You can add code in procedural languages such as JavaScript, Java, and Python, then call out
to that code from other parts of an API proxy. Support for procedural code is designed to make it
easier for you to implement complex handling of flow variables, faults, and request and response
bodies.
With procedural code, you can:
Create or manipulate complex body values, such as request and response values.
Rewrite URLs, such as to mask a target endpoint URL.
Add other logic not available with included policies.
How it works
You use a policy specific to the language in order to make calls from a proxy flow to your
included code. For each of the supported languages, Apigee includes a separate policy:
JavaScript policy, JavaCallout policy, and PythonScript policy.
The following describes, at a high level, one way this works. Be sure to see the policy
references for more details.
In a separate file, write the code you're going to use.
In your code, put the result of the code's processing into an Apigee flow variable.
Add the policy corresponding to the language you're using.
Configure the policy to make a call to your code from the desired place in your API
proxy's flow.
Use a policy to retrieve the code's value from the flow variable.
Limitations
The Apigee security model does not permit system calls such as network I/O, filesystem
read/writes, current user info, process list, and CPU/memory utilization. Although some such
calls may be functional, they are unsupported and liable to be actively disabled at any time. For
forward compatibility, you should avoid making such calls in your code.
Other limitations may exist for each supported language, as described in the language's
corresponding policy reference.
Supported languages
JavaScript
Support for JavaScript includes a full object model for handling variables and values specific
to an API proxy. For more, see JavaScript object model.
For policy reference information and examples, see JavaScript policy.
Java
Use the JavaCallout
policy to make calls to Java code from your proxy's flow. The policy reference topic includes
examples.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-26 UTC."],[[["\u003cp\u003eThis content covers how to use procedural code (JavaScript, Java, and Python) within Apigee and Apigee hybrid API proxies to manage flow variables, faults, and request/response bodies.\u003c/p\u003e\n"],["\u003cp\u003eApigee provides specific policies (JavaScript, JavaCallout, and PythonScript) to call out to your procedural code, which can be used to implement complex logic or rewrite URLs.\u003c/p\u003e\n"],["\u003cp\u003eProcedural code allows for the manipulation of complex body values, and logic not available through built-in policies, with results stored in flow variables for retrieval elsewhere in the API proxy.\u003c/p\u003e\n"],["\u003cp\u003eTo use procedural code, you write the code in a separate file, add it as a resource file to your API proxy, configure the relevant language policy to call the code, and retrieve the results using flow variables.\u003c/p\u003e\n"],["\u003cp\u003eThe security model in Apigee restricts certain system calls in procedural code, such as network I/O and file system operations, which should be avoided for forward compatibility.\u003c/p\u003e\n"]]],[],null,["# Incorporating procedural code\n\n*This page\napplies to **Apigee** and **Apigee hybrid**.*\n\n\n*View [Apigee Edge](https://docs.apigee.com/api-platform/get-started/what-apigee-edge) documentation.*\n\nYou can add code in procedural languages such as JavaScript, Java, and Python, then call out\nto that code from other parts of an API proxy. Support for procedural code is designed to make it\neasier for you to implement complex handling of flow variables, faults, and request and response\nbodies.\n\nWith procedural code, you can:\n\n- Create or manipulate complex body values, such as request and response values.\n- Rewrite URLs, such as to mask a target endpoint URL.\n- Add other logic not available with included policies.\n\nHow it works\n------------\n\nYou use a policy specific to the language in order to make calls from a proxy flow to your\nincluded code. For each of the supported languages, Apigee includes a separate policy:\n[JavaScript policy](/apigee/docs/api-platform/reference/policies/javascript-policy), [JavaCallout policy](/apigee/docs/api-platform/reference/policies/java-callout-policy), and [PythonScript policy](/apigee/docs/api-platform/reference/policies/python-script-policy).\n\nThe following describes, at a high level, one way this works. Be sure to see the policy\nreferences for more details.\n\n1. In a separate file, write the code you're going to use.\n2. In your code, put the result of the code's processing into an Apigee flow variable. You'll retrieve the variable value elsewhere in your API proxy. For more about flow\n variables, see [Managing\n proxy state with flow variables](/apigee/docs/api-platform/fundamentals/introduction-flow-variables).\n\n3. Add your file (or JAR) as a resource file to your API proxy. For more about resource files, see [Resource files](/apigee/docs/api-platform/develop/resource-files).\n\n4. Add the policy corresponding to the language you're using. Configure the policy to make a call to your code from the desired place in your API\n proxy's flow.\n\n5. Use a policy to retrieve the code's value from the flow variable.\n\nLimitations\n-----------\n\nThe Apigee security model does not permit system calls such as network I/O, filesystem\nread/writes, current user info, process list, and CPU/memory utilization. Although some such\ncalls may be functional, they are unsupported and liable to be actively disabled at any time. For\nforward compatibility, you should avoid making such calls in your code.\n\nOther limitations may exist for each supported language, as described in the language's\ncorresponding policy reference.\n\nSupported languages\n-------------------\n\n### JavaScript\n\nSupport for JavaScript includes a full object model for handling variables and values specific\nto an API proxy. For more, see [JavaScript object model](/apigee/docs/api-platform/reference/javascript-object-model).\n\nFor policy reference information and examples, see [JavaScript policy](/apigee/docs/api-platform/reference/policies/javascript-policy).\n\n### Java\n\nUse the [JavaCallout\npolicy](/apigee/docs/api-platform/reference/policies/java-callout-policy) to make calls to Java code from your proxy's flow. The policy reference topic includes\nexamples.\n\n### Python\n\nUse the [Python Script\npolicy](/apigee/docs/api-platform/reference/policies/python-script-policy) to call out to Python code."]]
