Code Mode Runtime

What is Code Mode#

Within the Rollout dashboard, there are several occasions where you are invited to customize your integration with Rollout by writing code instead of the simpler user interface.

Where can you use it#

Instances of when you can use Code Mode include Perform functions for Triggers or when configuring Trigger events & Action requests.

Why would you use it#

The primary use case is advanced customization of your integration with Rollout. You may want to do this for extra security authentication, to transform raw data into a different format or some other use case.

About the runtime#

Any code you write in the Code Mode blocks will run in a secure sandbox and is hosted in severless environment. It is currently a JS runtime and has access to several objects/libraries as described below:

utils Object#


Provide cryptographic functionality which includes a set of wrappers for OpenSSL's hash, HMAC, cipher, deciper, sign and verify functions.


const stringToHash = "rollout";
const hash = crypto.createHash("md5").update(stringToHash).digest("hex");



const result = await utils.fetch(url, options);


Accepts content of type Readable | ReadableStream | Blob and returns a presigned URL which can be accessed for 15 minutes.


const someStream = utils.fetch("");
const url = await utils.stashFile(someStream);


Exposes the popular NodeJS JSON Web Token library jsonwebtoken.


const token = context.request.headers.authorization.split(" ")[1];
const decoded = utils.jsonwebtoken.verify(token, env.SOME_SECRET);


Thin wrapper around xml2js' parseStringPromise method which returns a javascript object promise.

Accepts the same parser options.


const xml = context.request.body;
const xmlParsed = await utils.XMLParse(xml, { explicitArray: false });

context Object#

context.authData Object#

The context.authData object will hold the data which your application returned when authenticating a user. (e.g. access_token, refresh_token, etc.).

context.automation (object)#

Automation object related to execution. Shape conforms to the Automation data type.

context.hookId (string)#

The id portion of the context.targetUrl string.

context.targetUrl (string)#

URL of webhook belonging to automation to execute.

context.subscribeData (object)#

An object containing whatever data was made available when subscribing a resthook trigger.

context.request (object)#

Parsed webhook request:

methodstringWebhook HTTP method.
queryobjectQuery parameters object.
headersobjectHeaders object.
bodyobjectBody object.

context.userId (string)#

The id which was provided as the sub claim when signing a user's Rollout JWT token.

context.verificationToken (string)#

A verification token provided by Rollout which can be used to confirm the identity of the Rollout server issuing a request. Can be found in the dashboard under Configuration.

env Object#

The env object holds any environment variables you have configured under the Configuration dashboard page.

Zapier Compatibility#

The following are also available with some limited compatibility

zSupports a hash and request method similar to Zapier's
bundlePoints to the context object mentioned above

inputs Object#

(deprecated) Use context.automation.trigger.inputParams instead.

The inputs object is available when configuring an action, and maps to a record of existing action keys in the data tab, along with whatever values a user assigned.

For example, an action configured with the following inputs:

  • task_name
  • task_description

will make an inputs object available with the following shape:

task_name: "some user-assigned value",
task_description: "another user-assigned value"
console.debug(inputs.task_name); // "some user-assigned value"