Overview

SlashApi grammar has limits to running complex queries that clients can perform, for example:

  • Table unions
  • Complex joins
  • etc

SlashApi provides a custom query feature to allow clients to run this kind of queries.

Naming Parameter

SlashApi support parameters binding on your custom query to let you build more responsive and customizable query. So, you can pass any parameters to the underlying query.

SlashApi supports query parameters to help prevent SQL injection when queries are constructed using user input. This feature is only available with standard SQL syntax. Query parameters can be used as substitutes for arbitrary expressions.

To specify a named parameter, use the colon (:) character followed by an identifier, such as :param_name.

Example Query

For example, if you want to get records from your users table with specific id, your custom query will look like this:

SELECT name, email FROM users WHERE id = :id

And your API will look like this:

GET
<team>/<service>/<identifier>/_query/<your-custom-endpoint>?id=1

Another example

If you want to insert a record into your table using custom query.

INSERT INTO users(name, email) VALUES (:name, :email);

Your API will look like this:

POST
<team>/<service>/<identifier>/_query/<your-custom-endpoint>

Request Body

{
    "data": {
        "name": "Some name",
        "email": "some@email.test"
    }
}