Once an entity is defined, its records are served on the app gateway. All six routes share one generic execution path, so auth, plan limits, encryption, and indexing behave identically for every entity.
POST /app/{orgcode}/create/{entity} insert (auto keys, formula, encryption, indexes)
GET /app/{orgcode}/item/{entity}/{id} read one (projected); unknown id -> 404
PUT /app/{orgcode}/update/{entity}/{id} update fields; recompute formula; re-validate
DELETE /app/{orgcode}/delete/{entity}/{id} delete record (+ unique sentinels)
GET /app/{orgcode}/list/{entity} list (see Listing & querying)
GET /app/{orgcode}/count/{entity} { count }Request lifecycle
Every CRUD request flows through the same steps:
{token} placeholders are resolved against path, body, query, and JWT claims.What create does
On create, the runtime checks plan limits (a 429 with an upgrade URL if exceeded), generates auto keys (guid, autoincrement), resolves the record keys, stamps index attributes, writes audit fields, encrypts encrypted fields, runs any before-events, writes the record, and best-effort indexes it for search.
Before-events can block a write
If a synchronous before-event hook fails, the create returns 424 and the record is not written. See Events & automations.
Views & projections
A Views map on each read/create config decides what crosses the wire. ?view=<name> overrides the default per request.
- Read projection (get/list) — choose fields, rename with
as, cast types, hide withvisible:false, fetchs3fields, or enrichlookup(foreign-key) fields. - Create/update response — returns only the fields named in the response view; if none is configured it returns just
id. The raw item is never echoed. - Encrypted fields are stripped from every response regardless of the view.
Add a named view later
Generated entities ship with default (all non-encrypted fields) and compact (id + name). Add views like summary afterwards with PUT /api/{api} and a merged Views map — no record changes needed.