Transform Pipelines

Modify requests and responses at the gateway level without touching your backend code. Pipelines execute ordered actions with conditional logic and graceful error handling.

Overview

Each route can have a request pipeline and a response pipeline. Pipelines are arrays of actions executed in order. Each action has a name, optional targets, and optional conditions.

Pipelines are compiled on first use and cached in an LRU cache (10,000 entries, 5-minute TTL) for fast repeated execution.

Request Actions (10)

request.jwtClaimToHeader

Extract a JWT claim and inject it as a request header. Supports dot notation for nested claims (e.g., "user.role").

request.setHeader

Set or override a request header. Supports static values and context variables.

request.removeHeader

Remove a header from the request before forwarding.

request.setQueryParam

Add or override a URL query parameter.

request.removeQueryParam

Remove a query parameter from the URL.

renameField

Rename a JSON body field. Useful for API version compatibility.

setDefault

Set a default value for a field if it doesn't exist in the body.

stringTrim

Trim whitespace from string fields in the request body.

stringToLower

Convert string fields to lowercase.

request.xmlToJson

Convert an XML request body to JSON before forwarding to upstream. Supports namespace stripping, attribute extraction, and CDATA. XXE-safe, depth-limited.

Response Actions (8)

hideSensitiveData

Mask or remove sensitive fields from response JSON. Supports dot notation and wildcards (e.g., "users.*.ssn").

response.setHeader

Set or override a response header.

response.removeHeader

Remove a header from the response.

removeField

Remove a field from the response JSON body.

response.replaceString

Find and replace strings in the response body.

response.securityHeaders

Inject OWASP-recommended security headers (CSP, HSTS, X-Frame-Options, etc.).

addHeader

Append a header to the response (does not override existing values).

response.jsonToXml

Convert a JSON response body to XML before sending to the client. Supports custom root element, CDATA fields, indentation, and XML declaration. Automatically sets Content-Type: application/xml.

Configuration Example

Pipeline configuration is stored per-route as JSON:

{
  "request": [
    {
      "action": "request.jwtClaimToHeader",
      "config": {
        "claim": "sub",
        "header": "X-User-Id",
        "required": true
      }
    },
    {
      "action": "request.removeHeader",
      "targets": ["x-debug-token"],
      "condition": {
        "method": ["POST", "PUT"]
      }
    }
  ],
  "response": [
    {
      "action": "hideSensitiveData",
      "targets": ["users.*.ssn", "users.*.email"],
      "mask": "***REDACTED***"
    },
    {
      "action": "response.securityHeaders"
    }
  ]
}

Conditional Execution

Each action can have a condition object that filters when it runs:

  • method — Only run for specific HTTP methods (e.g., ["POST", "PUT"])
  • path — Only run for paths starting with a prefix (e.g., "/v2/")

If no condition is specified, the action runs for every request.

Error Handling

Pipelines use graceful degradation: if an action fails, it is logged but the pipeline continues executing the remaining actions. This ensures a single misconfigured action never breaks your entire API.

Plan Requirements

Transform Pipelines are available on Pro plans and above. Free and Starter plans do not include pipeline support.

Developer PortalCircuit Breakers