Skip to main content

Introduction

The API primitive lets you define REST endpoints using XanoScript. Each API corresponds to an endpoint you could create in Xano’s visual builder — but expressed in code. APIs will typically:
  • Declare their name and HTTP verb
  • Accept inputs
  • Run one or more operations in a stack
  • Return a response

Anatomy

Every XanoScript API follows a predictable structure. Here’s a quick visual overview of its main building blocks — from declaration at the top to settings at the bottom.

You can find more detail about each section by continuing below.

Declaration

Every API starts with a declarative header that specifies its type, name, and HTTP verb.
XanoScript
query <api_name> verb=<VERB> {
description = "<what this API does>"
...
}
ElementRequiredDescription
queryDeclares an API primitive.
api_nameThe unique path for the endpoint (e.g., auth/signup).
verbHTTP verb to use (GET, POST, PUT, etc.).
descriptionnoOptional human-readable description of the endpoint.

Section 1: Inputs

The input block defines the data that will be sent to the API. You can declare types, optionality, and filters:

Hover over this image to see the XanoScript version

For each input, you can:
  • Declare its type (text, email, password, etc.)
  • Mark it as optional (?)
  • Apply filters (filters=trim|lower)

Learn more about the available data types

Section 2: Stack

The stack block contains the actual logic that will be executed when the API is called.

Hover over this image to see the XanoScript version


Each block inside stack corresponds to a function available in Xano’s visual builder:
  • db.get — Fetch a record from the database
  • precondition — Guard execution with a condition
  • db.add — Insert a new record into the database
  • security.create_auth_token — Generate an authentication token
The syntax mirrors how you’d configure these functions visually, but expressed textually. The actual behavior is the same — refer to the function’s existing docs for complete details.

Review all available functions and their XanoScript in the function reference

Section 3: Response

The response block defines what data your API returns:

Hover over this image to see the XanoScript version

  • The value assignment determines the JSON returned to the client.
  • Variables captured in the stack (e.g., $authToken) can be returned here.

Settings

API primitives support several optional settings that control authentication, tagging, caching, and version history. These settings are defined at the root level of the API block, after the input, stack, and response blocks. They affect how the endpoint behaves, how it’s documented, and how responses are cached.
SettingTypeRequiredDescription
descriptionstringnoA human-readable description of the API. Appears in the builder and documentation.
authstringnoSpecifies the authentication level required for this endpoint.
tagsarray[string]noA list of tags used to categorize and organize the API in your workspace.
historyobjectnoConfigures version inheritance and history behavior. {inherit: true} allows this API to inherit history settings from the workspace.
cacheobjectnoConfigures caching behavior for this API. See below for supported fields.
The cache block configures caching behavior for the API:
FieldTypeDescription
ttlnumber (seconds)Time-to-live for cache entries. A value of 0 disables caching.
inputbooleanWhether the request body and query parameters are factored into the cache key.
authbooleanWhether authentication state (e.g., user ID) is included in the cache key.
datasourcebooleanWhether the datasource context is factored into the cache key.
ipbooleanWhether the request IP address is included in the cache key.
headersarray[string]A list of headers whose values should be included in the cache key.
envarray[string]A list of environment variables whose values should be included in the cache key.

Detailed Example

Below, you’ll see a complete example of a typical signup API endpoint.
XanoScript
query auth/signup verb=POST {
  description = "Signup and retrieve an authentication token"
  
  input {
    text name?
    email email? filters=trim|lower
    text password?
  }

  stack {
    db.get user {
      field_name = "email"
      field_value = $input.email
    } as $user

    precondition ($user == null) {
      error_type = "accessdenied"
      error = "This account is already in use."
    }

    db.add user {
      data = {
        created_at: "now"
        name      : $input.name
        email     : $input.email
        password  : $input.password
      }
    } as $user

    security.create_auth_token {
      table = "user"
      extras = {}
      expiration = 86400
      id = $user.id
    } as $authToken
  }

  response {
    value = {authToken: $authToken}
  }

  history = {inherit: true}
}

What’s Next

Now that you understand how to define APIs in XanoScript, here are a few great next steps:

Explore the function reference

Learn about the built-in functions available in the stack to start writing more complex logic.
https://mintlify.s3.us-west-1.amazonaws.com/xano-997cb9ee/images/vscode.svg

Try it out in VS Code

Use the XanoScript VS Code extension with Copilot to write XanoScript in your favorite IDE.

Learn about Custom Functions

They work just like APIs, but let you create reusable logic, and are a great next step when learning XanoScript.
I