Documentation
Open App

SDK Middleware

The Requexa SDK is an optional Next.js middleware that captures live HTTP traffic in your development environment. It enriches your manifest with real request examples — actual payloads, headers, and response shapes from running code.

Info
The SDK is completely dev-only. It checks NODE_ENV on every request and returns immediately in production — no overhead, no data leakage, nothing shipped to users.

Installation

Terminal
npm install @requexa/sdk
# or
pnpm add @requexa/sdk

Install it as a regular dependency (not devDependency) since your Next.js build needs to import it. The production guard is handled at runtime, not at build time.

Setup

Two files to add or update:

1. Wrap your middleware

If you don't have a middleware.ts yet, create one. If you already have one, wrap your existing export:

middleware.ts
import { withRequexa } from '@requexa/sdk'

// Without an existing middleware:
export default withRequexa()

// With an existing middleware (e.g. NextAuth):
import { auth } from '@/lib/auth'
export default withRequexa(auth)

2. Add the capture route handler

Create a new API route that exposes the captured requests to Requexa:

app/api/requexa/route.ts
import { createRequexaHandler } from '@requexa/sdk'

const handler = createRequexaHandler({
  secret: process.env.REQUEXA_SECRET,
})

export const GET = handler.GET
export const DELETE = handler.DELETE

3. Add the secret to your env

.env.local
REQUEXA_SECRET=any-random-string-you-choose
Tip
The secret protects the /api/requexa route so only the Requexa platform can read your captured traffic. Use a strong random string: openssl rand -base64 32

Viewing Captured Requests

Once the SDK is set up, use your app normally in development. Every API request that passes through your middleware is captured in an in-memory ring buffer (500 entries max, oldest discarded first).

The Requexa platform can poll this buffer via the GET /api/requexa endpoint to pull real examples and enrich your workspace. Future versions will provide a UI to browse and replay captured requests directly.

RouteAuthDescription
GET /api/requexaREQUEXA_SECRET headerReturns last N captured requests from the ring buffer
DELETE /api/requexaREQUEXA_SECRET headerClears the ring buffer

Security & Sanitization

The SDK automatically sanitizes sensitive values before storing them in the ring buffer. Fields matching these patterns are redacted to [REDACTED]:

  • Field names containing: password, token, secret, apikey, api_key
  • Values matching credit card patterns (16-digit numbers)
  • Values matching SSN patterns (XXX-XX-XXXX)
  • Authorization header values (Bearer tokens, Basic credentials)
Example — what gets stored
// Your request body:
{
  "email": "user@example.com",
  "password": "hunter2",
  "token": "sk_live_abc123"
}

// What the SDK stores:
{
  "email": "user@example.com",
  "password": "[REDACTED]",
  "token": "[REDACTED]"
}
Warning
Even with sanitization, the ring buffer lives in memory on your development server. Do not deploy the SDK setup (the /api/requexa route) to production — the production guard in the middleware handles this, but defence-in-depth is good practice.