Requests.
 API Server invokes these event handlers 
after
it receives the request but
before
it processes request/row mapping and reactive logic. 
Responses.
 API Server invokes these event handlers 
before
it sends the (successful) final result to the client.
HTTP Options.
 API Server recognizes Cross-Origin Resource Sharing (CORS) OPTIONS requests and invokes these event handler only for these requests.

With your API open, in the Manage section, click
Request Events
.
If your API does not have existing request and response event handlers, the Welcome to Request and Response Events page appears. If your API has existing request and response event handlers, they are listed on the Events page.
Complete one of the following:
If you have not defined any request and response event handlers, on the Welcome to Request and Response Events page, click 
Create Event
.
If you have at least one request and response event handler defined, click 
Add
.
Complete the following fields on the page, and then save your changes:
Event type
The type of event handler.
Options:
 Request, Response, HTTP Options
Default:
 Request
 
You can create only one HTTP Options event handler per API.
 
Event Handler name
The name for your event handler. 
CA Live API Creator
 invokes request and response event handlers in alphabetical order based on their name.
 
You can have
CA Live API Creator
invoke the event handler in a specific order by appending the event handler name with a number sequence.
 
Code
The operations for this event handler. For example:
if (“SalesResports” == req.resourceName) {
  //log.debug(‘***SalesReports Req Event - json: ' + json);
  var data = JSON.parse(json); // json from the request
  var theOrder = data[0];
  var keptItemNum = 0;
  var keptItems = [];
  log.debug(“theOrder: " + JSON.stringify(theOrder));
  for ( var i = 0; i < theOrder.Order_DetailsList.length; i ++) {
      var eachItem = theOrder.Order_DetailsList(i);
      delete eachItem[“@metadata”];
      if (eachItem.SupplierName == “Pavlova, Ltd.”) {
         delete eachItem.OrderID;
         delete eachItem.ProductID;
...
Active
Select to indicate that this event handler is active.

API Server performs initial authentication.
API Server invokes the request event handler for every transaction, with the following variables pre-defined:
Variable Name	Description
json	The raw JSON string that the client sends, if any. Set only for POST and PUT requests. You can modify this string.
req	The  req object. For more information about this object, see The req Object.
log	The logger for the current request.
headers	The headers sent as part of the HTTP request. Excludes authorization headers.
API Server establishes a connection to the database.
API Server parses the JSON payload.

// Reject all requests on SecretData if they do not use HTTPS
if ("SecretData" == req.resourceName && !req.clientUsesHttps) {
  log.error('SecretData was accessed over HTTP by ' + req.clientAddress);
  throw "Use HTTPS to access this resource";
}

// Remove extraneous data that the client sends but that is not needed.
if ( ! json) {
  // Only requests with a JSON payload are needed.
  return;
}
var data = JSON.parse(json);
if (Array.isArray(data)) {
  for (var i = 0; i < data.length; i++) {
    delete data[i].uselessData;
  }
}
else {
  delete data.uselessData;
}
// Important: Serialize the data back to a string if you want to change it
json = JSON.stringify(data);

json

json

statusCode

txsummary

rulesummary

JSON.stringify()

req

req

response

response

log

SysUtility

// Remove all @metadata sections from the response for a specific table/resource
// Note: This would make it difficult for the client to update the data, but this is only an example.
// This only deals with top-level resources. To remove all
// @metadata sections from a complex resource, use recursion.
// An attribute 'TheVerb' is added to each array object or the single object
// with the name of request verb - GET, PUT, POST, PATCH, DELETE
// get the name used for metadata (configurable by project).
// You CAN convert from the Java string value to a JavaScript string object here
   var metadataName = "@metadata";
   if (Array.isArray(json)) {
      // If the response is an array of objects
   for (var i = 0; i < json.length; i++) {
     delete json[i][metadataName];
     json[i].txsummary && delete json[i].txsummary[0][metadataName];
     // You MUST convert to native JavaScript string
     json[i].TheVerb = req.verb;
   }
  }
  else {
   // The response is a single object
   delete json[metadataName];
   json.txsummary && delete json.txsummary[0][metadataName];
   json.TheVerb = req.verb;
 }

About resource object/attribute aliases matching partner expectations, see Logic Patterns.
About the Sample database, see Sample Database.

amount_total

purchaseorders

// for a GET to an employee, add any PURCHASEORDERS where the employee is a sales rep
     if ("GET" == req.verb && "demo:employee" == req.resourceName) {
        var ordersAsSalesRep = [];
        for (var i = 0; i < json.length; i++ ) {
       // want purchase orders for this employee as sales rep
       // top thirty purchase orders by amount_total
       var detail = {
         filter: '"salesrep_id" = ' + json[i].employee_id ,
         order: '"amount_total" desc',
         pagesize: 10,
         offset: 0
       };
     if(json[i].employee_id) {
       ordersAsSalesRep = SysUtility.getResource("PurchaseOrders", detail);
       json[i].ordersAsSalesRep = ordersAsSalesRep;
     }
   }
  }

// for a PUT (perhaps to update the name) of one or more employees
// add the picture into the result
    if ("PUT" == req.verb && "demo:employee" == req.resourceName) {
      var txsummary = json.txsummary;
      for (var i = 0, len = txsummary.length; i < len; i += 1) {
        var meta = txsummary[i]["@metadata"];
        if ("UPDATE" == meta.verb && "demo:employee" == meta.resource) {
          var detail = { filter: '"employee_id" = ' + txsummary[i].employee_id };
          var picInfo = SysUtility.getResource("the_employee_picture", detail);
          if (picInfo && picInfo.length > 0) {
            txsummary[i].the_picture = picInfo[0].picture;
          }
        }
      }
    }

About CORS OPTIONS preflight requests, see the Mozilla website.
About security in 
CA Live API Creator
, see Security.

return {
  "Access-Control-Allow-Methods" : "GET,PUT,POST,DELETE",
  "Access-Control-Allow-Origin" : "https://internal.acme.com,https://safe.acme.com",
  "Access-Control-Allow-Headers" : "authorization,content-type,accept,x-requested-with,X-CALiveAPICreator-ResponseFormat",
  "Access-Control-Max-Age" : 2400 ,
  "HTTPStatusCode" : 200
};

Define a new 

MyResource

 JavaScript resource, for example:

return { Happy: ['New', 'Year']};

For more information about how to explicitly define a JavaScript resource in API Creator, see Define JavaScript Resource Types.

In the REST Lab, view the result by performing a GET request, which is a different formatting of the previous JSON. Complete the following steps:

Ensure that you are functioning by defining a simple response event handler that includes the following code:

// MUST be an object or an array, if not, it is coerced into one (and probably NOT what you want)
if ('GET' == req.verb && 'MyResource' == req.resourceName) {
  json = ["I got what I expected"];
}
else {
  // this is returned on ALL other requests, make sure you delete this !!!
  json = ["Not what I wanted"];
}

Change to a more specific handler without the else condition:

// Note double equals, as you are comparing JavaScript strings with java.lang.String objects
if ('GET' == req.verb && 'MyResource' == req.resourceName) {
  json = SysUtility.getResource('demo:customer');
}

demo:customer

//header names are usually lowercase
var contentType = headers["content-type"];

var NewCookie = Java.type("javax.ws.rs.core.NewCookie");
var cookie = new NewCookie("MyCookie", "My cookie value");
response.cookie(cookie);
response.header("X-my-special-header", "My header value");
response.status(299);