Guide / API Generator
KO EN
html

API Generator

The API Generator allows administrators to create, edit, secure, and manage API endpoints connected to stored procedures. It can define route URLs, HTTP methods, request JSON schemas, parameter mapping, security policies, webhook settings, and execution guides for frontend or external system integration.

Use this feature when you want to expose controlled backend functionality as an API endpoint for websites, frontend applications, automation scripts, integrations, or external services.

Overview

The API Generator is composed of four major areas: API Management, Security Policies, API Edit, and Webhook / Execution Guide.

Area Description
API Management Search, filter, create, edit, and delete registered APIs.
Security Policies Register API Key or Bearer Token policies used to protect API calls.
API Edit Configure route URL, API name, stored procedure, request schema, parameter mapping, and operation settings.
Webhook Send API execution results to an external URL after the API runs.
Execution Guide Generate usage examples for curl, JavaScript, Axios, C#, ASP.NET MVC, Python, and API testing tools.

API Management

The API Management page lists all registered APIs. Administrators can search by API name or code, filter by status and security mode, change the page size, and create new APIs.

Main Buttons

Button Purpose
Security Policies Opens the policy management page where API Key or Bearer Token policies can be registered.
Create New Creates a new API definition.
Apply Applies the selected search and filter options.

Search and Filters

  • Search: Search by API name or API code.
  • Status: Filter APIs by active or inactive status.
  • Security: Filter APIs by security mode or policy type.
  • Page Size: Select how many records should be displayed per page.

API List

The API list displays registered API information such as ID, API name, route, method, stored procedure, security mode, and status. If no APIs have been registered, the system displays a message indicating that no APIs are available.

Security Policies

Security Policies define how API requests are authenticated. A policy can be used as a default policy or selected individually from an API.

Create Policy

Field Description
Policy Name Name used to identify the security policy.
Policy Type Security method, such as Shared Key or Bearer Token.
Header Name The HTTP header name that the client must send. Example: X-API-KEY.
Secret Value The security key or token value required by the API.
Is Default Determines whether this policy is used as the default API policy.
Is Active Determines whether the policy can be used.
Memo Optional notes or description for the policy.
Do not expose API keys or tokens publicly. Store them securely and rotate them when needed.

API Edit

The API Edit page is used to configure a single API endpoint. It includes basic API information, request and response settings, stored procedure parameters, operation settings, and webhook configuration.

Basic Information

Field Description
API Name Display name used to identify the API in the admin screen.
API Code Security code used in Per API Policy mode. When used, clients call the API with an API code header.
Route URL The route path used to call the API. Example: /customer/list.
HTTP Method The request method, such as POST or GET.
Stored Procedure Name The stored procedure connected to the API.
Description Optional description explaining the purpose of the API.

SP List

The SP List button opens the stored procedure list popup. After selecting a stored procedure, the system can generate the request JSON schema and parameter structure.

Request / Response Settings

This section defines how request data is received and mapped to stored procedure parameters.

Request JSON Schema

Defines the JSON structure expected by the API request.

{
    "Keyword": "",
    "IsActive": true
}

Parameter Map JSON

Maps request JSON values to stored procedure parameters.

{
    "@Keyword": "{{Keyword}}",
    "@IsActive": "{{IsActive}}"
}

Generate from SP

Generates the request JSON schema and parameter map from the selected stored procedure parameters.

SP Parameter Structure

This table displays the parameter structure of the selected stored procedure. It may include parameter name, data type, length, mode, and order.

Operation Settings

Operation Settings control how the API behaves when it receives requests.

Setting Description
Security Mode Determines how the API is protected. Common modes include Default Policy and Per API Policy.
Security Policy Selects a specific security policy when applicable.
Active Status Controls whether the API is enabled.
Public Controls whether the API is public.
Timeout Seconds Maximum execution time allowed for the API request.
Allow GET Allows GET calls using query string values, not only POST body calls.
Active API When checked, the API can receive user requests.
Allow GET Calls When checked, the API can be called through query string based GET requests.

Webhook

Webhook settings allow the system to send the API execution result to an external URL after the API runs. A webhook failure does not cause the original API response to fail.

Field Description
Use Webhook Enables or disables webhook delivery.
Webhook Method HTTP method used for the webhook request, usually POST.
Webhook URL External URL that receives the API execution result.
Webhook On Success Only When true, the webhook is sent only when the API execution succeeds.
Webhook Timeout Seconds Maximum waiting time for the webhook request.
Webhook Headers JSON Optional JSON object for additional HTTP headers.
Webhook Payload JSON Optional payload template. If empty, the system automatically generates the payload.

Webhook Headers Example

{
    "Authorization": "Bearer your-token",
    "X-SOURCE": "ApiGenerator"
}

Webhook Payload Example

{
    "apiName": "{{ApiName}}",
    "routeUrl": "{{RouteUrl}}",
    "success": {{Success}},
    "message": "{{Message}}",
    "traceId": "{{TraceId}}",
    "requestJson": {{RequestJson}},
    "responseJson": {{ResponseJson}}
}

Available Webhook Placeholders

  • {{ApiName}}
  • {{RouteUrl}}
  • {{Success}}
  • {{Message}}
  • {{TraceId}}
  • {{RequestJson}}
  • {{ResponseJson}}

API Execution Guide

The API Execution Guide is generated from the saved API settings. It provides call rules, runtime URL, security header information, request examples, and code examples.

Generated Example Types

  • Overview / Call Rules
  • curl
  • JavaScript fetch
  • Axios / jQuery
  • C# / HttpClient
  • ASP.NET MVC
  • Python / requests
  • Postman / Bruno

Recommended Workflow

  1. Open Admin > Site > API Generator.
  2. Click Security Policies and create a default API policy.
  3. Return to the API Management page.
  4. Click Create New.
  5. Enter the API name and route URL.
  6. Select the HTTP method.
  7. Select a stored procedure using SP List.
  8. Click Generate from SP to create request JSON and parameter mapping.
  9. Configure Operation Settings.
  10. Configure Webhook settings if needed.
  11. Save the API.
  12. Open Execution Guide and test the API using the generated examples.

Common Use Cases

Use Case Recommended Action
Create a frontend data API Create an API connected to a SELECT stored procedure and use JavaScript fetch or Axios.
Expose customer data securely Use a security policy and avoid public access unless required.
Trigger external automation Enable Webhook and send execution results to an external endpoint.
Allow browser testing Enable Allow GET only when query string based calls are acceptable.
Support external developers Use the Execution Guide to provide ready-to-use code examples.

Important Notes

  • Only trusted administrators should be allowed to create or edit APIs.
  • Always protect APIs with a security policy unless the API is intentionally public.
  • Do not expose sensitive stored procedures through public APIs.
  • Review request JSON and parameter mapping before saving.
  • Use timeout settings to prevent long-running API requests.
  • Use webhook only when the receiving URL is reliable and secure.
  • Rotate API keys or tokens periodically.

Troubleshooting

Problem Possible Cause Solution
API does not appear in the list The API may not have been saved or filters may be applied. Clear filters and check whether the API was saved successfully.
API returns unauthorized The required security header may be missing or incorrect. Check the policy header name and secret value.
Stored procedure does not run The procedure name or parameter mapping may be incorrect. Review the SP name, request JSON schema, and parameter map JSON.
GET call does not work Allow GET may be disabled. Enable Allow GET Calls if GET access is required.
Webhook is not sent Webhook may be disabled, URL may be invalid, or timeout may occur. Check Use Webhook, Webhook URL, timeout value, and webhook logs.
Execution guide shows old information The API settings may not have been saved after editing. Save the API and open the Execution Guide again.

Best Practices

  • Use clear API names and route URLs.
  • Use stored procedures designed specifically for API use.
  • Use POST for APIs that receive body JSON.
  • Enable GET only when the API is safe for query string based access.
  • Never place secret values in frontend JavaScript for public users.
  • Keep webhook payloads small and structured.
  • Test every API using the Execution Guide before sharing it with users or developers.
The API Generator can expose backend database operations as callable endpoints. Review security, stored procedure logic, and request mapping carefully before making an API active.