Redirection for Proxy/API Requests

I’ve gotten into the habit of writing event handlers that can support multiple entry points such as a normal page request and an API/REST request. For a event that validates a form I redirect the user back to the form if errors exist or to the next step if everything went as expected. To allow the same handler to support browser and API/Proxy requests, I have added a UDF to my includes/helpers file that wraps all setNextEvent calls so it can abort if the proxy flag has been raised.

I was curious if anyone else has been doing this same type of handler reuse and if so, how are you handling redirects? Do you think I should decorate the ColdBox Controller?

public void function validate (required Event)
var rc = Event.getCollection();
var prc = Event.getCollection(private=true);

// If false, errors will now exist within the User
local.result = doValidationLogic(Event=arguments.Event);

prc.package = (local.result)
? { statuscode = 200, body = { URI = ‘confirm’ }}
: { statuscode = 400
,body = {
errors = rc.User.getMemento(target=‘errors’)
,URI = ‘’

local.args = (local.result)
? { event=’’, context=arguments.Event }
: { event=‘confirm’,context=arguments.Event };



// And this is the logic within the setRelocation UDF

// Do not allow redirects on proxy/api events
if (arguments.context.isAPIRequest())

// If no event is passed, relocate to the homepage
if (structKeyExists(arguments, ‘event’))
if (len(arguments.event) == 0)
structDelete (arguments,‘event’);
arguments.URI = ‘/’;

// If no SSL flag is passed, default to the application setting
if (!structKeyExists(arguments, ‘ssl’))
arguments.ssl = getSetting(‘allowSSL’);



Aaron Greenlee


I think it is an interesting topic to discuss, I always do the same thing with my handlers as far as multiple entry points. Beats the hell out of 20 files for 20 events…

Anyway I haven’t done too much API stuff as yet, but what I have done is have a wrapper for API/REST so far. The reason I have chosen that way is because I am not rewriting the standard login procedure, so if the requirements for the API/REST change in anyway, I do not have to check that the code for the form login still works. I guess Unit Testing will help out there, but it was the way I was thinking anyway.

My handlers tend to be very small snippets of code any way, the meat of the logic is usually in the Model/Service layer so I really didn’t think of even attempting it the same way that you have either.

Would be interested to hear how others approach it as well.


Andrew Scott