We will be at OWASP APPSEC EUROPE 2017 - Belfast! Let’s talk!MORE INFO

Help Center

Get to know more about our API, Code Annotations and Code Transformations

GraphQL request example

Lets suppose that we want to create a new application, add our own sources to that same application, request a protection and finally download the end result.

Creating the application

To create a new application we must use the createApplication mutation, we can either send a GET or POST request to api.jscrambler.com. Lets say the application is called “Hello world”, in that case the request payload would be the following:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
const payload = JSON.stringify({
params: {
data: {
name: 'Hello world',
parameters: JSON.stringify({
stringSplitting: {
status: 1
}
})
}
},
query: `
mutation createApplication ($data: ApplicationInput!) {
createApplication (data: $data) {
_id,
createdAt,
name,
parameters
}
}
`,
access_key: 'yourAccessKey',
signature: 'digestedSignature'
})

Here we’ve created the application and also enabled String Splitting.

Keep in mind that to create the signature field you must follow the steps described in here.

In this case the response would be a JSON containing:

1
2
3
4
5
6
7
8
9
10
{
"data":{
"createApplication":{
"_id": "56c33971cc5379857be577b8",
"createdAt": "Tue Feb 16 2016 16:00:01 GMT+0100 (CET)",
"name": "Hello world",
"parameters": "{\"stringSplitting\": {\"status\": 1}}"
}
}
}

Adding source code to the application

To add source code we can use the addSourceToApplication mutation. On this mutation we can send one single file or a zip file that will be unzipped on the server.

The content of the source code must be sent as a BASE64 string.

In this case we’ll send a simple index.js with the following content:

1
2
3
(function helloWord () {
console.log('Hello world!');
})();

The respective payload in JavaScript:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
const payload = JSON.stringify({
params: {
applicationId: '56c33971cc5379857be577b8'
data: {
content: 'data:text/javascript;base64,KGZ1bmN0aW9uIGhlbGxvV29yZCAoKSB7CiAgY29uc29sZS5sb2coJ0hlbGxvIHdvcmxkIScpOwp9KSgpOwo=',
extension: 'js',
filename: 'index.js',
size: 62
}
},
query: `
mutation addSourceToApplication ($applicationId: String!, $data: ApplicationSourceInput!) {
addSourceToApplication(applicationId: $applicationId, data: $data) {
_id,
filename,
content,
extension
}
}
`,
access_key: 'yourAccessKey',
signature: 'digestedSignature'
});

The JSON response:

1
2
3
4
5
6
7
8
9
10
11
12
{
"data": {
"addSourceToApplication": [
{
"_id": "56c34518e97f012849685c29",
"filename": "index.js",
"content": "(function helloWord () {\n console.log('Hello world!');\n})();\n",
"extension": "js"
}
]
}
}

Requesting a protection

To request a protection it’s pretty simple, just specify the applicationId on the createApplicationProtection mutation:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
const payload = JSON.stringify({
params: {
applicationId: '56c33971cc5379857be577b8'
},
query: `
mutation createApplicationProtection ($applicationId: String!) {
createApplicationProtection (applicationId: $applicationId) {
_id
}
}
`,
access_key: 'yourAccessKey',
signature: 'digestedSignature'
})

The JSON response:

1
2
3
4
5
6
7
{
"data":{
"createApplicationProtection":{
"_id": "56c34adebc4ee0b563f2da8d"
}
}
}

You could use the provided ID to poll the application protection status.

Grabbing the result

Keep in mind that the protection takes some time to end. You would probably want to poll the protection status and only download the result after the status is finished.

To download the result you just need to make a GET request to api.jscrambler.com/download/56c34adebc4ee0b563f2da8d?access_key=yourAccessKey&signature=digestedSignature.

The downloaded file will be a zip with an index.js with the transformed content:

1
2
3
(function helloWord () {
console.log('He' + 'll' + 'o ' + 'wor' + 'l' + 'd!');
})();