Solutions
By Need
JavaScript Protection
Magecart Mitigation
Mobile App Protection
Data Leakage Prevention
Third Party Control
Customer Hijacking Prevention
User Data Protection & Compliance
By Sector
Financial Services
IT & Software
E-Commerce
Healthcare
Media & OTT
Gaming & Gambling
Products
Code Integrity
Application Shielding
Runtime Protection
JavaScript Threat Monitoring
Webpage Integrity
Webpage Inventory
Third Party Management
User Data Management
Webpage Threat Mitigation
Resources
Partners
Docs
Blog
Learning Hub
Help Center > Code Integrity > Documentation > API > GraphQL Request Example

GraphQL Request Example

Let's suppose that we want to create a new Application, add our own sources to that same Application, request a Protection and finally download the end result.

Creating an Application

To create a new application we must use the createApplication mutation, we can either send a GET or POST request to Jscrambler's API. Use api4.jscrambler.com as host and /application as path.

Let's say the application is called "Hello world", in that case, the request payload would be the following:

const payload = JSON.stringify({
  params: {
    data: {
      name: 'Hello world',
      parameters: JSON.stringify([
        { "name": "stringSplitting", "status": 1 }
      ])
    }
  },
  query: `
    mutation createApplication ($data:  ApplicationCreate!) {
      createApplication (data: $data) {
        _id,
        createdAt,
        name,
        parameters
      }
    }
  `,
  access_key: 'yourAccessKey',
  timestamp: '2018-04-11T16:55:27.703Z',
  signature: 'digestedSignature'
})

Here we've created the Application and also enabled the String Splitting transformation.

Keep in mind that to create the signature field you must follow the steps described in API Authentication. Also, make sure you add the parameters and the query when creating the HMAC signature.

In this case the response would be a JSON containing:

{
  "data":{
    "createApplication":{
      "_id": "56c33971cc5379857be577b8",
      "createdAt": "Tue Feb 16 2016 16:00:01 GMT+0100 (CET)",
      "name": "Hello world",
      "parameters": "{"5_1":[{"name":"stringSplitting","status":1}]}"
    }
  }
}

Adding Source Code to the Application

To add source code we can use the addSourceToApplication mutation. On this mutation, we can send one single file or a zip file that will be unzipped on the server.

The content of the source code must be sent as a Base64 string.

In this case, we'll send a simple index.js with the following content:

(function helloWord () {
  console.log('Hello world!');
})();

The respective payload in JavaScript:

const payload = JSON.stringify({
  params: {
    applicationId: '56c33971cc5379857be577b8'
    data: {
      content: 'data:text/javascript;base64,KGZ1bmN0aW9uIGhlbGxvV29yZCAoKSB7CiAgY29uc29sZS5sb2coJ0hlbGxvIHdvcmxkIScpOwp9KSgpOwo=',
      extension: 'js',
      filename: 'index.js'
    }
  },
  query: `
    mutation addSourceToApplication ($applicationId: String!, $data: ApplicationSourceCreate!) {
      addSourceToApplication(applicationId: $applicationId, data: $data) {
        _id,
        filename,
        content,
        extension
      }
    }
  `,
  access_key: 'yourAccessKey',
  timestamp: '2018-04-11T16:55:27.703Z',
  signature: 'digestedSignature'
});

The JSON response:

{
  "data": {
    "addSourceToApplication": [
      {
        "_id": "56c34518e97f012849685c29",
        "filename": "index.js",
        "content": "(function helloWord () {\n  console.log('Hello world!');\n})();\n",
        "extension": "js"
      }
    ]
  }
}

Requesting a Protection

To request a protection it's pretty simple, just specify the applicationId on the createApplicationProtection mutation:

const payload = JSON.stringify({
  params: {
    applicationId: '56c33971cc5379857be577b8'
  },
  query: `
    mutation createApplicationProtection ($applicationId: String!) {
      createApplicationProtection (applicationId: $applicationId) {
        _id
      }
    }
  `,
  access_key: 'yourAccessKey',
  timestamp: '2018-04-11T16:55:27.703Z',
  signature: 'digestedSignature'
})

In this case, we are protecting the source files that are already in our application. We can also upload our files in this same request to avoid multiple requests and possible race conditions.

const payload = JSON.stringify({
  params: {
    applicationId: '56c33971cc5379857be577b8',
    data: {
      source: {
        content: 'data:text/javascript;base64,KGZ1bmN0aW9uIGhlbGxvV29yZCAoKSB7CiAgY29uc29sZS5sb2coJ0hlbGxvIHdvcmxkIScpOwp9KSgpOwo=',
        extension: 'zip',
        filename: 'application.zip'
      }
    }
  },
  query: `
    mutation createApplicationProtection ($applicationId: String!, $data: ApplicationProtectionCreate) {
      createApplicationProtection (applicationId: $applicationId, data: $data) {
        _id
      }
    }
  `,
  access_key: 'yourAccessKey',
  timestamp: '2018-04-11T16:55:27.703Z',
  signature: 'digestedSignature'
})

The JSON response:

{
  "data":{
    "createApplicationProtection":{
      "_id": "56c34adebc4ee0b563f2da8d"
    }
  }
}

You could use the provided ID to poll the application protection status.

Downloading the Protected Files

Keep in mind that the protection process takes some time. You want to poll the protection status and only download the result after the status is finished.

To download the result you just need to make a GET request to:

api4.jscrambler.com/application/download/56c34adebc4ee0b563f2da8d?access_key=yourAccessKey&
timestamp=currentTimestamp&signature=digestedSignature

The downloaded file will be a zip with an index.js with the transformed content:

(function helloWord () {
  console.log('He' + 'll' + 'o ' + 'wor' + 'l' + 'd!');
})();