Vyndara Virtual Rest
Overview
Vyndara Virtual REST is a dynamic, per-tenant API layer that allows organizations to define custom REST endpoints at runtime — no code required. These endpoints behave like native Go REST handlers and integrate into the existing API routing system without special prefixes.
Virtual REST endpoints:
- Use normal-looking paths like /api/clients/open
- Are resolved by the tenant ID passed in the request header (and also might be on application layer X-V-Application + X-Vyndara-O-ID)
- Support filters, sorting, field transformations, and optional logic execution
- Might be included into OpenAPI Clients for better usage
- Can return real-time results from entity definitions (jsonb-backed) stored per tenant
Request Shape
- Endpoint URL:
/api/{custom-path}
- Tenant Resolution: Via HTTP header: X-Vyndara-O-ID:
<organization-id>
- Authentication: JWT
Capabilities
Feature | Description |
---|---|
Custom Paths | Define arbitrary REST-style endpoints like /clients/active |
Tenant-Specific | Every tenant can define their own set of endpoints |
Entity Binding | Bind endpoint to an existing EntityDefinition |
Filtering | Filter using simple rules or full AQL |
Sorting | Sort by one or multiple fields |
Field Shaping | Select and optionally rename fields |
Transform Logic | Optional JS/Go-safe script for result transformation |
Caching | Optional per-endpoint or per-query caching |
Permissions | Public, token-based, or role-based access |
OpenAPI Integration | Virtual endpoints are included in tenant-specific OpenAPI specs |
Example
Input Definition (stored in DB)
{
"path": "/client-board",
"method": "GET",
"entity": "monday",
"filter": "status = 'active' AND archived = false",
"sort": ["priority desc"],
"fields": {
"title": "name",
"owner": "assignedTo",
"due": "dueDate"
},
"auth": "token",
"transform": "return { ...input, overdue: input.due < now() };"
}
Incoming Request
GET /api/client-board
X-Vyndara-O-ID: acme-corp
Authorization: Bearer ...
Response
[
{
"name": "Launch Site",
"assignedTo": "Alice",
"dueDate": "2025-04-08",
"overdue": false
},
{
"name": "Send Contracts",
"assignedTo": "Bob",
"dueDate": "2025-04-02",
"overdue": true
}
]
Runtime Workflow
- Request received by Go router.
- Static route check — if not found, fall back to Virtual REST resolver.
- Resolver matches:
- method = GET
- path = /client-board
- tenant_id = acme-corp
- Fetches data via internal AQL query engine.
- Applies:
- Filter
- Sorting
- Field shaping
- Optional transform script (sandboxed)
- Returns final response.
Transform Execution
- Transforms are sandboxed scripts (go).
- Secure by default: no I/O, no external calls.
- Can modify or reshape results, e.g.:
return {
name: input.title.toUpperCase(),
overdue: input.due < now()
};
OpenAPI Integration
It should support openapi client generation with virtual rest. Its not planned out how until now.
Future Features
- GET, PUT, POST, PATCH, and DELETE methods
- Input validation schema per endpoint
- Business Flow triggering on Virtual REST calls
- UI designer for endpoint creation
- Endpoint versioning (/api/v2/...)
- External service fetch hooks
- Multi-entity joins and relations
Security
- All Virtual REST endpoints are scoped per tenant
- Transform scripts are sandboxed
- Optional rate limiting and caching
- Auth settings per endpoint: public, token, role-based
Summary
Vyndara Virtual REST is designed to make every tenant a first-class API builder — with no code deployments and no engineering support required. It empowers non-technical users to expose, filter, and shape their business data securely and efficiently via clean REST endpoints, indistinguishable from native APIs.