The /mix
API endpoint lets us construct URLs with very specific and flexible behaviours. The /mixer
is a small and convenient UI to help with creating such /mix
URLs.
This document is both and introduction, and a reference for the directives available.
This is best illustrated with examples. Consider the following URL:
https://httpbun.com/mix/s=401
This URL responds with the status 401
, exactly like the /status/401
endpoint. Now consider
this:
https://httpbun.com/mix/s=200/h=x-custom-key:some-value
This URL responds with the status 401, and with the response header X-Custom-Key: some-value
as
well. Such flexibility isn’t possible with the /status
endpoint, or any other endpoint.
In the URLs above, the s=
and h=
, are termed directives. There’s several directives
supported by /mix
today. They can all be used together with each other, producing surprisingly
versatile and useful endpoints. For another example:
http://localhost:3090/mix/s=401/h=content-type:text%2Fhtml/b64=PHNjcmlwdD5hbGVydCg0Mik8L3NjcmlwdD4=
This URL responds with status 401
, content type as text/html
, and the response body
containing just <script>alert(42)</script>
in it. This URL is suddenly handy to test an API
client’s XSS protection from such responses.
s
/s=200
, or /s=200,400,500
.
This is the status
directive. It can take a single status number, like 200
,
400
etc., and the /mix
URL will respond with that status code. This can also be a CSV of
multiple numbers, like 200,400,500
, in which case the response status will be a random choice among
them.
h
/h=key:value
.
h=content-type:text%2Fhtml
.
This is for adding headers to the response. The header key and value must be separated by a :
. Any
special characters, especially /
and :
, must be URL encoded. For example, if wanted
text/html
as the header value, we have to use text%2Fhtml
in the /mix
URL.
The Mixer UI can handle this encoding automatically.
c
/c=name:value
.
/c=email:me%40example.com
.
The response will set a cookie, with given name and value. Essentially, this works by sending a Set-Cookie:
name=value; Path=/
header in the response. Nothing that can’t already be achieved with the h
directive, but this exists for convenience.
cd
/cd=name
.
/cd=email
.
Deletes the cookie with the given name. Essentially, this works by sending a Set-Cookie
header with this
name, and expiry date set to 1-Jan-1970, so the cookie will be immediately deemed expired, and generally deleted by
clients.
r
/r=encoded-url-here
.
/r=https%3A%2F%2Fsharats.me
.
Responds with a redirect to the given URL. This is the same as /mix/s=301/h:Location=url-here
, but
exists for the convenience. To control the response states used, use a separate s
directive method
instead.
d
/d=number-of-seconds
.
/d=10
.
Delays response from the server by given number of seconds. Decimal point values are allowed. Must be between 0 and 10.
b64
/b64=body-base64-encoded
.
/b64=aGVsbG8=
.
The body of the response will be the base64-decoded content of the given value. The given value has to be
valid base64-encoded data, including trailing =
if applicable.
t
/t=golang-text-template-base64-encoded
.
/t=e3siSGVsbG8gdGhlcmUhIn19
.
The given value is base64-decoded, and the result is expected to be a valid Golang text template. This template will be rendered, and the result will be the response body.
This is a very powerful directive, and offers rich and creative ways of constructing the response body. This directive is very much beta, and the API is subject to change (or disappear) with little notice.
slack
/slack=
.
This directive should be set to the "token" part of a Slack webhook URL, after being URL encoded. Or when using the mixer, just enter the Slack webhook URL.
If provided, the full request will be sent as a message to Slack. This provides functionality like a RequestBin. For
example, if we use a /mix
URL as the webhook endpoint on any service, we can get a nice log of all
requests made to it on Slack.
Note that Slack webhook URLs should be treated like secrets, like passwords. In that sense, /mix
URLs
that us the slack
directive, should also be treated like passwords. Exercise prudence.
end
/end
.
This directive is unlike the others. It doesn’t take a value after an =
sign, and it indicates the end
of directive processing. For example, in /s=400/end/d=5
, the response status will be 400, but a delay
of 5s won’t be applied. But in /s=400/d=5/end
, both status and delay will be applicable in the response
behaviour.
This directive is useful when we have to submit a URL to a client, that then appends more path to the end of it, which we want Httpbun to ignore.
This is the reference for APIs available in the t
directive. Note that the whole
t
directive itself, is very beta, very up-in-the-air, and may even disappear one day. It’s an
experiment only, for now.
seq
A function that produces a list of sequential numbers. Can take one, two or three numeric parameters.
0
(including) to the given number (excluding),
incremented by 1
. Example: seq 5
→ [0 1 2 3 4]
.
1
if first < second
or -1
otherwise.
Example:seq 3 7
→ [3 4 5 6]
.
seq 2 13 3
→ [2 5 8 11]
.
Each item in the returned list is an object, with the following keys:
N
: the number represented by this item in the generated list.
IsFirst
: If this item is the very first item in the generated list, this is true
.
IsLast
: Similar to above, but for the very last item.
toJSON
Takes a single argument, of any type, and attempts to serialise it to JSON. Returns the JSON string.
{{seq 3 | toJSON}}
Produces:
[
{
"N": 0,
"IsFirst": true,
"IsLast": false
},
{
"N": 1,
"IsFirst": false,
"IsLast": false
},
{
"N": 2,
"IsFirst": false,
"IsLast": false
}
]