API Reference
Complete reference of all Xano SDK methods organized by category.
Core Methods
XanoScript.create
Create a new endpoint builder.
| Parameter | Type | Description |
|---|---|---|
name | string | Endpoint name (e.g., ‘users/list’) |
method | string | HTTP method (GET, POST, PUT, DELETE, PATCH) |
const endpoint = XanoScript.create('products/list', 'GET').description
Add endpoint description.
| Parameter | Type | Description |
|---|---|---|
text | string | Description text |
.description('List all products with pagination').requiresAuth
Require authentication for this endpoint.
| Parameter | Type | Description |
|---|---|---|
table | string | User table name (without quotes) |
.requiresAuth('users')Input Methods
.input
Define an input parameter.
| Parameter | Type | Description |
|---|---|---|
name | string | Input parameter name |
type | string | Data type (text, int, bool, email, password, object, json, decimal, timestamp) |
options | object | Options: required, default |
.input('email', 'email', { required: true })
.input('page', 'int', { default: 1 })
.input('data', 'object')Database Methods
.dbGet
Get a single record by field value.
| Parameter | Type | Description |
|---|---|---|
table | string | Table name (quoted) |
filters | object | Single field filter |
alias | string | Variable name to store result |
.dbGet('"users"', { id: '$input.user_id' }, 'user').dbQuery
Query multiple records with advanced options.
| Parameter | Type | Description |
|---|---|---|
table | string | Table name (quoted) |
options | object | Query options (filters, pagination, sort, search) |
alias | string | Variable name to store results |
.dbQuery('"products"', {
search: '$input.search',
filters: { status: 'active' },
pagination: { page: '$input.page', per_page: 20 },
sort: { field: 'created_at', direction: 'desc' }
}, 'results').dbAdd
Create a new record.
| Parameter | Type | Description |
|---|---|---|
table | string | Table name (quoted) |
data | object | Record data |
alias | string | Variable name to store created record |
.dbAdd('"users"', {
email: '$input.email',
first_name: '$input.first_name',
created_at: 'now'
}, 'new_user').dbEdit
Update existing records.
| Parameter | Type | Description |
|---|---|---|
table | string | Table name (quoted) |
filters | object | Filter to match records |
data | object | Updated data |
alias | string | Variable name to store updated record |
.dbEdit('"users"',
{ id: '$auth.id' },
{ last_login: 'now' },
'updated_user'
).dbDelete
Delete records.
| Parameter | Type | Description |
|---|---|---|
table | string | Table name (quoted) |
filters | object | Filter to match records |
alias | string | Variable name to store deleted count |
.dbDelete('"sessions"', { user_id: '$auth.id' }, 'deleted_count').dbBulkAdd
Add multiple records in one operation.
| Parameter | Type | Description |
|---|---|---|
table | string | Table name (quoted) |
items | string | Variable containing array of records |
options | object | Options: allowIdField |
alias | string | Variable name to store created records |
.dbBulkAdd('"products"', '$input.products', {
allowIdField: true
}, 'created').dbBulkUpdate
Update multiple records.
| Parameter | Type | Description |
|---|---|---|
table | string | Table name (quoted) |
items | string | Variable containing array of records with ids |
alias | string | Variable name to store updated count |
.dbBulkUpdate('"products"', '$input.updates', 'updated_count').dbBulkDelete
Delete multiple records matching a condition.
| Parameter | Type | Description |
|---|---|---|
table | string | Table name (quoted) |
searchCondition | string | Search condition expression |
alias | string | Variable name to store deleted count |
.dbBulkDelete('"sessions"', 'expires_at < now()', 'deleted_count')Security Methods
.hashPassword
Hash a password securely.
| Parameter | Type | Description |
|---|---|---|
input | string | Plain text password |
alias | string | Variable name to store hash |
.hashPassword('$input.password', 'password_hash').verifyPassword
Verify a password against a hash.
| Parameter | Type | Description |
|---|---|---|
input | string | Plain text password |
hash | string | Stored password hash |
alias | string | Variable name to store boolean result |
.verifyPassword('$input.password', '$user.password', 'is_valid').createToken
Generate a JWT token.
| Parameter | Type | Description |
|---|---|---|
payload | object | Data to embed in token |
expiry | number | Time to live in seconds |
alias | string | Variable name to store token |
.createToken({
user_id: '$user.id',
role: '$user.role'
}, 86400, 'auth_token').verifyToken
Verify a JWT token.
| Parameter | Type | Description |
|---|---|---|
token | string | Token to verify |
alias | string | Variable name to store verification result |
.verifyToken('$input.token', 'token_data').createUuid
Generate a unique identifier.
| Parameter | Type | Description |
|---|---|---|
alias | string | Variable name to store UUID |
.createUuid('transaction_id').randomNumber
Generate a random number.
| Parameter | Type | Description |
|---|---|---|
min | number | Minimum value (inclusive) |
max | number | Maximum value (inclusive) |
alias | string | Variable name to store result |
.randomNumber(100000, 999999, 'verification_code')API Methods
.apiRequest
Make an HTTP request to an external API.
| Parameter | Type | Description |
|---|---|---|
url | string | API endpoint URL |
method | string | HTTP method (GET, POST, PUT, DELETE, PATCH) |
options | object | Request options (headers, params, body, timeout) |
alias | string | Variable name to store response |
.apiRequest(
'https://api.example.com/data',
'POST',
{
headers: [
{ key: 'Authorization', value: 'Bearer $api_key' },
{ key: 'Content-Type', value: 'application/json' }
],
body: { data: '$input.data' }
},
'api_response'
).graphqlRequest
Make a GraphQL query.
| Parameter | Type | Description |
|---|---|---|
url | string | GraphQL endpoint URL |
query | string | GraphQL query string |
variables | object | Query variables |
headers | array | Request headers |
alias | string | Variable name to store response |
.graphqlRequest(
'https://api.example.com/graphql',
'query GetUser($id: ID!) { user(id: $id) { name email } }',
{ id: '$input.user_id' },
[{ key: 'Authorization', value: 'Bearer $token' }],
'graphql_response'
).lambda
Execute JavaScript code.
| Parameter | Type | Description |
|---|---|---|
code | string | JavaScript code to execute |
timeout | number | Timeout in seconds |
alias | string | Variable name to store result |
.lambda(`
const total = data.items.reduce((sum, item) => sum + item.price, 0);
return { total: total };
`, 10, 'calculation')Storage Methods
.createImage
Upload and store an image.
| Parameter | Type | Description |
|---|---|---|
access | string | Access level (‘public’ or ‘private’) |
value | string | Image data |
filename | string | Filename to save as |
alias | string | Variable name to store file info |
options | object | Processing options (resize, quality, format) |
.createImage(
'public',
'$input.photo',
'profiles/$auth.id.jpg',
'uploaded_image',
{
resize: { width: 800, height: 600, fit: 'cover' },
quality: 85
}
).createVideo
Upload and store a video.
| Parameter | Type | Description |
|---|---|---|
access | string | Access level (‘public’ or ‘private’) |
value | string | Video data |
filename | string | Filename to save as |
alias | string | Variable name to store file info |
options | object | Processing options |
.createVideo(
'private',
'$input.video',
'videos/$auth.id.mp4',
'uploaded_video'
).createAttachment
Upload and store a document or file.
| Parameter | Type | Description |
|---|---|---|
access | string | Access level (‘public’ or ‘private’) |
value | string | File data |
filename | string | Filename to save as |
alias | string | Variable name to store file info |
.createAttachment(
'private',
'$input.document',
'documents/$auth.id/$timestamp.pdf',
'uploaded_doc'
).deleteFile
Delete a stored file.
| Parameter | Type | Description |
|---|---|---|
fileId | string | File ID to delete |
alias | string | Variable name to store deletion result |
.deleteFile('$user.profile_photo_id', 'deleted')Control Flow Methods
.conditional
Start a conditional block.
| Parameter | Type | Description |
|---|---|---|
condition | string | Boolean expression |
.conditional('$user.role == "admin"')
.then()
.var('has_access', 'bool', true)
.else()
.var('has_access', 'bool', false)
.endConditional().precondition
Validate a condition and stop execution if false.
| Parameter | Type | Description |
|---|---|---|
condition | string | Boolean expression |
errorMessage | string | Error message if condition fails |
.precondition('$user != null', 'User not found')
.precondition('$input.amount > 0', 'Amount must be positive').forEach
Loop through an array.
| Parameter | Type | Description |
|---|---|---|
array | string | Array variable |
itemAlias | string | Variable name for current item |
.forEach('$input.items', '$item')
.var('total', 'int', '$total + $item.price')
.endForEach().for
Execute a loop a specific number of times.
| Parameter | Type | Description |
|---|---|---|
iterations | string | Number of iterations |
indexAlias | string | Variable name for loop index |
.for('10', '$i')
.var('squared', 'int', '$i * $i')
.endFor().while
Execute a loop while a condition is true.
| Parameter | Type | Description |
|---|---|---|
condition | string | Boolean expression |
.while('$counter < 10')
.var('counter', 'int', '$counter + 1')
.endWhile()Variable Methods
.var
Declare and assign a variable.
| Parameter | Type | Description |
|---|---|---|
name | string | Variable name |
type | string | Data type (text, int, bool, object, array, decimal) |
value | any | Variable value |
.var('total', 'decimal', '$price * $quantity')
.var('is_valid', 'bool', '$user != null && $user.active')
.var('config', 'object', { timeout: 5000, retries: 3 }).filter
Apply text transformations.
| Parameter | Type | Description |
|---|---|---|
input | string | Input value |
filters | array | Array of filter names |
alias | string | Variable name to store result |
.filter('$input.email', ['trim', 'lower'], 'clean_email')
.filter('$input.name', ['trim', 'capitalize'], 'formatted_name')Available filters: trim, lower, upper, capitalize, replace, substr
.arrayPush
Add an item to an array.
| Parameter | Type | Description |
|---|---|---|
array | string | Array variable |
value | any | Value to add |
.var('results', 'array', [])
.arrayPush('$results', '$item')Response Methods
.response
Set the endpoint response.
| Parameter | Type | Description |
|---|---|---|
data | object | Response data |
.response({
user: '$user',
token: '$auth_token',
message: 'Login successful'
}).return
Early return from a conditional block.
| Parameter | Type | Description |
|---|---|---|
value | any | Value to return |
.conditional('$user == null')
.then()
.return({ error: 'Not found' })
.endConditional()Build Method
.build
Build the endpoint and generate XanoScript.
Returns an object with:
script- Generated XanoScript codemetadata- Endpoint metadata
const endpoint = XanoScript.create('users/list', 'GET')
.description('List users')
.input('page', 'int', { default: 1 })
.dbQuery('"users"', {
pagination: { page: '$input.page', per_page: 20 }
})
.response({ users: '$results.items' })
.build();
console.log(endpoint.script);Next Steps
- Database Operations - Learn database methods in depth
- API Integration - Master external API calls
- Security & Auth - Implement authentication
- Storage & Files - Handle file uploads
- Recipes - See complete examples