Can I apply an amp to a JavaScript custom REST endpoint?

Question

I have a custom REST endpoint written in JavaScript. In JavaScript extensions, POST actions run in query mode, so they cannot update data, so I need to start a new transaction with xdmp.eval, which means I need execute permission on xdmp.eval. How can I apply an amp to the JavaScript extension?

I'm deploying the endpoint via DHF 5, so it's located in src/main/ml-modules/services/my-endpoint.sjs. After deployment, in the modules database, /marklogic.rest.resource/my-endpoint/assets/resource.sjs as been created, but also resource.xqy and metadata.xml. I actually tried creating three amps, one for each of those documents, but it doesn't seem to grant the necessary xdmp.eval permission. I keep getting an error message:

SEC-PRIV: xdmp.eval(...) -- Need privilege: http://marklogic.com/xdmp/privileges/xdmp-eval

As a workaround, I think I can write a wrapper around the call to xdmp.eval and create an amp on that. I'd just like to know if it's possible to amp the endpoint directly.

Answer 1

I think I've found how to do this correctly.

1. As Mads Hansen pointed out above, the amp needs to be on the post method in the document, that is, the local name in the amp needs to be "post".
2. The document uri in the amp needs to be pointed to the xqy document, even though my endpoint is a JavaScript one. In this case, that's /marklogic.rest.resource/my-endpoint/assets/resource.xqy. The sjs and metadata documents can be ignored.
3. The namespace in the amp needs to be set to http://marklogic.com/rest-api/resource/my-endpoint.

I guess behind the scenes MarkLogic executes the endpoint via the XQuery wrapper and the JavaScript module is invoked in a way that an amp on the .sjs document is not applied to it.