails. Use this to allow Redis parameters to be optional in logic flow.
redisKey	An MScript expression that evaluates to the Redis key from which to read the value. This can include dynamic tokens like `this.session.userId`.

ApiRestSettings

MPO Version: 1.3.0

Defines the REST controller configuration for a Business API. REST is the default HTTP interface in Mindbricks. These settings allow enabling/disabling REST access and customizing the endpoint path.

interface ApiRestSettings = {
  hasRestController : Boolean;
  configuration : ApiRestSettingsConfig;
}

Field	Description
hasRestController	Controls whether the Business API is exposed as a REST endpoint. Set to false to disable HTTP access.
configuration	Optional configuration object for customizing the REST path. Leave null to use the default path.

ApiRestSettingsConfig

MPO Version: 1.3.0

Customizes the REST endpoint path for a Business API. If omitted or set to $default, Mindbricks auto-generates the path based on the API name and crudType.

interface ApiRestSettingsConfig = {
  routePath : String;
  forcePOSTMethod : Boolean;
}

Field	Description
routePath	Custom REST path override. Leave as `$default` to auto-generate from the API name (e.g., `POST /users`, `GET /users/:id`).
forcePOSTMethod	The http method will ve set according to the crud type, use this setting if you want to force the HttpMethod to POST. Not recommended if you dont have a specific reason.

ApiGrpcSettings

MPO Version: 1.3.0

Enables gRPC interface for the Business API. Useful for high-performance service-to-service communication.

interface ApiGrpcSettings = {
  hasGrpcController : Boolean;
  configuration : ApiGrpcSettingsConfig;
}

Field	Description
hasGrpcController	Controls whether this API exposes a gRPC method.
configuration	Optional configuration object for gRPC settings. Leave null if gRPC is disabled.

ApiGrpcSettingsConfig

MPO Version: 1.3.0

Configuration for gRPC method behavior and response format.

interface ApiGrpcSettingsConfig = {
  responseFormat : GrpcApiResponseFormat;
  responseType : GrpcApiResponseType;
}

Field	Description
responseFormat	Defines whether the gRPC response returns a single data item or full JSON response.
responseType	Specifies whether the gRPC method returns a single result or a stream of results.

GrpcApiResponseFormat

Controls the structure of the gRPC response.

const GrpcApiResponseFormat = {
  dataItem: "dataItem",
  fullResponse: "fullResponse",
};

Enum	Description
dataItem	Returns only the core data item.
fullResponse	Returns the full JSON API response with metadata and pagination.

GrpcApiResponseType

Controls whether the gRPC method returns a single message or a stream.

const GrpcApiResponseType = {
  single: "single",
  stream: "stream",
};

Enum	Description
single	Returns one response message.
stream	Returns multiple streamed messages (for list-type APIs).

ApiKafkaSettings

MPO Version: 1.3.0

Configures Kafka as a trigger mechanism for the Business API. This supports both asynchronous processing and integration-based event handling (e.g., storage triggers, audit flows).

interface ApiKafkaSettings = {
  hasKafkaController : Boolean;
  configuration : ApiKafkaSettingsConfig;
}

Field	Description
hasKafkaController	Enables the Kafka controller for this API. When true, the API can be triggered by Kafka messages.
configuration	Kafka configuration details. Leave null if the controller is disabled.

ApiKafkaSettingsConfig

MPO Version: 1.3.0

Configuration object for Kafka topic bindings for triggering the Business API.

interface ApiKafkaSettingsConfig = {
  requestTopicName : String;
  responseTopicName : String;
}

Field	Description
requestTopicName	Name of the Kafka topic to listen to. Can be custom or auto-generated from the API name.
responseTopicName	Topic name to which the API response will be published. Optional.

ApiSseSettings

MPO Version: 1.3.0

Enables Server-Sent Events (SSE) streaming for a Business API, allowing the API to stream its response as chunks or emit progress events over an SSE connection. The REST endpoint continues to serve single request-response. The SSE endpoint is a companion for responses that are too large or too slow for a single HTTP response.

interface ApiSseSettings = {
  hasSseController : Boolean;
  configuration : ApiSseSettingsConfig;
}

Field	Description
hasSseController	Enables the SSE controller for this API. When enabled, an additional /stream endpoint is generated alongside the REST endpoint.
configuration	SSE configuration including response mode, timeout and chunk settings. Leave null if disabled.

ApiSseSettingsConfig

MPO Version: 1.3.0

SSE connection configuration, including response mode, timeout, chunk size, optional custom stream source, and optional Kafka progress listeners for remote process tracking.

interface ApiSseSettingsConfig = {
  responseMode : SseResponseMode;
  timeout : Integer;
  chunkSize : Integer;
  streamSource : StreamSourceConfig;
  kafkaProgressListeners : KafkaProgressListener[];
}

Field	Description
responseMode	Defines how the SSE endpoint delivers data. 'stream' sends data in chunks (for large datasets, file exports, LLM token streaming). 'events' sends progress updates followed by a final result (for long-running operations).
timeout	Maximum duration in milliseconds for an SSE connection before the server closes it. Defaults to 300000 (5 minutes).
chunkSize	Number of rows per chunk when streaming list results. Defaults to 100.
streamSource	Optional custom stream source configuration. When null, list APIs automatically use cursor-based chunked streaming. Only set this for non-list APIs or when data comes from an external source (lib function, iterator action, SSE/WS relay).
kafkaProgressListeners	Optional array of Kafka topic listeners for receiving progress updates from remote processes. After the pipeline completes, the SSE connection stays open and listens to configured Kafka topics, relaying filtered messages as SSE events. Works with both 'stream' and 'events' response modes.

SseResponseMode

Defines how the SSE endpoint delivers data to the client.

const SseResponseMode = {
  stream: "stream",
  events: "events",
};

Enum	Description
stream	Sends data in sequential chunks. Use for large datasets, file exports, or LLM token streaming where each chunk is a piece of the final result.
events	Sends progress events followed by a final result. Use for long-running operations where the client needs status updates during processing.

StreamSourceConfig

MPO Version: 1.3.0

Declares the source of chunked data for SSE streaming when the default list-based streaming is not applicable. Only needed for non-list APIs or when data comes from an external source (lib function, iterator action, SSE/WS relay).

interface StreamSourceConfig = {
  sourceType : StreamSourceType;
  libFunctionName : String;
  iteratorAction : String;
  relayUrl : MScript;
  relayAuth : MScript;
}

Field	Description
sourceType	The type of stream source: libFunction (async generator), iteratorAction (declared pattern), sseRelay (external SSE), wsRelay (external WebSocket).
libFunctionName	Name of the registered async generator lib function to use as the stream source. Required when sourceType is 'libFunction'.
iteratorAction	Name of the declared iterator action pattern to use as the stream source. Required when sourceType is 'iteratorAction'.
relayUrl	MScript expression that evaluates to the URL of the external SSE or WebSocket endpoint to relay. Required when sourceType is 'sseRelay' or 'wsRelay'.
relayAuth	MScript expression that evaluates to the authorization header value for the relay connection. Optional.

StreamSourceType

Defines the type of custom stream source for SSE streaming. Only needed when the default list-based streaming is not sufficient.

const StreamSourceType = {
  libFunction: "libFunction",
  iteratorAction: "iteratorAction",
  sseRelay: "sseRelay",
  wsRelay: "wsRelay",
};

Enum	Description
libFunction	Uses a registered async generator lib function as the stream source.
iteratorAction	Uses a declared iterator action pattern (e.g., OpenAI, Anthropic) as the stream source.
sseRelay	Connects to an external SSE endpoint and relays its events as chunks.
wsRelay	Connects to an external WebSocket endpoint and relays its messages as chunks.

KafkaProgressListener

MPO Version: 1.3.0

Configures a Kafka topic subscription for receiving progress updates from remote processes during an SSE connection. Messages are filtered by a correlation ID and relayed as SSE events to the client.

interface KafkaProgressListener = {
  topic : String;
  correlationField : MScript;
  kafkaFilterField : String;
  eventName : String;
  payloadMapping : MScript;
  completeWhen : MScript;
}

Field	Description
topic	The Kafka topic to subscribe to for receiving progress messages.
correlationField	MScript expression evaluated against the pipeline context to extract the correlation ID (e.g., 'dbResult.jobId').
kafkaFilterField	The field name in the incoming Kafka message payload to match against the correlation ID.
eventName	The SSE event name to emit to the client when a matching Kafka message is received.
payloadMapping	Optional MScript expression to extract or transform data from the Kafka message payload. If null, the entire message payload is forwarded.
completeWhen	Optional MScript expression evaluated against the Kafka message (as msg). When it evaluates to true, the Kafka listener stops and the SSE connection closes.

ApiCronSettings

MPO Version: 1.3.0

Schedules the Business API for periodic execution using a cron expression. Ideal for background jobs or recurring tasks.

interface ApiCronSettings = {
  hasCronController : Boolean;
  configuration : ApiCronSettingsConfig;
}

Field	Description
hasCronController	Enables or disables the cron controller. If true, the API will run at the interval defined in the configuration.
configuration	Optional configuration object for customizing the cron scheduling.

ApiCronSettingsConfig

MPO Version: 1.3.0

Cron configuration for scheduling Business API execution.

interface ApiCronSettingsConfig = {
  cronExpression : String;
}

Field	Description
cronExpression	Cron expression defining the schedule (e.g., '0 * * * *' for hourly execution).

SelectClauseSettings

MPO Version: 1.3.0

Defines which fields are included in the response of a Business API. Use this to limit returned properties for performance or visibility. This only affects the output of get and list APIs.

interface SelectClauseSettings = {
  selectProperties : PropRefer[];
  selectJoins : SelectJoin[];
}

Field	Description
selectProperties	An array of property names to return in the response. Leave empty to return all fields.
selectJoins	An array of join definition to a related object with the properties to be selected from the join. The result is encapsulated in the result with the `joinName` of the SelectJoin.

SelectJoin

MPO Version: 1.3.0

Select join is a definition object for a join from the main object to another related data object to select additional properties from it.

interface SelectJoin = {
  joinName : String;
  condition : MScript;
  joinedDataObject : DataObjectName;
  selector : String;
  properties : PropRefer[];
  sortBy : SortByItem[];
  topPick : Integer;
}

Field	Description
joinName	A human readable single code safe word to name the SelectJoin definition. This name is also used as the property name of the joined object or object list in the main data object.
condition	An MScript expression evaluates to Boolean and specifies whether this join should be made or not in code level, e.g (this.includeProductData). Note that this condition can not reference to the main object or main object list, for complex joins use a BFF View.
joinedDataObject	The name of the data object to be joined. Note that this object should be defined as a related object in the relation settings of one of the main object properties. Or the joined object should have got a relation defined in one of its properties. If the relation is to the main object form another object, the join result will be an array for an object list. The relation may be either in the same service or in a remote service. Mindbricks will arrange the code to make the join either through db or the elastic search index.
selector	The selector defines how the main (operating) object is related to the joined object when more than one relation exists. It uses the syntax mainObjectKey->joinedObjectKey. The left side (mainObjectKey) MUST be a property of the main object being operated on. The right side (joinedObjectKey) MUST be a property of the joined (target) object. Example: main object = user, joined object = project → id->ownerId (user projects). Example: main object = project, joined object = user → ownerId->id (project owner). If selector is null or empty, the first detected relation is used. Optional shorthand forms are supported: '->' or empty selects the first relation, '->someKey' selects the first relation matching the joined object's property, 'someKey->' selects the first relation originating from the given main object property. For clarity and to avoid ambiguity, the full mainObjectKey->joinedObjectKey syntax is strongly recommended.
properties	An array of property names to return in the join response. Leave empty to return all fields.
sortBy	A sort definition to sort if result fetched by join is an array in case the tarrget has a parental relation with the main object. Leave it null for one to one joins where only one or no object will be fetched.
topPick	A number to limit the number of objects in array result fecthed in case the tarrget has a parental relation with the main object. Leave it null for one to one joins where only one or no object will be fetched. If top pick is 1, the result will be a single object even though teh fetch is an array. Example usage, to get the older member of a club in a getClub api, the member join will be sorted by -age desc- and topPick will be 1.

SortByItem

MPO Version: 1.3.0

Sort clause configuration for list operations.

interface SortByItem = {
  property : PropRefer;
  order : SortOrder;
  name : String;
}

Field	Description
property	A property reference to define the field that the sort will be done by.
order	The sort order, it should be either asc or desc
name	A human readable code safe name to define the sort item

SortOrder

Defines sorting direction — ascending (asc) or descending (desc).

const SortOrder = {
  asc: "asc",
  desc: "desc",
};

Enum	Description
asc	Ascending order (default).
desc	Descending order.

DataClauseSettings

MPO Version: 1.3.0

Defines additional data values to be used in create or update operations. This clause augments the auto-generated data object by injecting or overriding values from context.

interface DataClauseSettings = {
  customData : DataMapItem[];
}

Field	Description
customData	An array of key-value assignments (MScript) to apply during create or update. These values override the corresponding properties of the main data object if defined.

WhereClauseSettings

MPO Version: 1.3.0

Defines how records are filtered in a Business API. This includes:- selectBy: strict selection logic based on required field equality - fullWhereClause: an optional override for complex, flexible query logic - additionalClauses: optional conditional query fragments that are always appended to the WHERE clause, whether it is derived from selectBy or fullWhereClause. Use selectBy when your selection logic is static and business-critical (e.g., ['id']). Use fullWhereClause when the WHERE clause needs to be built dynamically using MScript. additionalClauses allow context-aware filtering such as role-based visibility or soft-delete exclusion.

interface WhereClauseSettings = {
  selectBy : PropRefer[];
  fullWhereClause : MScript;
  additionalClauses : ExtendedClause[];
}

Field	Description
selectBy	A list of fields that must be matched exactly as part of the WHERE clause. This is not a filter — it is a required selection rule. In single-record APIs (`get`, `update`, `delete`), it defines how a unique record is located. In `list` APIs, it scopes the results to only entries matching the given values.
fullWhereClause	An MScript query expression that overrides all default WHERE clause logic. Use this for fully customized queries.
additionalClauses	A list of conditionally applied MScript query fragments. These clauses are appended only if their conditions evaluate to true.

ExtendedClause

MPO Version: 1.3.0

Defines an optional filtering clause that is dynamically included in the query when certain conditions are met. Enables route-level filtering to adapt to session, context, or other logic at runtime.

interface ExtendedClause = {
  name : String;
  doWhen : MScript;
  excludeWhen : MScript;
  whereClause : MScript;
}

Field	Description
name	A descriptive label used for internal documentation or UI purposes. Does not impact runtime behavior.
doWhen	An MScript expression that determines whether the whereClause should be added to the query. If true, the clause will be applied.
excludeWhen	An MScript expression that, when false, triggers the inclusion of the whereClause. Acts as an inverse condition to doWhen.
whereClause	The conditional query fragment to include, written as an MScript Query. This clause is merged into the final query if doWhen is true or excludeWhen is false. If both are omitted, the clause is always applied.

DeleteOptions

MPO Version: 1.3.0

Defines behavior for delete-type Business APIs, including soft deletion logic.

interface DeleteOptions = {
  useSoftDelete : Boolean;
}

Field	Description
useSoftDelete	If true, the record will be marked as deleted instead of removed. The implementation depends on the data object’s soft delete configuration.

GetOptions

MPO Version: 1.3.0

Options specific to get-type Business APIs for customizing how a single record is fetched.

interface GetOptions = {
  setAsRead : DataMapItem[];
}

Field	Description
setAsRead	An optional array of field-value mappings that will be updated after the read operation. Useful for marking items as read or viewed.

ListOptions

MPO Version: 1.3.0

Behavioral options for Business APIs of type list. These control sorting, grouping, filtering, and caching logic.

interface ListOptions = {
  listSortBy : SortByItem[];
  listGroupBy : PropRefer[];
  topPick : Integer;
  queryCache : Boolean;
  setAsRead : DataMapItem[];
  permissionFilters : ListPermissionFilter[];
  membershipFilters : ListMembershipFilter[];
  searchFilter : ListSearchFilter;
  jointFilters : ListJointFilterSettings;
  queryFiltersActive : Boolean;
}

Field	Description
listSortBy	Sort order definitions for the result set. Multiple fields can be provided with direction (asc/desc).
listGroupBy	Grouping definitions for the result set. This is typically used for visual or report-based grouping.
topPick	Optional maximum number of sorted records to consider for this list API. If null or 0, no cap is applied. Works with pagination by limiting the full ranked set first, then paging within that capped set.
queryCache	If true, caching is enabled for this query.
setAsRead	Optionally mark records as read after listing, based on provided field mappings.
permissionFilters	Optional filter array that applies permission constraints to the query dynamically based on session or object roles. If given more than one permission filter, all will be applied with @and operator.
membershipFilters	An array for membership settings to filter to the WHERE clause of the list. If given more than one membership, one of all will be enough to select the object.
searchFilter	A ListSearchFilter object that collects an id list from ElasticSearch main object index search and appends to the where clause so that db select is done according to the search results of ElasticSearch
jointFilters	A setting for one or more ListJointFilter to filter the list result with a criteria in a joined data object, more than one filters will be combined by (AND) or (OR) according to the operator parameter
queryFiltersActive	When set to true, Mindbricks automatically add filter parameters (the properties that have filter settings enabled) to the request query, and add whereClause items if any query filter is given. If any property is set as selectBy or in custom parameters, it will be omitted in filter parameetrs. Leave this value as true unless you have reason to deactivate query filtering in the list api

ListPermissionFilter

MPO Version: 1.3.0

Permission-based filter that operate on list queries before execution. This is used for object based permissions assigned to a specific role or user

interface ListPermissionFilter = {
  name : String;
  condition : MScript;
  permission : String;
}

Field	Description
name	A human readable and source-code safe to define the permission filter.
condition	An optional MScript expression that skips the permission check entirely if it evaluates to false. Useful for exempting trusted users such as object owners or platform admins.
permission	The name of the permission that the filter wil be built for

ListMembershipFilter

MPO Version: 1.3.0

A settings object to add a membership filter to the WHERE clause of the list. If given more than any one membership of all will be enough to select the object.

interface ListMembershipFilter = {
  name : String;
  dataObjectName : DataObjectName;
  objectKeyIdField : PropRefer;
  userKey : MScript;
  checkFor : MScript;
  condition : MScript;
}

Field	Description
name	A human readable and source-code safe to define the membership filter.
dataObjectName	The name of the data object whose membership configuration should be used to validate access. If omitted, the Business API’s main data object is assumed. Use this field when you need to check access against a related or parent object (e.g., checking `Organization` membership when updating a `Project`).
objectKeyIdField	An property reference that returns the ID of the object from the expected list item whose membership should be checked. Typically it will the id of the list item, but you may want to apply filter through another field of the list item like projectId of a task.
userKey	An MScript expression that returns the user ID to check against the target object’s membership configuration. Typically `this.session.userId`, but may also reference delegated users or owners.
checkFor	An optional MScript expression to validate specific aspects of the membership (such as role or permissions). If omitted, any valid membership grants access.
condition	An optional MScript expression that skips the membership check entirely if it evaluates to false. Useful for exempting trusted users such as object owners or platform admins.

ListSearchFilter

MPO Version: 1.3.0

Searches one or more records from the main data object and uses the id array in the where clause of the list. The search is made in elastic search index and the result id array is appended to the where clause of the main query.

interface ListSearchFilter = {
  hasSearchFilter : Boolean;
  condition : MScript;
  keyword : MScript;
  searchProperties : PropRefer[];
}

Field	Description
hasSearchFilter	A Boolean value to define if a search filter definition is active in the api or not
condition	An optional MScript which evaluates to a boolean that defines id the search filter will be used or not
keyword	An MScript expression whose result will be used as the key to match against the target object's searched properties. For example, `this.keyword`.
searchProperties	The properties of the target object used for matching.

ListJointFilterSettings

MPO Version: 1.3.0

The settings definition for a list api to define any joint filter and combine them with an AND or OR operator

interface ListJointFilterSettings = {
  operator : FilterOperator;
  filters : ListJointFilter[];
}

Field	Description
operator	The combination operator of multi joint filters, will be used if there are more than one joint filter, default value is `AND`
filters	The ListJointFilter array to define one or more joint filter to a related object

FilterOperator

Filter combination is used to define how any multiple id arrayy based list filters will be combined

const FilterOperator = {
  AND: "AND",
  OR: "OR",
};

Enum	Description
AND	Combine the multiple filters by AND operator
OR	Combine the multiple filters by OR operator

ListJointFilter

MPO Version: 1.3.0

ListJointFilter definition object for a joint filter from the main object to another related data object to filter the main list result. This is like lefy join in the where clause. If you want to filter your list result with a criteria which is evaluated in a related object other than main object, you can use joint filter.

interface ListJointFilter = {
  name : String;
  condition : MScript;
  joinedDataObject : DataObjectName;
  selector : String;
  whereClause : MScript;
}

Field	Description
name	A human readble single code safe word to name the JointFilter deifnition.
condition	An MScript expression evaluates to Boolean and specifies wheather this filtering should be made or not in code level. Note that this condition can not reference to the main object list, for complex joint filters use a BFF View.
joinedDataObject	The name of the data object to be joined. Note that this object should be defined a s a related object in the relation settings of one of the main object properties. Or the joined object should have got a relation defined in one of its properties. The relation may be either in the same service or in a remote service. Mindbricks will arrange the code to make the join either through db or the elastic search index.
selector	The selector defines how the main (operating) object is related to the joined object when more than one relation exists. It uses the syntax mainObjectKey->joinedObjectKey. The left side (mainObjectKey) MUST be a property of the main object being operated on. The right side (joinedObjectKey) MUST be a property of the joined (target) object. Example: main object = user, joined object = project → id->ownerId (user projects). Example: main object = project, joined object = user → ownerId->id (project owner). If selector is null or empty, the first detected relation is used. Optional shorthand forms are supported: '->' or empty selects the first relation, '->someKey' selects the first relation matching the joined object's property, 'someKey->' selects the first relation originating from the given main object property. For clarity and to avoid ambiguity, the full mainObjectKey->joinedObjectKey syntax is strongly recommended.
whereClause	An Mscript query to select the object id array from th target object. Note that the result object id list will be used in the main where clause.

PaginationOptions

MPO Version: 1.3.0

Defines how pagination is handled in list-type Business APIs.

interface PaginationOptions = {
  paginationEnabled : Boolean;
  defaultPageRowCount : Integer;
}

Field	Description
paginationEnabled	If false, pagination is disabled and the full result set is returned. Use with caution on large datasets.
defaultPageRowCount	Default number of rows returned per page if pagination is enabled.

BusinessApiActionStore

MPO Version: 1.3.0

Represents the centralized registry of all executable logic units (actions) that can be used inside a Business API's workflow. Each action is categorized by purpose and referenced by name within the workflow stages. This store enables declarative composition of API behavior, including data manipulation, inter-service communication, access control, AI operations, and more.

interface BusinessApiActionStore = {
  fetchObjectActions : FetchObjectAction[];
  fetchStatsActions : FetchStatsAction[];
  fetchParentActions : FetchParentAction[];
  searchObjectActions : SearchObjectAction[];
  fetchFromElasticActions : FetchFromElasticAction[];
  collateListsActions : CollateListsAction[];
  functionCallActions : FunctionCallAction[];
  arrowFunctionActions : ArrowFunctionAction[];
  listMapActions : ListMapAction[];
  interserviceCallActions : InterserviceCallAction[];
  createCrudActions : CreateCrudAction[];
  createBulkCrudActions : CreateBulkCrudAction[];
  deleteCrudActions : DeleteCrudAction[];
  updateCrudActions : UpdateCrudAction[];
  apiCallActions : ApiCallAction[];
  aiCallActions : AiCallAction[];
  membershipCheckActions : MembershipCheckAction[];
  permissionCheckActions : PermissionCheckAction[];
  objectPermissionActions : ObjectPermissionCheckAction[];
  readJwtTokenActions : ReadJwtTokenAction[];
  validationActions : ValidationAction[];
  addToContextActions : AddToContextAction[];
  addToResponseActions : AddToResponseAction[];
  removeFromResponseActions : RemoveFromResponseAction[];
  renderDataActions : RenderDataAction[];
  dataToFileActions : DataToFileAction[];
  redirectActions : RedirectAction[];
  createJWTTokenActions : CreateJWTTokenAction[];
  createObjectActions : CreateObjectAction[];
  createBucketTokenActions : CreateBucketTokenAction[];
  publishEventActions : PublishEventAction[];
  readFromRedisActions : ReadFromRedisAction[];
  writeToRedisActions : WriteToRedisAction[];
  sendMailActions : SendMailAction[];
  sendSmsActions : SendSmsAction[];
  sendPushNotificationActions : SendPushNotificationAction[];
  refineByAiActions : RefineByAiAction[];
  paymentActions : PaymentAction[];
  verifyWebhookActions : VerifyWebhookAction[];
  integrationActions : IntegrationAction[];
  loopActions : LoopAction[];
  parallelActions : ParallelAction[];
  cartValidationActions : CartValidationAction[];
  cartCheckoutActions : CartCheckoutAction[];
  couponValidationActions : CouponValidationAction[];
  emitSseEventActions : EmitSseEventAction[];
  iteratorActions : IteratorAction[];
}

Field	Description
fetchObjectActions	Actions that fetch a related or foreign object instance from another data object, based on a matching key or query.
fetchStatsActions	Actions that perform aggregate computations (count, sum, min, max) across a data object, often for contextual summaries or conditional logic.
fetchParentActions	Actions that retrieve parent object data of the current context, typically for display enrichment or validation.
searchObjectActions	Actions that searches the main object or a related object in elastic search index with a keyword and returns an id array
fetchFromElasticActions	Actions that make a fetch from elastic using a raw elastic query, the result is returned as a normalized `{ items: [], aggregations: {} }` object.
collateListsActions	Actions that collate objects of a source array to a target array's objects using key matching like collating an address list with a user list.
functionCallActions	Actions that invoke a custom or reusable library function written in MScript. Useful for transformation, derived value computation, or conditional logic.
arrowFunctionActions	Actions that defines an arrow function to be called with its context name in other MScripted areas.
listMapActions	Actions that defines a list map, to create a new list out of a current list by mapping its items. Renders a js array map function.
interserviceCallActions	Actions that perform a call to another Business API defined in a different microservice. These enable inter-service orchestration.
createCrudActions	Actions that create related records in other data objects during or after the main operation. Often used in transactional aggregations.
createBulkCrudActions	Actions that create multiple related child or linked objects in bulk. Useful when creating multiple child records at once, such as bulk creating child tasks, audit logs, or attachments. The objects parameter is an MScript expression that evaluates to an array of objects to be created.
deleteCrudActions	Actions that delete related child or linked objects. Useful in cleanup workflows or cascade logic.
updateCrudActions	Actions that update properties of related objects using a conditional query. Used for post-processing or child updates.
apiCallActions	Actions that make external or internal HTTP API requests. Often used to integrate with third-party systems or auxiliary internal services.
aiCallActions	Actions that call an LLM (e.g., OpenAI or Anthropic) with structured prompts and fetch textual or JSON responses. Used for generation, enrichment, or inference.
membershipCheckActions	Actions that validate whether a user is a member of a related object (e.g., organization, team) using configured membership rules.
permissionCheckActions	Actions that verify whether the current user has a global (non-object-scoped) permission before continuing workflow logic.
objectPermissionActions	Actions that check object-scoped permissions, validating whether a user has specific rights on an instance loaded into the context.
readJwtTokenActions	Actions that read a JWT encoded token from a reference and write its back to context as a validatedd and decoded payloa dobject.
validationActions	Custom validation logic actions that run MScript boolean checks and optionally block further execution based on result.
addToContextActions	Actions that write computed or fixed values to the runtime context (`this`) for later use in logic, conditions, or response shaping.
addToResponseActions	Actions that explicitly add computed values or context properties to the final API response payload.
removeFromResponseActions	Actions that remove properties from the API response before it is sent to the client. Used for cleanup or filtering.
renderDataActions	Actions that apply a template (e.g., EJS/Markdown) to context data to generate rendered output.
dataToFileActions	Actions that serialize a context object into a downloadable file format (e.g., CSV, PDF, JSON).
redirectActions	Actions that redirect the API response to another URL or internal API path. Typically used in post-auth flows or chained APIs.
createJWTTokenActions	Actions that create JWT tokens with a payload and store them in context or response.
createObjectActions	Actions that create javascript objects in the context.
createBucketTokenActions	Actions that create JWT bucket tokens to be used for accessing to Mindbricks bucket service deployed with your project microservices.
publishEventActions	Actions that emit custom domain events to a message bus or pub/sub system. Used for decoupled workflows, domain events, or business-specific notifications. Note: When `raiseApiEvent` under `ApiOptions` is true, a standard API-level event is automatically emitted, so this should only contain additional custom events beyond the default API event.
readFromRedisActions	Actions that read a Redis key directly and store its value into the context. This enables other actions—limited to context scope—to access Redis-sourced values.
writeToRedisActions	Actions that write a value to Redis under a computed key, either for session continuity or caching.
sendMailActions	Actions that send an email using a configured provider, with dynamic subject/body/to fields.
sendSmsActions	Actions that send an SMS message to a target phone number with a given body and sender info.
sendPushNotificationActions	Actions that send push notifications to mobile or web clients with title and content.
refineByAiActions	Actions that refine or transform a plain text value using an AI model. Common use cases include phrasing suggestions, tone adjustment, or summarization.
paymentActions	Actions to start, to complete or to refresh a payment operation using the native integrated payment systems. Currently `Stripe` is supported. For other payment gateways use integration actions.
verifyWebhookActions	Actions to verify a webhook call of a provider using the webhook secret signature key. Currently `Stripe` is supported.
integrationActions	Actions that call native API provider integrations (e.g., AWS S3, Airtable, Salesforce). These integrations are pre-coded inside Mindbricks and abstract provider-specific logic.
loopActions	Actions that repeat a sequence of workflow steps for each item in a list (defined by an MScript expression).
parallelActions	Actions that execute multiple child actions in parallel without waiting for each to finish sequentially. Ideal for non-dependent logic flows.
cartValidationActions	Actions that validate a shopping cart before checkout. Checks for item existence, stock availability, price validity, and minimum order requirements.
cartCheckoutActions	Actions that process shopping cart checkout. Handles inventory reservation, promotion recording, order creation, and cart clearing.
couponValidationActions	Actions that validate coupon codes. Checks eligibility, usage limits, expiration, and calculates discount amounts.
emitSseEventActions	Actions that emit custom SSE events to the client during the workflow. No-op when called via REST.
iteratorActions	Generic streaming actions whose methods return async iterables. Used for custom streaming logic that isn't covered by AiCallAction. Can be referenced in streamSource.iteratorAction or used inline in the workflow.

FetchObjectAction

MPO Version: 1.3.0

Fetches one or more records from a foreign or related data object and stores the result in the context or response. Supports key-based lookup or complex query filtering. Commonly used to enrich the current object with external data before proceeding with workflow logic. It can return null or raise a 404 error when no objects found according to isRequired property.

interface FetchObjectAction extends BusinessApiAction = {
  targetObject : DataObjectName;
  matchValue : MScript;
  localKey : PropRefer;
  whereClause : MScript;
  properties : PropRefer[];
  isArray : Boolean;
  isRequired : Boolean;
}

Field	Description
targetObject	Specifies the name of the foreign data object to fetch data from. Can reference a data object in the same service or any service within the Mindbricks system.
matchValue	An MScript expression whose result will be used as the key to match against the target object's property. For example, `this.customerId`.
localKey	The property of the target object used for matching. Defaults to `id`, but can be any unique/indexed field like `email` or `slug`.
whereClause	Optional MScript query to define an advanced condition for the fetch. If provided, it overrides `matchValue` and `localKey`.
properties	An array of field names to include in the result. Leave empty to fetch all fields. Dot notation is allowed for nested fields (e.g., `profile.name`).
isArray	If true, the action will return a list of objects. If false, a single object is expected. This affects both response shape and loop behavior.
isRequired	Set to true if you want to use this fetch also for an existince validation. If isRequired is true, a null or empty result will create a 404 error, however this error either can be thrown or logged according to the onError property of the main action configuration.

FetchStatsAction

MPO Version: 1.3.0

An action used to compute inline aggregate statistics (e.g., count, min, max, sum) from a data object. Ideal for Business APIs that need quick numerical insights tied to context. Use for simple stat enrichment for single or multiple bindings; for complex use cases, consider dedicated stat APIs or BFF services. Note that this action collects the stat values from elastc search using aggregations features.

interface FetchStatsAction extends BusinessApiAction = {
  targetObject : DataObjectName;
  matchValue : MScript;
  localKey : PropRefer;
  whereClause : MScript;
  stats : String[];
  bucketBy : PropRefer;
}

Field	Description
targetObject	The name of the data object from which statistical metrics will be aggregated. Can be a local or foreign object.
matchValue	MScript expression for the value to match on the target object. Typically references a foreign key like `this.projectId`.
localKey	The property of the target object to be matched against. Defaults to `id`, but can be set to any indexed field.
whereClause	Optional MScript query that replaces match logic. Use this for compound stat filters or joins.
stats	An array of stat operations like `count`, `sum(price)`, `min(quantity)`, or `max(score)`. Each must be a valid SQL-style aggregate expression.
bucketBy	Optional property reference to group the scoped items and calculate the stat(s) in buckets as an array. Keep null to have a total single reseult. The array result can be collated with main or any other data list in fyrther actions.

FetchParentAction

MPO Version: 1.3.0

Fetches selected properties from a parent object related to the current object in context. Typically used to enrich the response or inform access and validation logic with values inherited from a higher-level entity (e.g., organization, project). The parentObject can be a local data object (same service) or a remote data object (different service). For remote parent objects, the action automatically fetches from Elasticsearch, enabling seamless inter-service parent data retrieval. Important: A relation to the parent object must be defined in the current dbObject's properties for this action to work.

interface FetchParentAction extends BusinessApiAction = {
  parentObject : DataObjectName;
  properties : PropRefer[];
}

Field	Description
parentObject	Specifies the parent data object to fetch from. This can be a local data object (belonging to the same service) or a remote data object (belonging to another service). For local parent objects, the action calls the service's dbLayer utility function directly. For remote parent objects, the action automatically fetches from Elasticsearch, which contains data from remote services via CQRS joins. This is used when a child object in context needs data inherited or referenced from its parent. Requirement: A relation property must be defined in the current dbObject's properties that establishes the child-to-parent relationship. The action uses this relation to determine the foreign key and local key for querying the parent object.
properties	List of property names to fetch from the parent object. Leave empty to retrieve all fields. Uses dot notation for nested fields when needed.

Field

Description

parentObject

Specifies the parent data object to fetch from. This can be a local data object (belonging to the same service) or a remote data object (belonging to another service). For local parent objects, the action calls the service's dbLayer utility function directly. For remote parent objects, the action automatically fetches from Elasticsearch, which contains data from remote services via CQRS joins. This is used when a child object in context needs data inherited or referenced from its parent. Requirement: A relation property must be defined in the current dbObject's properties that establishes the child-to-parent relationship. The action uses this relation to determine the foreign key and local key for querying the parent object.

properties

List of property names to fetch from the parent object. Leave empty to retrieve all fields. Uses dot notation for nested fields when needed.

SearchObjectAction

MPO Version: 1.3.0

Searches one or more records from the main data object or a foreign or related data object and stores the result in the context as an id array. The search is made in elastic search index and the returned id array can be used in the where clause of the main query.

interface SearchObjectAction extends BusinessApiAction = {
  targetObject : DataObjectName;
  keyword : MScript;
  searchProperties : PropRefer[];
}

Field	Description
targetObject	Specifies the name of the data object to make the search data from. Can reference to the main data object, a different data object in the same service or any service within the Mindbricks system.
keyword	An MScript expression whose result will be used as the key to match against the target object's searched properties. For example, `this.keyword`.
searchProperties	The properties of the target object used for matching.

FetchFromElasticAction

MPO Version: 1.3.0

Fetches data object data from its elastic search index, using a given elastic raw search body, and returning elastic response as half baked, an items array for normalized hits result and an aggreagtions object in elastic search aggregation resul format. Top_hits style aggregations are also normalized as items array.

interface FetchFromElasticAction extends BusinessApiAction = {
  targetObject : DataObjectName;
  body : MScript;
}

Field	Description
targetObject	Specifies the name of the data object to make the fetch data from. Can reference to the main data object, a different data object in the same service or any service within the Mindbricks system.
body	An MScript expression which is evaluated a js object representing the elastic search api body. Note that this object uses elastics own operators and own query format not the abstract MScript query format.

CollateListsAction

MPO Version: 1.3.0

Use CollateListsAction to collate a list of objects to another list of objects like aggregating an adress list to a user list.

interface CollateListsAction extends BusinessApiAction = {
  sourceList : MScript;
  targetList : MScript;
  sourceKey : String;
  targetKey : String;
  nameInTarget : String;
  targetIsArray : Boolean;
}

Field	Description
sourceList	An Mscript that will be evaluated to the source object array where the source objects will be collected from.
targetList	An MScript that will be evealuted to the target object array that the collected objects will be aggregated to.
sourceKey	The name of the property of the source object to match with the target object. If multiple objects are collected and targetIsArray is afalse, only the first object will be aggregated.
targetKey	The name of the property of the target object to match with the osurce object. If multiple targets are found the source objects will be copied to all matching targets.
nameInTarget	The name of the property that will be created in the target object to store the copied source object or objects.
targetIsArray	Make this option true if you want the target property to be an array that will expect multiple source objects.

FunctionCallAction

MPO Version: 1.3.0

Defines a reusable logic step that calls a library-defined function using MScript syntax. This action allows for custom transformation, enrichment, or computation during the execution of a Business API. It is often used to prepare derived values, calculate totals, or apply shared service logic prior to validation or response shaping.

interface FunctionCallAction extends BusinessApiAction = {
  callScript : MScript;
}

Field	Description
callScript	An MScript expression that defines the function call. The script may reference a predefined library function and pass contextual arguments. Example: `LIB.calculateTotal(this.items)`.

ArrowFunctionAction

MPO Version: 1.3.0

This action defines a reusable function and sets it to the context with the contextPropertyName name.

interface ArrowFunctionAction extends BusinessApiAction = {
  parameterNames : String[];
  functionBody : Text;
}

Field	Description
parameterNames	An array of strings to represent the names of the function parameters
functionBody	A text area to represent the js code of the function body, keep it in js block ({}).

ListMapAction

MPO Version: 1.3.0

This action crerates a new list out of a current list by mapping its items with MScript. The new list is stored to contextPropertyName

interface ListMapAction extends BusinessApiAction = {
  sourceList : MScript;
  itemName : String;
  mapScript : MScript;
}

Field	Description
sourceList	An MScript expression to reference the source array to map from
itemName	A codesafe string which will be used in code to reference the item of the source array. eg. user
mapScript	An MScript to return the new item based on the source item. Reference to the source item using the itemName given. eg. `{ name: user.name, email: user.Email, firstName: user.name.split(' ')[0] }`. If you need a multi-lined script to make precalculations use an arrow function definition called inline. eg: `((user) => { /* your code here */ })(user)`

InterserviceCallAction

MPO Version: 1.3.0

Calls another Business API defined in a different microservice. This enables inter-service coordination within a Mindbricks-powered system. The response can be extracted into the context or added to the API response. This action supports dynamic parameters and flexible response handling.

interface InterserviceCallAction extends BusinessApiAction = {
  targetService : String;
  targetApi : String;
  apiParameters : DataMapItem[];
  responseProperty : String;
  isArray : Boolean;
}

Field	Description
targetService	The logical name of the microservice where the target Business API is defined.
targetApi	The name of the target Business API to call in the foreign service.
apiParameters	A list of key-value MScript expressions passed as input parameters to the target API. These are dynamically evaluated using the current context.
responseProperty	If defined, only the specified property will be extracted from the target API response. Otherwise, the full response object is stored.
isArray	If true, the result is expected to be an array. This influences how the response is processed and stored.

CreateCrudAction

MPO Version: 1.3.0

Defines an embedded creation operation for a related data object—typically a child or associated entity—within a Business API. These actions enable transactional or cascading object creation as part of a larger business operation. Often used when the main API creates or updates a parent object and simultaneously needs to initialize dependent records (e.g., child tasks, audit logs, attachments). The childObject can belong to the same service (local) or to another service (remote). For remote objects, the action automatically routes to the target service's M2M edge function using machine-to-machine authentication, ensuring secure inter-service communication. In multi-tenant scenarios, the tenant codename is automatically propagated to the remote service.

interface CreateCrudAction extends BusinessApiAction = {
  childObject : DataObjectName;
  dataClause : ApiAggregateData[];
}

Field

Description

childObject

Specifies the related data object to be created. This can be a local data object (belonging to the same service) or a remote data object (belonging to another service). For local objects, the action calls the service's dbLayer utility function directly. For remote objects, the action automatically routes to the target service's M2M edge function (m2mCreate{ObjectName}) using secure machine-to-machine authentication. The tenant codename is automatically included in the request headers for multi-tenant scenarios.

dataClause

An array of property-value mappings that define what data to write into the new object. Each entry uses MScript to evaluate a value from the current context. Required fields of the child object must be included explicitly.

ApiAggregateData

MPO Version: 1.3.0

Defines a single property-value pair used to populate a related data object during an aggregated operation. This structure is used in CreateCrudAction and UpdateCrudAction to specify how each property of the child object should be assigned—either statically or dynamically—from the API execution context.

interface ApiAggregateData = {
  dataProperty : PropRefer;
  dataValue : MScript;
}

Field	Description
dataProperty	The name of the target property on the child object that will be set during the operation. This must match a valid property name defined in the child data object schema.
dataValue	The MScript expression or static value used to assign a value to the specified property. This can reference current context (`this`), a parameter (`this.input`), or loop item (`crudItem`) if executed in list mode.

CreateBulkCrudAction

MPO Version: 1.3.0

Defines a bulk creation operation for multiple related data objects—typically child or associated entities—within a Business API. These actions enable transactional bulk object creation as part of a larger business operation. Often used when the main API needs to create multiple child records at once (e.g., bulk creating child tasks, audit logs, or attachments). The objects parameter is an MScript expression that evaluates to an array of objects, where each object contains the property-value mappings for a single record to be created. The childObject can belong to the same service (local) or to another service (remote). For remote objects, the action automatically routes to the target service's M2M edge function using machine-to-machine authentication, ensuring secure inter-service communication. In multi-tenant scenarios, the tenant codename is automatically propagated to the remote service.

interface CreateBulkCrudAction extends BusinessApiAction = {
  childObject : DataObjectName;
  objects : MScript;
}

Field

Description

childObject

Specifies the related data object to be created in bulk. This can be a local data object (belonging to the same service) or a remote data object (belonging to another service). For local objects, the action calls the service's dbLayer bulk create utility function directly. For remote objects, the action automatically routes to the target service's M2M edge function (m2mBulkCreate{ObjectName}) using secure machine-to-machine authentication. The tenant codename is automatically included in the request headers for multi-tenant scenarios.

objects

An MScript expression that evaluates to an array of objects. Each object in the array represents a single record to be created, with property-value mappings that define what data to write into the new object. Each property value can use MScript to evaluate from the current context. Required fields of the child object must be included explicitly in each object.

DeleteCrudAction

MPO Version: 1.3.0

Defines an embedded delete operation to remove related records—typically child or connected entities—within a Business API. This action allows declarative, conditional deletion of external data objects that are linked to the primary object. It is typically used for cascading deletes, cleanup logic, or enforcing referential integrity in business processes. The childObject can belong to the same service (local) or to another service (remote). For remote objects, the action automatically routes to the target service's M2M edge function (m2mDelete{ObjectName}ByQuery) using machine-to-machine authentication, ensuring secure inter-service communication. In multi-tenant scenarios, the tenant codename is automatically propagated to the remote service.

interface DeleteCrudAction extends BusinessApiAction = {
  childObject : DataObjectName;
  whereClause : MScript;
}

Field

Description

childObject

The name of the related data object from which records will be deleted. This can be a local data object (belonging to the same service) or a remote data object (belonging to another service). For local objects, the action calls the service's dbLayer delete utility function directly. For remote objects, the action automatically routes to the target service's M2M edge function (m2mDelete{ObjectName}ByQuery) using secure machine-to-machine authentication. The tenant codename is automatically included in the request headers for multi-tenant scenarios.

whereClause

An MScript-based query that defines the selection condition for records to be deleted. This field is required and must identify which records in the child object will be affected.

UpdateCrudAction

MPO Version: 1.3.0

Defines an embedded update operation for related data objects—typically child or connected entities—within a Business API. This action is used when the API needs to selectively update external records based on a condition. It is commonly applied after creating or modifying a parent object to ensure consistency or to propagate business state changes across related objects. The childObject can belong to the same service (local) or to another service (remote). For remote objects, the action automatically routes to the target service's M2M edge function (m2mUpdate{ObjectName}ByQuery) using machine-to-machine authentication, ensuring secure inter-service communication. In multi-tenant scenarios, the tenant codename is automatically propagated to the remote service.

interface UpdateCrudAction extends BusinessApiAction = {
  childObject : DataObjectName;
  whereClause : MScript;
  dataClause : ApiAggregateData[];
}

Field	Description
childObject	The name of the related data object that will be updated. This can be a local data object (belonging to the same service) or a remote data object (belonging to another service). For local objects, the action calls the service's dbLayer update utility function directly. For remote objects, the action automatically routes to the target service's M2M edge function (m2mUpdate{ObjectName}ByQuery) using secure machine-to-machine authentication. The tenant codename is automatically included in the request headers for multi-tenant scenarios.
whereClause	An MScript-based query that determines which records in the child object should be updated. This is a required field and must uniquely or conditionally identify the target set of records.
dataClause	A list of key-value assignments to apply to the matched records. Each item in the list defines a property of the child object and its new value (evaluated via MScript). Required fields must be included explicitly, and all values are resolved in the current context.

ApiCallAction

MPO Version: 1.3.0

Calls an external or internal HTTP API during Business API execution. This is ideal for integrating with third-party services or internal utility endpoints. The fetched result is stored in context and optionally written to the response. Input and output transformation are supported.

interface ApiCallAction extends BusinessApiAction = {
  apiCallRequest : HTTPRequest;
  isArray : Boolean;
  apiFetchProperty : String;
}

Field	Description
apiCallRequest	Configuration object defining the HTTP call. Includes method, URL, headers, query parameters, and body.
isArray	If true, the result is expected to be an array and will be treated as such during response and context processing.
apiFetchProperty	Used when the response is a complex object but only one specific property is needed. The extracted property will be stored in context.

HTTPRequest

MPO Version: 1.3.0

Defines a reusable HTTP request configuration to interact with a remote service and retrieve a JSON response. This object is used across the platform for scenarios such as remote authentication, remote data access, and integration with external APIs (CRUD operations, searches, etc.).

interface HTTPRequest = {
  httpRequestUrl : String;
  httpRequestMethod : HTTPRequestMethods;
  tokenLocation : RequestLocations;
  tokenName : String;
  tokenValue : String;
  httpRequestParameters : HTTPRequestParameters;
  cacheResponse : Boolean;
}

Field	Description
httpRequestUrl	The full URL of the remote service endpoint.
httpRequestMethod	The HTTP method to use when making the request. Supported methods are GET, POST, PUT, PATCH, DELETE.
tokenLocation	The section of the request where the authentication token should be placed (e.g., header, cookie).
tokenName	The name or key under which the token will be sent in the specified location.
tokenValue	The token value to be sent, if static. This field is optional and typically used for hardcoded tokens or fallback defaults.
httpRequestParameters	The parameters to send with the request, including body, query string, headers, and cookies.
cacheResponse	Indicates whether the response of this request should be cached for reuse. Useful for minimizing repeated remote calls.

HTTPRequestMethods

An enum representing the HTTP method to use in a request.

const HTTPRequestMethods = {
  GET: "GET",
  POST: "POST",
  PUT: "PUT",
  PATCH: "PATCH",
  DELETE: "DELETE",
};

Enum	Description
GET	Retrieve data from the remote service.
POST	Submit new data to the remote service.
PUT	Replace existing data in the remote service.
PATCH	Partially update existing data in the remote service.
DELETE	Remove data from the remote service.

HTTPRequestParameters

MPO Version: 1.3.0

Defines the parameters to be sent with an HTTP request. This includes data sent in the request body, query string, headers, or cookies.

interface HTTPRequestParameters = {
  httpRequestBody : DataMapItem[];
  httpRequestQuery : DataMapItem[];
  httpRequestHeaders : DataMapItem[];
  httpRequestCookies : DataMapItem[];
}

Field	Description
httpRequestBody	Key-value pairs to include in the body of the request. Defined as an array of DataMapItems.
httpRequestQuery	Key-value pairs to include as query string parameters. Defined as an array of DataMapItems.
httpRequestHeaders	Custom headers to include in the request. Defined as an array of DataMapItems.
httpRequestCookies	Cookies to be attached to the request. Defined as an array of DataMapItems.

AiCallAction

MPO Version: 1.3.0

Invokes an AI model such as OpenAI or Anthropic to perform text generation, refinement, classification, or summarization. The prompt is composed from a template and context, and the result is stored in the context and optionally exposed in the response.

interface AiCallAction extends BusinessApiAction = {
  promptTemplate : AIPromptTemplate;
  isArray : Boolean;
  aiFetchProperty : String;
  responseFormat : String;
  model : String;
}

Field	Description
promptTemplate	Defines both the static system message and dynamic user message. These are passed to the AI model to guide its behavior. Supports MScript in the user prompt.
isArray	If true, the response is expected to contain a list of results. Use when the model is expected to return multiple items.
aiFetchProperty	Optional: If the model returns a structured object and only one property is needed, specify it here to extract just that portion.
responseFormat	Indicates the expected format of the AI's output—either `json` for structured responses or `text` for plain text.
model	The identifier of the LLM model to be used, such as `gpt-4`, `claude-3`, or any provider-accessible variant.

AIPromptTemplate

MPO Version: 1.3.0

Defines the structure of an AI prompt using a two-part design: a static system-level instruction and a dynamic user message populated via MScript from the current context. Used in AiCallAction to guide AI model behavior.

interface AIPromptTemplate = {
  systemPrompt : Text;
  userPrompt : MScript;
}

Field	Description
systemPrompt	A fixed instruction string that sets the tone or role for the AI model. Examples include guidance like 'You are a helpful assistant' or 'You are a strict validator'.
userPrompt	A dynamic MScript expression that generates the user-facing part of the prompt. This often references contextual variables such as `this.username`, `this.itemName`, or `this.description` to personalize or situate the model's response.

MembershipCheckAction

MPO Version: 1.3.0

Defines access control based on membership rules configured on a data object. This is used when access to a Business API operation depends on whether the current user is a member of a related entity, such as a project, team, or organization. The dataObjectName field specifies which object’s membership rules should be applied—if omitted, the main data object of the Business API is used by default. This action supports direct and nested membership checks, such as validating access to a parent organization while updating a child project.

interface MembershipCheckAction extends BusinessApiAction = {
  dataObjectName : DataObjectName;
  objectKey : MScript;
  userKey : MScript;
  checkFor : MScript;
  checkType : ApiCheckType;
  errorMessage : String;
}

Field	Description
dataObjectName	The name of the data object whose membership configuration should be used to validate access. If omitted, the Business API’s main data object is assumed. Use this field when you need to check access against a related or parent object (e.g., checking `Organization` membership when updating a `Project`).
objectKey	An MScript expression that returns the ID of the object whose membership should be checked. For example, if checking access to a project, this would return a `projectId`.
userKey	An MScript expression that returns the user ID to check against the target object’s membership configuration. Typically `this.session.userId`, but may also reference delegated users or owners.
checkFor	An optional MScript expression to validate specific aspects of the membership (such as role or permissions). If omitted, any valid membership grants access.
checkType	Specifies whether this membership check should enforce access immediately (`liveCheck`) or simply write the result to context (`storedCheck`). Use `storedCheck` when the result will be used later in a conditional or validation flow.
errorMessage	A message to display when the membership check fails. Use this to provide a meaningful explanation to the user, such as 'You must be a member of this team to perform this action.'

ApiCheckType

Defines how the result of a validation, permission, or membership check is used within the Business API lifecycle.

const ApiCheckType = {
  storedCheck: "storedCheck",
  liveCheck: "liveCheck",
};

Enum	Description
storedCheck	The result of the check is written to the context and does not interrupt API execution. This allows deferred decision-making or combining the result with other checks later in the workflow (e.g., in conditionals or response shaping).
liveCheck	If the check fails, the Business API will immediately throw an authorization or validation error and halt execution. Use this mode when the check outcome must strictly control access or behavior.

PermissionCheckAction

MPO Version: 1.3.0

Defines a global permission check that evaluates whether the user holds specific platform or service-level permissions. This check is not tied to any particular object instance and is useful for validating roles such as canAccessAdminPanel, canExportData, or canSendEmails. You can either enforce the result immediately or store it in context for conditional usage later in the flow.

interface PermissionCheckAction extends BusinessApiAction = {
  permissionName : String;
  checkType : ApiCheckType;
}

Field Description

permissionName The name of the permission that the user must possess. The check will only succeed if the user has the given permission.

checkType Specifies how the result of the check should be handled. When set to liveCheck, the Business API will immediately throw an authorization error if the check fails, halting execution. When set to storedCheck, the result is stored in context and does not interrupt execution—even if the check fails. This allows for advanced, combinational authorization logic where multiple checks may be evaluated together later in the workflow.

ObjectPermissionCheckAction

MPO Version: 1.3.0

Performs a permission check scoped to a specific object instance. It evaluates whether the current user has the required permissions on the resolved object, based on all applicable sources: directly assigned object permissions, inherited permissions from parent contexts (e.g., user or role permissions), and dynamic ABAC rules that intersect with the object’s attributes. This check is used when fine-grained, instance-level authorization is required.

interface ObjectPermissionCheckAction extends BusinessApiAction = {
  permissionName : String[];
  readObjectIdFrom : MScript;
  checkType : ApiCheckType;
}

Field	Description
permissionName	The name of the permission that the user must possess on the resolved object instance.
readObjectIdFrom	An MScript expression that evaluates to the ID of the specific instance whose permissions should be checked. This could reference input parameters, session values, or context-fetched records (e.g., `this.projectId` or `this.parent.organizationId`).
checkType	Specifies how the result of the check is handled. If set to `liveCheck`, the API will immediately throw a permission error if the check fails. If set to `storedCheck`, the result is stored in the context and does not interrupt execution—allowing you to combine multiple permission checks later in the workflow.

ReadJwtTokenAction

MPO Version: 1.3.0

Defines a read jwt token operation from either context, session or request and write its payload to the context with the contextPropertyName after validating it. The token signature should be in HMAC format. The token payload may be used for allowing access to an object via a signed token instead of standard authentication. This is typically used for public or limited-access sharing workflows (e.g., view-only links). Once the token payload is in context any other validations may be performed using the payload values in further actions.

interface ReadJwtTokenAction extends BusinessApiAction = {
  readTokenFrom : MScript;
  jwtKey : MScript;
  isRequired : Boolean;
  statusCheck : MScript;
}

Field	Description
readTokenFrom	An MScript value that evaluates to the decoded value of token. It may be in the context through parameters like `this.accessToken`, it may be read directly from controller request like `this.request.query.payToken` or it may be read from the session in cases where users have their own tokens for authorization like this.session.userSubscrition.
jwtKey	An MScript value that evaluates to the Jwt key to validate the token signature. It may be an hardcoded value like `1234560987abcdef` or a reference to context like this.jwtKey or a env reference like process.env.SUBS_KEY.
isRequired	A Boolean value to define if the token is required. Set it true if you want the application throw an error if the token is null or can not be validated.
statusCheck	If you want to check the payload across some specific requirements use this check script. If the check is not validated the token will be considered invalid. You can also use this script if you will use token for only single business logic validation, if you need the validation in many steps then dont use this script other than general status checks.

ValidationAction

MPO Version: 1.3.0

Defines a flexible business rule that performs a dynamic condition check during Business API execution. Unlike permission or membership checks, a ValidationAction is fully script-based and domain-specific, allowing complex logical conditions such as subscription status, object states, quota limits, feature flags, or compliance rules. If the validation fails, the system either throws an error (liveCheck) or stores the result in context for later decision-making (storedCheck).

interface ValidationAction extends BusinessApiAction = {
  description : Text;
  shouldBeTrue : Boolean;
  checkType : ApiCheckType;
  validationScript : MScript;
  errorMessage : String;
  errorStatus : ErrorStatus;
}

Field	Description
description	A short, human-readable description explaining the intent of the validation—such as 'User must be active subscriber', 'Quota must not be exceeded', or 'Document must be in draft state'.
shouldBeTrue	Indicates the expected outcome of the validation logic. If `true`, the validation passes when the condition evaluates to `true`. Set to `false` when the validation should pass on a `false` condition (e.g., `!isUserBanned`).
checkType	Specifies how the result of the validation is handled. If `liveCheck`, the API throws an error immediately when the validation fails. If `storedCheck`, the result is saved to context and execution continues—allowing deferred or compound logic.
validationScript	An MScript expression that returns a boolean value based on current API context. This defines the actual validation condition. If the result does not match `shouldBeTrue`, the validation fails.
errorMessage	Message returned to the client if the validation fails and `checkType` is `liveCheck`. This should be clear and relevant to the context, e.g., 'Your plan does not allow creating more projects.'
errorStatus	The HTTP status code to return when the validation fails and `checkType` is set to `liveCheck`. If the status code is `401` (Unauthorized) or `403` (Forbidden), Mindbricks treats the failure as an authorization error—which is automatically bypassed for users with absolute roles assigned to the current API (e.g., `superAdmin`). Use `400` (Bad Request) for business rule violations that should apply to all users regardless of role.

ErrorStatus

Mindbricks error status codes represent standardized HTTP-style error responses used across all controller types. These codes provide consistent semantic feedback for route errors, especially in REST APIs.

const ErrorStatus = {
  400: "400",
  401: "401",
  403: "403",
  404: "404",
  500: "500",
};

Enum	Description
400	BadRequestError — Returned when request parameters are invalid, malformed, or missing required data.
401	NotAuthenticatedError — Returned when no valid user session is found. Typically indicates a login is required.
403	ForbiddenError — Returned when the user is authenticated but does not have sufficient permissions or rights for the requested operation.
404	NotFoundError — Returned when a required resource or data entry is not found in the system, such as a missing record or object.
500	HttpSystemError — Returned for internal server or system-level errors, such as database failures or unexpected exceptions.

AddToContextAction

MPO Version: 1.3.0

Adds one or more calculated values to the runtime context (this) at a specific point in the Business API flow. This is typically used to prepare values that will be referenced in later actions, such as computed totals, enriched properties, or temporary flags. The values are evaluated via MScript and written under the names you specify.

interface AddToContextAction extends BusinessApiAction = {
  context : ContextData[];
}

Field	Description
context	An array of `ContextData` objects. Each defines a property name and an MScript expression to compute its value. These values will be written to the runtime context (`this.<contextName>`), making them accessible in subsequent steps.

ContextData

MPO Version: 1.3.0

ContextData is a container object to represent any key-value pair to write or read to/from context.

interface ContextData = {
  contextName : String;
  contextValue : MScript;
}

Field	Description
contextName	The name of the variable to store in the context (e.g., `totalCost`, `userQuota`). The value will be accessible in later steps as `this.<contextName>`.
contextValue	An MScript expression used to compute the value for this property. Can reference other context fields, parameters, session values, or constants (e.g., `this.items.length * this.price`).

AddToResponseAction

MPO Version: 1.3.0

Adds one or more properties from the current context to the final response object after the main operation completes. This is useful when some values are computed or fetched indirectly (e.g., session-based, Redis-loaded, or generated) and need to be exposed in the API response explicitly.

interface AddToResponseAction extends BusinessApiAction = {
  context : ContextData[];
}

Field	Description
context	An array of `ContextData` entries. Each defines a name-value pair to be copied from the evaluated MScript into the response object. The property will appear in the final API output.

RemoveFromResponseAction

MPO Version: 1.3.0

Removes one or more properties from the final API response before it is returned to the client. This is useful for eliminating internal, sensitive, or unnecessary fields that were added by earlier actions or populated from context. Commonly used to enforce privacy, avoid leaking implementation details, or to conform to specific output schemas.

interface RemoveFromResponseAction extends BusinessApiAction = {
  properties : String[];
}

Field	Description
properties	An array of property names (strings) that will be removed from the final API response. Use this to clean up sensitive or internal fields before the response is returned.

RenderDataAction

MPO Version: 1.3.0

Generates a formatted string output by applying a predefined template to structured data using MScript. This is typically used to render email bodies, documents, files, or markdown/html content from API context values. The rendered result is saved into context (with contextPropertyName) and can be reused in subsequent actions such as email sending, file export, or response shaping.

interface RenderDataAction extends BusinessApiAction = {
  inputData : MScript;
  template : String;
}

Field	Description
inputData	An MScript expression that evaluates to the structured input data (object or array) to be passed into the template engine. Typically constructed from parameters or context (e.g., `this.userProfile`).
template	The name or identifier of the template to apply to the input data. Templates must be defined in the `templates` section of the service’s library module. The selected template is applied to the input data using a rendering engine (e.g., EJS), producing a formatted string output.

DataToFileAction

MPO Version: 1.3.0

Converts a given input into a downloadable file format such as CSV, JSON, or PDF. The data is prepared using an MScript expression and can be either returned to the client immediately or saved for internal use. Use this action when you need to export structured output from a Business API response or context.

interface DataToFileAction extends BusinessApiAction = {
  inputData : MScript;
  outputFormat : FileFormats;
  sendToClient : Boolean;
}

Field	Description
inputData	An MScript expression that resolves to a pre-rendered textual output to be saved as a file. This should be a string representing the actual content—such as a rendered CSV, JSON string, or HTML body—rather than raw structured data. If the input is a raw object, it will be automatically converted to a JSON string.
outputFormat	The format of the file to be generated. Common values include `json`, `csv`, `pdf`, based on supported `FileFormats` enum.
sendToClient	If true, the generated file will be sent to the client as a downloadable attachment in the API response. If false, the file is only generated internally.

FileFormats

Specifies supported output formats for content generation, serialization, or export. These are primarily text-based formats, suitable for structured data, document rendering, and developer-facing outputs.

const FileFormats = {
  json: "json",
  xml: "xml",
  csv: "csv",
  tsv: "tsv",
  txt: "txt",
  html: "html",
  md: "md",
  yaml: "yaml",
  yml: "yml",
  svg: "svg",
  pdf: "pdf",
  rtf: "rtf",
  log: "log",
  tex: "tex",
};

Enum	Description
json	JavaScript Object Notation — structured, widely used for API and machine-readable exports.
xml	Extensible Markup Language — structured, verbose format common in enterprise and legacy systems.
csv	Comma-Separated Values — simple flat data format, best for spreadsheets or tabular exports.
tsv	Tab-Separated Values — like CSV but uses tabs, better for escaping commas in data.
txt	Plain Text — raw string content without formatting.
html	HyperText Markup Language — suitable for browser rendering and templated output.
md	Markdown — lightweight markup language for documentation and developer-friendly reports.
yaml	YAML Ain’t Markup Language — human-readable config format, commonly used in CI/CD pipelines and devops.
yml	YAML shorthand extension (alias of `.yaml`).
svg	Scalable Vector Graphics — XML-based vector image format used in charts and exports.
pdf	Portable Document Format — styled, paginated, formal format for reports, receipts, or printable content.
rtf	Rich Text Format — supports basic styling, used in word processors.
log	Log file — typically used for line-based event or debug data.
tex	LaTeX — markup format used for academic or mathematical document generation.

RedirectAction

MPO Version: 1.3.0

Redirects the client to a new URL after the API execution. This is often used in web-based flows like OAuth callbacks, login success handlers, or conditional navigation.

interface RedirectAction extends BusinessApiAction = {
  redirectUrl : HTTPRequest;
}

Field	Description
redirectUrl	The URL to redirect the client to. Supports templated HTTPRequest objects, which may include path parameters or query strings dynamically generated using MScript.

CreateJWTTokenAction

MPO Version: 1.3.0

Generates a signed JWT token from a given payload. This token can be stored in context or included in the API response for client use. Typically used for authentication or temporary session flows.

interface CreateJWTTokenAction extends BusinessApiAction = {
  JWTKey : MScript;
  payload : MScript;
}

Field	Description
JWTKey	An MScript expression that defines the value of the JWT key to sign the payload. It is mostly an environement variable reference.
payload	An MScript expression that defines the object payload to be encoded inside the JWT. May include user ID, scopes, expiration, or other claims.

CreateObjectAction

MPO Version: 1.3.0

Constructs an in-memory JavaScript object from key-value pairs and writes it to the context. This action does not persist data to the database. It is typically used to prepare structured data for use in other actions such as sending emails, rendering templates, API calls, or forming response objects.

interface CreateObjectAction extends BusinessApiAction = {
  payload : ObjectData[];
  mergeObject : MScript;
}

Field	Description
payload	An array of key-value pairs (as `ObjectData`) representing the base fields of the constructed object. Values are evaluated using MScript.
mergeObject	An optional MScript expression that returns an object. Its keys and values will be shallow-merged into the base object after `payload` is evaluated. This allows for dynamic or computed properties.

ObjectData

MPO Version: 1.3.0

Represents a single property assignment used when constructing a new object via CreateObjectAction. The value is evaluated dynamically from context.

interface ObjectData = {
  key : String;
  value : MScript;
}

Field	Description
key	The name of the property to assign on the created object (e.g., `status`, `createdBy`).
value	An MScript expression used to compute the value assigned to this property. Can include references to `this`, `session`, or other computed context.

CreateBucketTokenAction

MPO Version: 1.3.0

Generates a signed JWT token including a standard bucket permission paylod. This token can be stored in context or included in the API response for client use. Typically used for accessing Mindbricks Bucket service.

interface CreateBucketTokenAction extends BusinessApiAction = {
  bucketPermissions : BucketPermission[];
}

Field	Description
bucketPermissions	A list of bucket permissions that will included in the token payload. Typically a single bucket permission is issued through one API, but you can create multiple bucket permissions.

BucketPermission

MPO Version: 1.3.0

An object to define an access to a specific bucket with a specific permission.

interface BucketPermission = {
  bucketName : String;
  bucketId : MScript;
  permissionType : BucketPermissionType;
  isPublic : Boolean;
}

Field	Description
bucketName	A human readable string for the bucket name that will be given access. Eg. `privateProjectBucket`
bucketId	An MScript expression that evaluates to a unique id that will define the bucket. Eg. `${this.projectId}-private` If a bucket with this id doesn't exist, it will be created automatically.
permissionType	An Enum value (read or write) that defines the access right of the token on the bucket. Read is used to access files in non public buckets, write is used to create, update or delete a file in a public or private bucket.
isPublic	A Boolean value to define if the bucket is public or not. If it is set true, the bucket will be marked as public when first created. A public bucket can be accessed for reading without token, a private public will always need a token.

BucketPermissionType

An enum type to define the access right of a bucket token.

const BucketPermissionType = {
  read: "read",
  write: "write",
};

Enum	Description
read	Anyone with this bucket token can request to read a file in the private bucket with bucketId from the Bucket Service.
write	Anyone with this bucket token can request to create/update/delete a file in the private/public bucket with bucketId from the Bucket Service.

PublishEventAction

MPO Version: 1.3.0

Publishes a message to an event topic (such as a message bus, queue, or pub/sub channel) as part of the Business API flow. This action is used to emit domain events or trigger asynchronous workflows that are consumed by other services or systems. The payload is defined using MScript and can include structured data from the API context.

interface PublishEventAction extends BusinessApiAction = {
  topic : String;
  message : MScript;
}

Field	Description
topic	The name of the topic, channel, or event key to which the message will be published. This string typically matches the naming convention of the consuming system (e.g., `project.created`, `user.signup`).
message	An MScript expression that evaluates to the message payload to send. This can be a primitive value, object, or string and may reference `this`, session data, or previous action results.

ReadFromRedisAction

MPO Version: 1.3.0

Reads a value from Redis using a dynamically computed key and writes the result into the context under a specified property name (contextPropertyName). This action is typically used to retrieve session data, temporary values, or cached results that are needed later in the API flow. The retrieved value becomes accessible to other actions using this.<contextName>.

interface ReadFromRedisAction extends BusinessApiAction = {
  redisKey : MScript;
}

Field	Description
redisKey	An MScript expression that evaluates to the Redis key to fetch. Can include values from the current context, session, or request (e.g., `this.session.userId`).

WriteToRedisAction

MPO Version: 1.3.0

Writes a value to Redis under a computed key. The value is defined via MScript and can include dynamic data from the current context. This is typically used for storing transient data such as verification tokens, process state, or temporary API results.

interface WriteToRedisAction extends BusinessApiAction = {
  redisKey : MScript;
  message : MScript;
}

Field	Description
redisKey	An MScript expression that resolves to the Redis key where the message will be stored. You can use contextual values to create scoped or namespaced keys.
message	An MScript expression that evaluates to the value to store. This can be a string, number, or object. Complex objects will be serialized to JSON automatically.

SendMailAction

MPO Version: 1.3.0

Sends an email using a configured email provider. The subject, body, and recipient addresses are defined via MScript and can be dynamically constructed from context. This action is commonly used for transactional notifications, confirmations, or alerts.

interface SendMailAction extends BusinessApiAction = {
  provider : String;
  subject : MScript;
  body : MScript;
  to : MScript;
  from : MScript;
  cc : MScript;
}

Field	Description
provider	The identifier of the configured email provider (e.g., `smtp`, `sendgrid`, `mailjet`). Must match a provider setup in the projects’s notification configuration.
subject	An MScript expression that evaluates to the email subject. Can include context variables like `this.user.name`.
body	An MScript expression that evaluates to the email content, usually a rendered HTML or plaintext string. Often prepared using `RenderDataAction`.
to	An MScript expression that evaluates to the recipient email address (or a list of addresses).
from	An MScript expression defining the sender email address. Can be static or context-driven.
cc	Optional MScript expression to specify CC recipients. Can be a single address or array.

SendSmsAction

MPO Version: 1.3.0

Sends an SMS message using a configured SMS provider. The recipient phone number, message content, and sender ID are defined using MScript expressions. Useful for OTPs, short notifications, or alerts.

interface SendSmsAction extends BusinessApiAction = {
  provider : String;
  subject : MScript;
  body : MScript;
  to : MScript;
  from : MScript;
}

Field	Description
provider	The identifier of the configured SMS provider (e.g., `twilio`, `nexmo`). Must be defined in the service’s messaging configuration.
subject	Optional subject line, if supported by the SMS provider. Otherwise ignored. Can be used for internal categorization or template labeling.
body	An MScript expression that evaluates to the message body. This should be a short, plaintext message suitable for mobile delivery.
to	An MScript expression that resolves to the recipient's phone number (in international format).
from	The sender identifier, either a short code or alphanumeric sender name, depending on provider capabilities.

SendPushNotificationAction

MPO Version: 1.3.0

Sends a push notification using a configured provider (e.g., Firebase, OneSignal). Subject and body are rendered via MScript and sent to the recipient device or user ID. Suitable for in-app or mobile alerts.

interface SendPushNotificationAction extends BusinessApiAction = {
  provider : String;
  subject : MScript;
  body : MScript;
  to : MScript;
  from : MScript;
}

Field	Description
provider	The name of the push notification provider to use (e.g., `firebase`, `onesignal`). Must be configured in the service’s notification setup.
subject	The notification title or heading, rendered via MScript. This typically appears as the bold title on a mobile push alert.
body	The body text of the notification, defined via MScript. Should be concise and actionable.
to	The recipient device ID or user identifier, evaluated from context. Format depends on the configured provider.
from	Optional sender or topic ID. Used to label or route notifications by source when supported by the provider.

RefineByAiAction

MPO Version: 1.3.0

Refines or transforms a given text using an AI provider such as OpenAI or Anthropic. The action supports adjustable refinement depth via temperature and mode, and allows instruction control through a system prompt. The result is stored in the context and can be reused in rendering, messaging, or responses. Use this for rephrasing, summarizing, tone-shifting, or grammar correction.

interface RefineByAiAction extends BusinessApiAction = {
  provider : String;
  inputData : MScript;
  systemPrompt : String;
  temperature : Double;
  mode : String;
}

Field	Description
provider	The name of the AI provider to use (e.g., `openai`, `anthropic`). Must be configured in the service's AI settings.
inputData	An MScript expression that evaluates to the input string to be refined. This should be a plain text value from the context, parameters, or a prior action.
systemPrompt	An optional system-level instruction string to guide the AI's tone or intent. Example: 'You are a professional editor. Keep meaning intact, improve clarity and grammar.'. Leave it null if you want to use default prompt.
temperature	A value between 0 and 1 indicating how much variation the model should apply. Use low values (~0.2) for subtle fixes, and higher values (~0.7) for more creative rewrites.
mode	Optional label representing the level or style of refinement. Common values might include `preserve`, `light`, `reword`, `rewrite`, `summarize`. This can be interpreted by your backend to choose a prompt template.

PaymentAction

MPO Version: 1.3.0

Calls the proper native payment gateway functions according to the current stage of payment lifecycle. Currently Stripe is supported natively, for other gateways use integrations.

interface PaymentAction extends BusinessApiAction = {
  gateway : String;
  stage : PaymentStage;
}

Field	Description
gateway	The name of the payment gateway that is supported natively. Current support is only for Stripe, so this value should be `Stripe`.
stage	The type of the stage call that the action will make. It can start, complete or refresh a payment, it can accept a gateway webhook.

PaymentStage

The target stage of the payment lifecycle on which the action's decision for next step to be executed is based.

const PaymentStage = {
  simple: "simple",
  start: "start",
  complete: "complete",
  refresh: "refresh",
  callback: "callback",
};

Enum	Description
simple	The lifecycle is simple it is just one sync call to handle everything, creating the charge immediately.
start	The payment operation is wanted to be started, mostly an intent is created on the frontend side, but also it can be started in the server side.
complete	The payment operation is wanted to be completed, the intent will be a real charge.
refresh	The payment operation data in the gateway server will be fetched and the application payment tickets and order status will be refreshed according to the server. Use this if you dont want to use a webhook.
callback	The api is called by the gateway webhook, so the refresh operation will be held asynchronously. Use this option if you provide your api as a webhook to the provider.

VerifyWebhookAction

MPO Version: 1.3.0

Verifies a webhook call of a provider with its signature secret and reads the parameeters and writes them to the context.

interface VerifyWebhookAction extends BusinessApiAction = {
  provider : String;
  secretKey : MScript;
}

Field	Description
provider	The name of the provider to verify the webhook. Current support is only for stripe, so this value should be `stripe`.
secretKey	An MScript value to represent ot to reach the secret key of the webhook signature

IntegrationAction

MPO Version: 1.3.0

Calls a native API integration provided by Mindbricks (e.g., AWS S3, Airtable, Stripe, Asana). Each integration exposes a set of predefined actions, and this object triggers one of them with dynamically computed parameters. The result is stored in the context and can be used in follow-up steps. This allows low-code access to third-party systems using structured inputs.

interface IntegrationAction extends BusinessApiAction = {
  provider : IntegrationProvider;
  action : String;
  parameters : IntegrationParameter[];
}

Field	Description
provider	The identifier of the external service provider to call (e.g., `aws`, `asana`, `salesforce`). Must match a supported integration configured within Mindbricks.
action	The specific action or operation to invoke on the provider. For example: `uploadFile`, `createRecord`, `deleteObject`, `listItems`. Action names must match those exposed by the selected integration provider.
parameters	An array of parameter objects that define the inputs to pass to the integration action. Each parameter includes a name and a dynamically evaluated value from context.

IntegrationParameter

MPO Version: 1.3.0

Defines a single named input to be passed to a native integration provider action. Parameter values are evaluated using MScript and can be derived from session, context, or external input.

interface IntegrationParameter = {
  parameterName : String;
  parameterValue : MScript;
}

Field	Description
parameterName	The name of the parameter as expected by the integration action (e.g., `bucketName`, `filePath`, `email`).
parameterValue	An MScript expression that resolves to the parameter value. This can reference current context, session variables, request parameters, or computed logic.

LoopAction

MPO Version: 1.3.0

Defines a repeated execution block within a Business API workflow. It loops over the result of an MScript expression and executes a list of actions for each item. The current item is exposed as a local variable named by loopItemName, directly accessible in MScript. Loop actions can be nested to support multi-level iteration, enabling hierarchical or grid-like data processing patterns.

interface LoopAction extends BusinessApiAction = {
  loopFor : MScript;
  loopItemName : String;
  isParallel : Boolean;
  actions : String[];
}

Field	Description
loopFor	An MScript expression that evaluates to an iterable (such as an array). Each element of the result will be bound to the variable defined by `loopItemName` and processed through the listed actions.
loopItemName	The name of the variable representing the current item in each loop iteration. This variable is directly accessible in MScript without `this.`. For example, if `loopItemName` is `customerItem`, you can reference `customerItem.id` or `customerItem.status` inside any action executed in the loop.
isParallel	A boolean value to control the non-blockin behaviour of the loop steps. If isParallel set to true, all loop steps will be called as async together, but the loop itself will be awaited. If it is false, all steps are awaited and executed one by one. Use the async option if you are sure that the target source (like db, redis, cpu, disk) will be able manage multiple jobs at once.
actions	An array of action names (as strings) to execute during each loop iteration. These actions must be previously defined in the Business API's action store.

ParallelAction

MPO Version: 1.3.0

Defines a non-blocking execution group in which multiple actions are executed in parallel. Each action runs independently using the same input context. Parallel actions are useful for concurrent fetches, validations, or other side-effect-free logic. This action can also include nested ParallelAction or LoopAction steps, enabling concurrent or branched execution across multiple layers of the workflow.

interface ParallelAction extends BusinessApiAction = {
  actions : String[];
}

Field	Description
actions	An array of action names (as strings) to be executed concurrently. Each action in this list will run using the shared context. Nested parallel and loop actions are supported for composing deeply concurrent workflows.

CartValidationAction

MPO Version: 1.3.0

Validates a shopping cart before checkout. Checks that items exist, stock is available, prices are valid, and minimum order requirements are met. The validation results are written to the context for use in subsequent actions.

interface CartValidationAction extends BusinessApiAction = {
  validations : CartValidationType[];
  failFast : Boolean;
}

Field	Description
validations	Array of validation types to perform. Valid options: 'itemsExist', 'stockAvailable', 'pricesValid', 'minimumOrderMet', 'shippingAddressValid'.
failFast	If true, stop validation on first failure. If false, collect all failures before returning.

CartValidationType

Types of validations that can be performed on a shopping cart before checkout.

const CartValidationType = {
  itemsExist: "itemsExist",
  stockAvailable: "stockAvailable",
  pricesValid: "pricesValid",
  minimumOrderMet: "minimumOrderMet",
  shippingAddressValid: "shippingAddressValid",
  promotionsValid: "promotionsValid",
};

Enum	Description
itemsExist	Verify the cart has at least one item.
stockAvailable	Check that all items have sufficient inventory/stock.
pricesValid	Verify item prices haven't changed since added to cart.
minimumOrderMet	Check that the cart meets the minimum order threshold.
shippingAddressValid	Validate that a valid shipping address is provided.
promotionsValid	Verify that applied promotions are still valid and eligible.

CartCheckoutAction

MPO Version: 1.3.0

Processes shopping cart checkout. Handles inventory reservation, promotion usage recording, order creation, and cart clearing. The checkout result is written to the context.

interface CartCheckoutAction extends BusinessApiAction = {
  stage : CartCheckoutStage;
  clearCartAfterCheckout : Boolean;
  recordPromotionUsage : Boolean;
}

Field	Description
stage	The checkout stage: 'validate' for validation only, 'process' for full checkout processing, 'finalize' for final order creation.
clearCartAfterCheckout	If true, clear the cart after successful checkout.
recordPromotionUsage	If true, record promotion/coupon usage for tracking and limits.

CartCheckoutStage

Stages of the shopping cart checkout process.

const CartCheckoutStage = {
  validate: "validate",
  process: "process",
  finalize: "finalize",
};

Enum	Description
validate	Only validate the cart without processing. Used to check if cart is ready for checkout.
process	Full checkout processing including inventory reservation and order creation.
finalize	Final order finalization after payment confirmation.

CouponValidationAction

MPO Version: 1.3.0

Validates a coupon code for eligibility. Checks code validity, expiration dates, usage limits, minimum order requirements, and calculates the discount amount. Results are written to the context.

interface CouponValidationAction extends BusinessApiAction = {
  checkUsageLimits : Boolean;
  checkExpiration : Boolean;
  calculateDiscount : Boolean;
}

Field	Description
checkUsageLimits	If true, verify the coupon has not exceeded its usage limits.
checkExpiration	If true, verify the coupon has not expired.
calculateDiscount	If true, calculate and include the discount amount in the result.

EmitSseEventAction

MPO Version: 1.3.0

Emits a custom SSE event during the workflow. The event name and payload are declaratively configured. When the API is called via REST (no SSE context), this action is a silent no-op.

interface EmitSseEventAction extends BusinessApiAction = {
  eventName : String;
  data : MScript;
}

Field	Description
eventName	The SSE event name to emit to the client (e.g., 'jobCreated', 'phaseComplete').
data	MScript expression evaluated against the pipeline context to build the event payload.

IteratorAction

MPO Version: 1.3.0

A generic streaming action whose method returns an async iterable. The sourceScript MScript expression must evaluate to an object with Symbol.asyncIterator (async generator, readable stream, etc.). Designed for custom streaming logic that isn't covered by AiCallAction.

interface IteratorAction extends BusinessApiAction = {
  sourceScript : MScript;
}

Field	Description
sourceScript	MScript expression that evaluates to an async iterable. Example: LIB.streamProcessor(this.data)

BusinessWorkflow

MPO Version: 1.3.0

Defines the execution flow milestones of a Business API. Only one of the sub-flows (create, update, delete, get, list) will be populated, based on the crudType of the API. Each workflow contains ordered arrays of action ids to be executed at predefined lifecycle milestones (e.g., after reading parameters, after the main DB operation). These workflows allow complete control of the API's logic and are fully compatible with visual workflow editors.

interface BusinessWorkflow = {
  create : CreateBusinessWorkflow;
  update : UpdateBusinessWorkflow;
  delete : DeleteBusinessWorkflow;
  get : GetBusinessWorkflow;
  list : ListBusinessWorkflow;
}

Field	Description
create	The milestone execution flow for a `create`-type API. Contains action arrays tied to standard lifecycle stages of record creation.
update	The milestone execution flow for an `update`-type API. Contains action arrays tied to record lookup, validation, mutation, and response shaping.
delete	The milestone execution flow for a `delete`-type API. Contains action arrays for lookup, conditional deletion, side-effects, and cleanup.
get	The milestone execution flow for a `get`-type API. Contains actions that run at fixed read-only stages like parameter validation, access checks, and enrichment.
list	The milestone execution flow for a `list`-type API. Enables filtering, paging, sorting, and post-query actions such as formatting or permission-based shaping.

CreateBusinessWorkflow

MPO Version: 1.3.0

Defines the standard execution milestones for a create-type Business API. Each field represents a milestone (a fixed lifecycle stage), and its value is an ordered list of action ids executed by the API manager. These steps include all default, hardcoded logic (e.g., session handling, parameter extraction, DB insert) while leaving space for user-defined actions after each milestone. You can modify this workflow programmatically or visually.

interface CreateBusinessWorkflow = {
  afterStartBusinessApi : String[];
  afterReadParameters : String[];
  afterTransposeParameters : String[];
  afterCheckParameters : String[];
  afterCheckBasicAuth : String[];
  afterBuildDataClause : String[];
  afterMainCreateOperation : String[];
  afterBuildOutput : String[];
  afterSendResponse : String[];
  afterApiEvent : String[];
}

Field	Description
afterStartBusinessApi	Executed before everything just after the api is started by the controller. Context has just got the raw request object and the session object populated by the controller. Use this stage for fundemantal validations or to manüpulate the context before everything.
afterReadParameters	Triggered after all parameters are read from the request or Redis. Use this to perform early validation or context enrichment based on raw input.
afterTransposeParameters	Executed after parameters are normalized or transformed. Use this for logic that depends on preprocessed values (e.g., derived inputs or structure remapping).
afterCheckParameters	Runs after parameter validations complete. Use this for business logic checks or to raise field-specific errors (e.g., pricing thresholds, invalid combinations).
afterCheckBasicAuth	Fires after role and permission validations. Typically used to enforce fine-grained access checks or audit preparation logic.
afterBuildDataClause	Executed after the data clause object is constructed and before the actual create operation. Use this to inject additional fields or adjust payload structure.
afterMainCreateOperation	Runs immediately after the database insert operation completes. Ideal for events, side-effects, or chained actions based on the created record.
afterBuildOutput	Allows final shaping of the response payload before it is sent. You can inject, modify, or strip fields at this stage.
afterSendResponse	Triggered after the response is sent to the client. Use for post-response operations like analytics, logging, or delayed workflows.
afterApiEvent	Triggered after the Business API emits an API-level event (if configured). This is the final milestone in the API execution flow and is typically used for cleanup, async queues, or chained notifications that depend on event dispatch success.

UpdateBusinessWorkflow

MPO Version: 1.3.0

Defines the execution milestones for an update-type Business API, used to modify an existing record. Each field represents a fixed lifecycle milestone. Custom action ids placed under a milestone will be executed in order after that point. These workflows enable full customization of business logic without overriding default update behavior, and they support visual modeling of logic steps.

interface UpdateBusinessWorkflow = {
  afterStartBusinessApi : String[];
  afterReadParameters : String[];
  afterTransposeParameters : String[];
  afterCheckParameters : String[];
  afterCheckBasicAuth : String[];
  afterBuildWhereClause : String[];
  afterFetchInstance : String[];
  afterCheckInstance : String[];
  afterBuildDataClause : String[];
  afterMainUpdateOperation : String[];
  afterBuildOutput : String[];
  afterSendResponse : String[];
  afterApiEvent : String[];
}

Field	Description
afterStartBusinessApi	Executed before everything just after the api is started by the controller. Context has just got the raw request object and the session object populated by the controller. Use this stage for fundemantal validations or to manüpulate the context before everything.
afterReadParameters	Triggered after all parameters are read from the request or Redis. Use this to perform early validation or context enrichment based on raw input.
afterTransposeParameters	Executed after parameters are normalized or transformed. Use this for logic that depends on preprocessed values (e.g., derived inputs or structure remapping).
afterCheckParameters	Runs after parameter validations complete. Use this for business logic checks or to raise field-specific errors (e.g., pricing thresholds, invalid combinations).
afterCheckBasicAuth	Fires after role and permission validations. Typically used to enforce fine-grained access checks or audit preparation logic.
afterBuildWhereClause	Occurs once the main `WHERE` clause is generated for the query. Insert actions here to log or modify query conditions or add scoped audit logic. This where clause will be first used to fetch the instance to be updated.
afterFetchInstance	Fires after manager fetches the target record before it is updated and written to the context for pre-operation checks. Insert your own actions here to add your own checks or to mnanipulate default instance check which will be executed next.
afterCheckInstance	Triggered after the instance is dispatched and check for basic requirements like existence or ownership. Insert actions here to make your own checks on the instance that will be updated.
afterBuildDataClause	Executed after the update data clause object is constructed and before the actual update operation. Use this to inject additional fields or adjust payload structure.
afterMainUpdateOperation	Runs immediately after the database update operation completes. Ideal for events, side-effects, or chained actions based on the updated record.
afterBuildOutput	Allows final shaping of the response payload before it is sent. You can inject, modify, or strip fields at this stage.
afterSendResponse	Triggered after the response is sent to the client. Use for post-response operations like analytics, logging, or delayed workflows.
afterApiEvent	Triggered after the Business API emits an API-level event (if configured). This is the final milestone in the API execution flow and is typically used for cleanup, async queues, or chained notifications that depend on event dispatch success.

DeleteBusinessWorkflow

MPO Version: 1.3.0

Defines the execution milestones for a delete-type Business API, which removes or soft-deletes a single record. Each field corresponds to a lifecycle milestone. Custom actions inserted at any milestone are executed in order after that point. This enables fine-grained control over logic such as confirmation checks, permission gating, logging, or external integrations—without needing to override the default deletion behavior.

interface DeleteBusinessWorkflow = {
  afterStartBusinessApi : String[];
  afterReadParameters : String[];
  afterTransposeParameters : String[];
  afterCheckParameters : String[];
  afterCheckBasicAuth : String[];
  afterBuildWhereClause : String[];
  afterFetchInstance : String[];
  afterCheckInstance : String[];
  afterMainDeleteOperation : String[];
  afterBuildOutput : String[];
  afterSendResponse : String[];
  afterApiEvent : String[];
}

Field	Description
afterStartBusinessApi	Executed before everything just after the api is started by the controller. Context has just got the raw request object and the session object populated by the controller. Use this stage for fundemantal validations or to manüpulate the context before everything.
afterReadParameters	Triggered after all parameters are read from the request or Redis. Use this to perform early validation or context enrichment based on raw input.
afterTransposeParameters	Executed after parameters are normalized or transformed. Use this for logic that depends on preprocessed values (e.g., derived inputs or structure remapping).
afterCheckParameters	Runs after parameter validations complete. Use this for business logic checks or to raise field-specific errors (e.g., pricing thresholds, invalid combinations).
afterCheckBasicAuth	Fires after role and permission validations. Typically used to enforce fine-grained access checks or audit preparation logic.
afterBuildWhereClause	Occurs once the main `WHERE` clause is generated for the query. Insert actions here to log or modify query conditions or add scoped audit logic. This where clause will be first used to fetch the instance to be deleted.
afterFetchInstance	Fires after manager fetches the target record before it is deleted and written to the context for pre-operation checks. Insert your own actions here to add your own checks or to mnanipulate default instance check which will be executed next.
afterCheckInstance	Triggered after the instance is dispatched and check for basic requirements like existence or ownership. Insert actions here to make your own checks on the instance that will be deleted.
afterMainDeleteOperation	Runs immediately after the database delete operation completes. Ideal for events, side-effects, or chained actions based on the deleted record.
afterBuildOutput	Allows final shaping of the response payload before it is sent. You can inject, modify, or strip fields at this stage.
afterSendResponse	Triggered after the response is sent to the client. Use for post-response operations like analytics, logging, or delayed workflows.
afterApiEvent	Triggered after the Business API emits an API-level event (if configured). This is the final milestone in the API execution flow and is typically used for cleanup, async queues, or chained notifications that depend on event dispatch success.

GetBusinessWorkflow

MPO Version: 1.3.0

Defines the execution milestones for a get-type Business API, which retrieves a single record. Each milestone represents a predefined point in the API lifecycle. Action ids listed under a milestone will be executed in the given order immediately after that point is reached. This structure enables customized behaviors like access control, derived property enrichment, or API shaping without overriding core logic.

interface GetBusinessWorkflow = {
  afterStartBusinessApi : String[];
  afterReadParameters : String[];
  afterTransposeParameters : String[];
  afterCheckParameters : String[];
  afterCheckBasicAuth : String[];
  afterBuildWhereClause : String[];
  afterMainGetOperation : String[];
  afterCheckInstance : String[];
  afterBuildOutput : String[];
  afterSendResponse : String[];
  afterApiEvent : String[];
}

Field	Description
afterStartBusinessApi	Executed before everything just after the api is started by the controller. Context has just got the raw request object and the session object populated by the controller. Use this stage for fundemantal validations or to manüpulate the context before everything.
afterReadParameters	Executed after parameters are extracted from the request. This is the earliest milestone and is ideal for initial validation, normalization, or preprocessing.
afterTransposeParameters	Runs after parameter transformation, such as type coercion or merging Redis parameters. Use this stage to derive dependent values or reformat inputs.
afterCheckParameters	Triggered after core validations on required or custom parameters complete. Insert validation actions here to enforce business-specific input rules.
afterCheckBasicAuth	Executed after basic role and permission checks are performed. Use this for object-level access guards or dynamic access logic based on user roles.
afterBuildWhereClause	Occurs once the main `WHERE` clause is generated for the query. Insert actions here to log or modify fetch conditions or add scoped audit logic.
afterMainGetOperation	Runs immediately after the object is fetched from the database. This is the best point for enrichment actions like fetching related data or computing derived properties.
afterCheckInstance	Triggered after the response is dispatched. Use for non-blocking post-response actions like logging, analytics, or starting asynchronous flows.
afterBuildOutput	Executes after the response payload is constructed but before it is sent. Use this to adjust formatting, inject extra context, or remove sensitive fields.
afterSendResponse	Triggered after the response is dispatched. Use for non-blocking post-response actions like logging, analytics, or starting asynchronous flows.
afterApiEvent	Runs after the optional API-level event has been emitted. This is the final milestone and is ideal for actions that should occur after the workflow is complete.

ListBusinessWorkflow

MPO Version: 1.3.0

Defines the execution milestones for a list-type Business API, which returns a paginated set of records. Each field represents a fixed lifecycle milestone. Action ids added to a milestone will be executed in order after that point. This structure enables modular extension of logic for filtering, permission enforcement, data enrichment, and more—without overriding the main query behavior.

interface ListBusinessWorkflow = {
  afterStartBusinessApi : String[];
  afterReadParameters : String[];
  afterTransposeParameters : String[];
  afterCheckParameters : String[];
  afterCheckBasicAuth : String[];
  afterBuildWhereClause : String[];
  afterMainListOperation : String[];
  afterBuildOutput : String[];
  afterSendResponse : String[];
  afterApiEvent : String[];
}

Field	Description
afterStartBusinessApi	Executed before everything just after the api is started by the controller. Context has just got the raw request object and the session object populated by the controller. Use this stage for fundemantal validations or to manüpulate the context before everything.
afterReadParameters	Executed immediately after request and Redis parameters are read into context. Use this stage for early validations or transformations on raw inputs.
afterTransposeParameters	Runs after parameter reshaping or normalization logic. Use this for refining structured inputs or deriving helper values for downstream use.
afterCheckParameters	Executed after required and custom parameters have been validated. Place custom validation or cross-field logic actions here.
afterCheckBasicAuth	Runs after role-based access checks. Use this milestone to insert actions that enforce access based on session, membership, or other dynamic conditions.
afterBuildWhereClause	Triggered after the main query’s `WHERE` clause has been finalized. Insert logic here for audit logging or external query construction monitoring.
afterMainListOperation	Runs after the paginated list has been retrieved from the database. Use this milestone for data enrichment, parallel fetches, or computed fields.
afterBuildOutput	Executed after the response payload has been shaped. This is the best point to inject additional context, sanitize outputs, or apply output transformations.
afterSendResponse	Runs after the list result has been sent to the client. Use this for analytics, usage tracking, or triggering asynchronous actions.
afterApiEvent	Executed after the optional API-level event is published (if configured). This is the final milestone for clean-up or system-level broadcasting.

Was this page helpful?

Last updated 3 weeks ago

Built with Documentation.AI