Navigation
  • Rules >
  • HTTP Service Rules

HTTP Service Rules

To use the HTTP Service, you must specify rules to enable its actions. The rule must evaluate to true for the action to be enabled. Actions can be configured to be always enabled by specifying an empty document for your rule, {} , which evaluates to true.

Service Configuration

Before applying service rules, you must add the HTTP service to your MongoDB Stitch application. For more information, see HTTP Service.

Specify a Rule

  1. Select the HTTP action(s) for which the rule applies.

  2. Specify a rule in valid JSON that evaluates to a boolean. The following are permitted in the rule document:

    {
      <field1>: <value1|expression1>,
      <field2>: <value2|expression2>,
      ...
    }
    

HTTP Service Arguments

To specify a rule based on arguments:

{
  "%%args.<argument1>": <value1|expression1>,
  "%%args.<argument2>": <value1|expression2>,
  ...
}

Or, you can omit the %%args prefix if you do not specify any expansion prefixes for the fields.

{
  "<argument1>": <value1|expression1>,
  "<argument2>": <value1|expression2>,
  ...
}

However, you cannot mix arguments with prefixes and arguments without prefixes in the same rule. For example, the following rule is invalid:

{
  "%%args.to": "text@example.com",
  "from": "someone@example.com",
  ...
}

The following arguments are permitted in HTTP service rules:

url

The url argument is a JSON document whose fields correspond to the components of a URL.

Given the URL of the form:

<scheme>://<host>/<path>?<query>#<fragment>

The url argument is a document with the fields:

{
   "scheme": <string>,
   "host": <string>,
   "path": <string>,
   "query": <string>,
   "fragment": <string>
}
  • The host can include the port.
  • The path includes the leading slash /.
  • The query excludes the question mark ?.
  • The fragment excludes the hash sign #.

That is, given the following URL as the argument to a GET action:

https://mongodb.example.net/api/v1.0/entity/foobar?status=OPEN&pageNum=2

The corresponding url document would contain:

{
   "scheme": "https",
   "host": "mongodb.example.net",
   "path": "/api/v1.0/entity/foobar",
   "query": "status=OPEN&pageNum=2"
}

headers

The headers argument is a document whose fields corresponds to the HTTP header fields and the corresponding values are an array of values (e.g. "Content-Type": [ "application/json" ]) for the request.

{
   "%%args.headers.<field>": <expression|value>
}

or

{
   "headers.<field>": <expression|value>
}

body

The body argument is a document that corresponds to the body of the HTTP request.

{
   "%%args.body": <expression|value>
}

or

{
   "body": <expression|value>
}

followRedirects

The followRedirects argument is a boolean that determines whether or not to follow redirects.

{
   "%%args.followRedirects": <boolean value|expression>
}

or

{
   "followRedirects": <boolean value|expression>
}

cookies

The cookies argument is a document with the cookie name and value pairs.

{
   "%%args.cookies": <document value>
}
{
   "cookies": <document value>
}

Or if specifying a rule on a particular cookie:

{
   "%%args.cookies.<field>": <expression|value>
}

or

{
   "cookies.<field>": <expression|value>
}

authUrl

The authUrl argument is a document that corresponds to the authURL for the HTTP request.

Given the auth URL is the following:

<scheme>://<host>/<path>?<query>#<fragment>

Then, the authURL argument is a document with the fields:

{
   "scheme": <string>,
   "host": <string>,
   "path": <string>,
   "query": <string>,
   "fragment": <string>
}
  • The host can include the port.
  • The path includes the leading slash /.
  • The query excludes the question mark ?.
  • The fragment excludes the hash sign #.

For example, given the following URL as the argument to a GET action:

https://sometest.example.com/api/oauth2/authorize?prompt=consent&response_type=code

The corresponding authURL document would contain:

{
   "scheme": "https",
   "host": "sometest.example.com",
   "path": "/api/oauth2/authorize",
   "query": "prompt=consent&response_type=code"
}

Examples

Example Rule with the url Argument

Actions When
get
patch
{
  "%%args.url.host" : "mongodb.example.net",
  "%%args.url.path" : "/api/v1.0/entity/foobar"
}

The HTTP rule ensures that applications can perform a GET or a PATCH when:

  • url host is "cloud.mongodb.com" and
  • url path is "/api/v1.0/entity/foobar"

Example Rule with the headers Argument

Actions When
patch
{
  "url.host" : "mongodb.example.net",
  "url.path" : "/api/v1.0/entity/foobar",
  "headers.Content-Type": "application/json"
}

The HTTP rule ensures that applications can only perform a PATCH action when the:

  • url host is "cloud.mongodb.com",
  • url path is "/api/v1.0/entity/foobar", and
  • content type is "application/json"

Example Rule with the body Argument

Actions When
patch
{
  "url.host" : "mongodb.example.net",
  "url.path" : "/api/v1.0/entity/foobar",
  "headers.Content-Type": "application/json",
  "body.name": { "%exists": 1 }
}

The HTTP rule ensures that applications can only perform a PATCH action when the:

  • url host is "mongodb.example.net",
  • url path is "/api/v1.0/entity/foobar",
  • content type is "application/json", and
  • body contains the field name.

Example Rule with the followRedirects Argument

Actions When
post
{
  "%%args.url.host" : "mongodb.example.net",
  "%%args.url.path" : "/api/v1.0/entity/foobar",
  "%%args.followRedirects": false
}

The HTTP rule ensures that applications can only perform a post action when the:

  • url host is "mongodb.example.net",
  • url path is "/api/v1.0/entity/foobar", and
  • followRedirects is false.

Example Rule with the cookies Argument

Actions When
get
{
  "url.host" : "mongodb.example.net",
  "url.path" : "/api/v1.0/entity/foobar",
  "cookies.language-selected": "python"
}

The HTTP rule ensures that applications can only perform a get action when the:

  • url host is "mongodb.example.net",
  • url path is "/api/v1.0/entity/foobar", and
  • cookie language-selected is "python"