JavaScript Scripting
APXY supports custom JavaScript scripts that run against matched traffic to modify requests or responses. Scripts are executed in a goja runtime (an embedded JavaScript engine), giving you full programmatic control over traffic transformation.
Paid feature — requires a license with script editing capability.
Concepts
Each script has:
- A hook — when the script runs:
onRequest(before forwarding to the server) oronResponse(before returning to the client) - A match expression — a DSL expression that determines which traffic triggers the script
- Code — JavaScript that receives the request or response object and can modify it
CLI
apxy script add, list, remove, enable, and disable are documented in CLI Reference → Script.
Quick example:
apxy script add \
--name "add-auth-header" \
--file ./scripts/add-auth.js \
--hook onRequest \
--match "host == api.example.com"Web API
| Method | Endpoint | Description |
|---|---|---|
GET | /api/v1/scripts | List all scripts |
POST | /api/v1/scripts | Create a new script |
PUT | /api/v1/scripts/{id}/enable | Enable a script |
PUT | /api/v1/scripts/{id}/disable | Disable a script |
DELETE | /api/v1/scripts/{id} | Delete a script |
Use Cases
Add authentication headers
// add-auth.js
request.headers["Authorization"] = "Bearer " + env.API_TOKEN;
request.headers["X-Request-ID"] = crypto.randomUUID();Register the file with apxy script add --file ./add-auth.js --hook onRequest --match "host == api.example.com" (see Script reference for all flags).
Mask sensitive data in responses
Use onResponse scripts to rewrite bodies — for example replacing email patterns or JSON fields — with --hook onResponse and a path/host match.
Simulate latency for specific endpoints
Call sleep(ms) inside an onRequest hook for paths you want to slow down (see Script reference for runtime APIs available in goja).
Rewrite response data
Parse response.body as JSON, mutate fields, and assign back to response.body for targeted feature toggles or fixture data.