Run Custom APIs, Events, Schedulers in a secure, isolated environment
The Secure Sandbox provides a safe and isolated environment for executing your code in API Maker. Every request runs in its own container, so no matter how complex the logic is, it won’t interfere with other APIs, databases, or system resources.
This makes it ideal for running Custom APIs, Utility Classes, Events, Data Migrations, and Schedulers. Each execution is time-controlled, resource-managed, and automatically scaled by the platform, giving you both stability and flexibility.
By separating execution from the core system, the sandbox ensures smooth operations even during heavy workloads, helping teams build, test, and deploy with confidence.
How It Works
When a request reaches API Maker, the code doesn’t run directly on the main system. Instead, it is executed inside a dedicated sandbox container. This design keeps each process isolated, secure, and independent from other running tasks.
Isolated Execution – Every Custom API, Event, Migration, or Scheduler runs in its own sandbox, preventing unwanted interference.
Timeout Controls – Each sandbox enforces a maximum runtime. By default, it’s 13 seconds, but you can adjust it using the
x-am-sandbox-timeoutheader.Auto-Scaling – As workload increases, API Maker provisions additional sandboxes across servers automatically, ensuring performance stays consistent.
Database Connectivity – Sandboxes can securely connect to your databases without compromising system stability.
The result is a system that can safely handle everything from lightweight test scripts to large-scale automation jobs without affecting the rest of your environment
Sandbox Timeout Control
Every sandboxed execution has a strict time limit to ensure stability and prevent runaway processes. By default, the timeout is set to 13 seconds (13000 ms). If a request doesn’t complete within this window, the sandbox will stop execution and return a clear error message in the response.
You can adjust this limit using the request header:
"x-am-sandbox-timeout": "13000"
- Header name:
x-am-sandbox-timeout - Unit: Milliseconds
- Default value: 13000 (13 seconds)
Behavior: If the code completes in time, the sandbox returns the response. If it exceeds the limit, the sandbox breaks execution and returns an error.
For a complete list of supported headers, visit the API Maker headers docs
This flexibility allows you to fine-tune execution time based on workload, short for quick checks, or longer for more complex scripts , without risking overall system performance.
Use Cases
The Secure Sandbox isn’t just about safety, it’s about flexibility. Different teams can use it in different ways to simplify development and operations:
For Developers
Rapidly prototype and test custom API logic in isolation. You can experiment with new features or debug issues without worrying about disrupting production services.For Operations Teams
Run scheduled tasks, utility scripts, and data migrations in a secure environment. Even long-running jobs remain controlled with timeout settings, ensuring reliability.For Teams
Test event-driven workflows, background processes, and webhooks before deploying them live. This ensures smooth integrations and predictable outcomes in production
Key Benefits of Secure Sandbox
The Secure Sandbox brings more than just isolation, it adds safety, efficiency, and confidence to your workflow. By handling code execution in a protected environment, it ensures that your core system remains stable even when workloads are unpredictable.
Safety & Stability
All code runs independently in its own sandbox. This means errors, bugs, or unexpected behaviors never spill over into other APIs or system resources.
Efficiency
Multiple sandboxes can run side by side. Teams can test, debug, and execute different jobs at once without interfering with each other’s work.
Scalability
As demand grows, API Maker provisions new sandboxes automatically. You don’t need to manage infrastructure, performance simply scales with your workload.
Confidence
With timeouts, error handling, and isolation built in, you can focus on writing code while trusting the platform to keep everything secure and predictable.
Best Practices
To get the best results with the Secure Sandbox, keep these practices in mind:
Set smart timeouts
Every request has a maximum execution window. Use the x-am-sandbox-timeout header to fine-tune this based on your workload, shorter for lightweight logic, longer for more complex scripts.
Go beyond APIs
The sandbox isn’t limited to Custom APIs. Utility Classes, Events, Data Migrations, and Schedulers also run securely here, making it useful across many parts of your project.
Build stronger workflows
Combine sandboxed execution with Events, Schedulers, and Migrations. This lets you chain automated tasks while ensuring each step stays isolated and reliable
FAQ's
What is the default sandbox timeout?
By default, the Secure Sandbox allows code to run for 13 seconds (13000 ms). If execution exceeds this, the sandbox stops the process and returns an error response.
Can I change the timeout?
Yes. You can set a custom timeout using the x-am-sandbox-timeout header. The value is in milliseconds, so "15000" would allow 15 seconds of execution.
What types of code run in the sandbox?
All user-defined components such as Custom APIs, Utility Classes, Events, Data Migrations, and Schedulers run inside the sandbox environment.
Does the sandbox affect database connections?
No. Sandboxes connect securely to your databases while keeping execution isolated, so database access remains safe and stable.
How does scaling work?
API Maker provisions new sandboxes automatically based on settings provided. This ensures that multiple requests or background tasks can run at the same time without slowing each other down.
