API Response

Required to end an API workflow, use this Node to create an API response.

The API Response Node is used to conclude an API workflow by sending a response to the user who called the API endpoint. If you haven't already, check out the API Request Node before reading this article.

Configuring the API Response Node


Using the optional Headers Conduit, you can specify an object that defines your headers.

If you do not specify a Content-Type header, or any headers for that matter, Sanbox will add one to your response with a value ofapplication/json unless the data passed in the body is raw bytes, in which case application/octet-stream is used.

The object passed into Headers can be a key/value dictionary, with the value being either a string or array of strings for multiple headers with the same key:

"Content-Type": "text/plain",
"X-Secret": [


Cookies can also be added to the response. If specified, the Cookies Conduit is expecting an array of cookies. Example of object passed in the Cookies Conduit:

"name": "myCookie",
"value": "cookies are great",
"secure": true

Properties of the cookie object:



(Required) name

The cookie's name.

(Required) value

The cookie's value.


DateTime the cookie expires.


If true, limits the scope of the cookie to "secure" channels (where "secure" is defined by the user agent). Typically, this means the cookie will only be allowed to be transferred over HTTPS


If true, causes the cookie to be inaccessible to client-side scripts.

Cookies can alternatively be set by including them in a Set-Cookie header.

Status Codes

You can choose multiple status codes that can be returned. Each status code you choose will generate an input on the API Response Node for you to fire a response for the coinciding status code. You can configure a status code by pressing the Edit button next to the status code toggle.

Configuring a Status Code

Summary: Used for organizational purposes, a quick description of what this Status Code means in your app.

Body: Optional body to send when the input for this status code is fired. This is defaulted to the input data, but you can set this to No Value if you wish no body be sent in the response.

Response Model: Optional model to validate body data against. If body data does not validate against the chosen model, an error is thrown by the API Response Node. If you do decide to include a model, it's best practice that you do not handle the error that is thrown.

CSRF Token

For APIs that use cookies or basic authentication, you can check the Create CSRF Token checkbox to create a CSRF Token cookie. Read the guide on Using CSRF Token in APIs to learn more, or check out this Wikipedia Page to learn more about CSRF attacks.