Skip to main contentCarbon Design System

Invoking script through Automation Script Handler

The REST API can support most customer use cases for retrieving or processing data, through simple configuration. Occasionally, there are scenarios where that is difficult to do with existing APIs. In those cases you can create a script and not a launch point and call it with either a GET or POST like:

Implicit variables

Variable nameDescription
requestOslcRequest representation of the request being made. This exposes important methods such as request.getQueryParam(“parameter”) and request.getHeader(“header”) to retrieve values provided as a query parameter or header respectively. You can also access the UserInfo by calling request.getUserInfo().
requestBodyA string representation of the data submitted on request (for POST/PATCH/PUT)
httpMethodWhether this was a GET, POST, PUT, etc. Can also be retrieved by calling request.getHttpMethod().
responseBodyThe script sets this as either a byte[] or String to return in the response. This is not required if you do not intend to return a response.
responseHeadersThe script can provide additional headers to this HashMap to return to the calling application.

Example script

# This example will change the user's default insert site based on the query parameter.
# This is different than setting it on the MAXUSER record because this updates for the current session.
from psdi.server import MXServer
if siteid and maxServer.isValidSite(siteid):

Call with a GET/POST request like:


Out of the box, any automation script can be called by an authenticated user via the REST API. There are two ways that this can be secured to restrict who can call these automation scripts.

Restrict the Script Handler

In the Object Structures application, under the More Actions open the “Add/Modify API Route” dialog. Filter for the name “script” and you should see two results (one for POST and one for GET requests). For each entry you can tie an application and option name that will require the user to have that specific permission to be able to use the script handler via the REST API. This will apply to all automation scripts. Script Handler Security

Restrict individual automation script

If you need more granular security (IE specific authorization for specific scripts) you can create two variables (authapp & authsigoption) on the automation script. These need to be a variable type of IN (or INOUT) with a binding type of LITERAL. Script Handler Variables