Here is the updated declaration of the class:

TSQLRestServerTest = class(TSQLRestServerDB)
  published
    function Sum(var aParams: TSQLRestServerCallBackParams): Integer;
  end;

This method name will be used for the URL encoding, and will be called here with ModelRoot/Sum URL. The ModelRoot is the one defined in the Root parameter of the model used by the application.

This method, like all Server-side methods, MUST have all parameters of the TSQLRestServerCallBack prototype:

type
  TSQLRestServerCallBack = function(var aParams: TSQLRestServerCallBackParams): Integer of object;

Then we implement this method:

function TSQLRestServerTest.Sum(var aParams: TSQLRestServerCallBackParams): Integer;
var a,b: Extended;
begin
  if not UrlDecodeNeedParameters(aParams.Parameters,'A,B') then
  begin
    result := 404; // invalid Request
    exit;
  end;
  while aParameters<>nil do
  begin
    UrlDecodeExtended(aParams.Parameters,'A=',a);
    UrlDecodeExtended(aParams.Parameters,'B=',b,@aParams.Parameters);
  end;
  aParams.Resp := JSONEncodeResult([a+b]);
  // same as : aResp := JSONEncode(['result',a+b],TempMemoryStream);
  result := 200; // success
end;

On the Server side, you can use the UrlDecodeNeedParameters function to check that an expected parameters were supplied by the caller, then call UrlDecodeInteger / UrlDecodeInt64 / UrlDecodeExtended / UrlDecodeValue functions (all defined in SynCommons.pas) to retrieve each individual parameter as standard JSON content. The powerful UrlDecodeObject function (defined in SQLite3Commons.pas) can be used to unserialize most class instance from its textual JSON representation. Note that due to this implementation pattern, the mORMot service implementation is very fast, and not sensitive to the "Hash collision attack" security issue, as reported with Apache - see this blog entry for details.

The aParams.Session parameter may contain at calling time the current session identifier. If authentication is not used, this parameter is meaningless. Server-side implementation can use the TSQLRestServer.SessionGetUser method to retrieve the corresponding user details (the returned TSQLAuthUser instance is a local thread-safe copy which shall be freed when done).

The aParams.Head parameter may be overridden on the server side to set a custom header which will be provided to the client - it may be useful for instance to specify another mime-type than the default constant JSON_CONTENT_TYPE, i.e. 'application/json; charset=UTF-8'.

You can use the forum to ask additional questions.