# Script to API > Write JavaScript or Groovy in the editor. Apinizer compiles it, deploys it across every Worker, and routes traffic — with the same auth, throttling, audit, and analytics as your hand-written services. Full flexibility and control without standing up a separate runtime. *API Creator · Script to API* ## Quickly create dynamic, custom APIs in Groovy or JavaScript — without a dedicated server. [Request a demo](https://calendly.com/apinizer/15min) · [Read the docs](https://apinizer.com/developers/docs) **Highlights** - **Languages** — JavaScript · Groovy - **Engines** — GraalVM 24.2 · Groovy 3.0 - **Cold start** — Pre-compiled at deploy — none --- ## Capabilities ### 01 · Write code. Save. Ship. Pick a language. Type the function. Apinizer wires the route, compiles the script, and your endpoint is live across every Worker replica — usually in under three seconds. - Modern JavaScript (async/await, Date, JSON, fetch-style http client) - Groovy 3.0 with full Java interop and access to JDK libraries - Editor with syntax highlighting, error markers, and inline compile feedback - No CI/CD wait — deploy is part of save **Concepts:** `JavaScript` · `Groovy` · `compile on save` ### 02 · GraalVM for JS. Pre-compiled classes for Groovy. JavaScript runs on GraalVM Polyglot — one shared Engine, fresh Context per request, full Java interop. Groovy compiles to a Class at deploy time and dispatches lock-free, so neither language pays a warm-up cost on the request path. - JavaScript: GraalJS 24.2.1 — shared Engine, per-request Context, HostAccess.ALL - Groovy: 3.0.25 — pre-compiled to Class at deploy, volatile lock-free dispatch - Automatic javax → jakarta migration so legacy Groovy code keeps compiling - Correlation-ID checked before/after execution — detects thread leaks in user code **Concepts:** `GraalJS 24.2` · `Groovy 3.0` · `no warm-up` · `thread-leak guard` ### 03 · Everything your script needs is already in scope. Apinizer hands the script the parsed request, an HTTP client tuned by the platform, a query helper for any registered datasource, and a shared variable bag that carries values across policies. No imports. No wiring. - request — url, method, body, headers, query/path params, JWT claim helpers - http — get / post / put with .asJson() / .asText() / .asBytes() - db — query a registered datasource by name, with named parameters - vars — shared variable bag readable by every policy in the request flow **Concepts:** `request` · `http` · `db` · `vars` > Script-to-API can also enrich AI traffic — a Groovy script can rewrite a prompt, attach a system message, or strip PII before the request hits an LLM provider. ### 04 · Save to live URL in under three seconds. Audit trail is automatic. Hit save. Apinizer compiles, syncs every Worker replica, and the endpoint serves traffic. Every save and every promotion is captured in an audit log keyed to the user, with full diffs — so 'who changed the script and when' is never a question for the security team. - Compile + deploy + serve in seconds, no pod scheduling - Audit log with user, timestamp, diff, and promoted-from version - Same auth, throttle, cache, and Elasticsearch analytics as a real proxy - APIops manifests so script endpoints ship through CI/CD if you want them to **Concepts:** `audit log` · `diff` · `APIops` · `Elasticsearch` --- ## Use cases ### Drop a script where you'd otherwise build a service Need to enrich a request, call two upstream services, and combine the result into one shape? Twelve lines of Groovy beats a new microservice every time. - Call multiple upstreams from one endpoint - Reshape, redact, or enrich the response - Read JWT claims to scope behaviour per caller - Same observability as a real service ### Stitch legacy and modern systems without a translator service A SOAP service speaks one shape, the new mobile app expects another. Write the translator as a script, ship it, observe it in Elasticsearch — done. - Read SOAP envelope, return JSON - Reach an internal database with db.query - Replay a failed call after retry logic in the script - Decommission the script when the upstream catches up ### Stop bad requests with a function — not a JSON schema Some validation rules are business logic, not schema. Sum of line items must equal total. Discount cap depends on customer tier. Author the rule as a script, throw on failure, and the gateway returns a 4xx with your message. - Throw with a status code to halt the flow - Read DB to check tier or quota - Return a structured error body the client can parse - Audit the rejection in Elasticsearch --- ## What ships in the box ### Languages & engines - JavaScript on GraalJS 24.2.1 — async/await, JSON, Date, full ES support - Groovy 3.0.25 with full Java interop and JDK access - Pre-compiled at deploy — no warm-up cost on the request path - javax → jakarta auto-migration for legacy Groovy code ### Bindings - request — url, method, body, headers, query/path params, JWT claims - http — get / post / put with JSON, text, or bytes responses - db — query any registered datasource with named parameters - vars — shared variable bag across the policy chain - Throw with status to halt the flow and return a custom error ### Pipeline integration - Same auth surface as gateway proxies (OAuth 2.0, JWT, API key, mTLS) - Throttling, quotas, IP allow-lists, scope-based access - Audit log + Elasticsearch analytics + Prometheus metrics - APIops manifests so script endpoints ship through CI/CD like any other proxy --- ## Resources - [Script to API docs](https://apinizer.com/developers/docs) — Languages, bindings, deploy lifecycle, and audit trail. - [Scripting recipes](https://apinizer.com/developers/docs/scripting) — Groovy and JavaScript snippets for common edge cases. - [DB to API](https://apinizer.com/products/db-to-api) — When the script just queries a database, skip the script. - [Architecture](https://apinizer.com/products) — How Script to API sits on Worker with the same pipeline. --- ## Next step *Skip the microservice* **Twelve lines of code shouldn't ship as a service.** See Script to API — JavaScript and Groovy — running on a real gateway in a 20-minute walkthrough, including the audit trail and pipeline integration. [Book a Demo](https://calendly.com/apinizer/15min) · [Read the docs](https://apinizer.com/developers/docs) --- ## Links - Products: https://apinizer.com/products - AI Gateway: https://apinizer.com/products/ai-gateway - Solutions: https://apinizer.com/solutions - Pricing: https://apinizer.com/pricing - Developers: https://apinizer.com/developers - Documentation: https://docs.apinizer.com/index-en - Blog: https://apinizer.com/blog - Contact: https://apinizer.com/company/contact © 2026 Apinizer. All rights reserved.