Route overrides

This is the official documentation of the @forestadmin/agent Node.js agent.

Route overrides ↗ allowed customizing the behavior of the routes exposed by the agent.

This very low-level feature was used to implement many use cases:

  • Attach handlers to events in the UI

  • Customize filtering, search and sort behaviors

  • Other advanced use cases.

Because our new agent API is higher-level, the protocol used to communicate between the agent and the application can no longer be manipulated.

Code cheatsheet

What was the route override used for?How to migrate it?

Add custom permissions

Use .addHook() and throw forbidden errors

Add validation to fields

Add validation to whole records

Use .addHook() and throw validation errors

Run code on UI events

Use .addHook() to perform custom logic

Change the search behavior

Use .replaceSearch() to implement your custom search logic

Change the filtering behavior of fields

Change the sort behavior of fields

Other use case

If you are stuck or think that this guide can be improved, please expose your use case in the community forums ↗ and we will be happy to help you


Add custom permissions

Custom permissions would better be implemented by using the Roles ↗ feature from the UI.

  (request, response, next) => {
    const { params, query, user } = request;

    if ( !== '') {
        .send('This collection is protected, you cannot remove from it.');


Add validation to fields

function handler(request, response, next) {
  const patch =;

  if ( && /^Forest/.test( {
    return "All company names should begin with 'Forest'.";

  if (error) {
  } else {
}'/companies', permissionMiddlewareCreator.create(), handler);
router.put('/companies/:id', permissionMiddlewareCreator.update(), handler);

Run code on UI events

// Override the POST /customers route
  async (req, res, next) => {
    try {
      // Call an external API.
      await superagent
        .set('X-API-Key', '**********')

      // Calls next() to executes Forest Admin's default behavior
    } catch (err) {

Last updated