Channels - REST


Used to create, update, delete and browse through plain REST channels.

A REST channel is a means of accepting synchronous HTTP service invocations.

Contrary to what SOAP channels assume, plain HTTP ones don’t expect the data to be in any particular format, it can be anything that can be transferred over HTTP, including JSON, CSV, XML or virtually anything.


Create and Edit

Header Notes
Name Channel name
Active Documented below
URL path A path to mount this channel on. Must be unique in a cluster. May include patterns - for instance /cust/{cust_id}/program/{prog_id} will let the service access self.request.input.cust_id and self.request.input.prog_id if using SimpleIO.
Match slash A boolean flag to control if slash characters should be taken into account or skipped when matching patterns between braces, such as {cust_id}. If False, a slash character will never be matched in such a pattern.
URL params Used to decide which parameters will take precedence if both URL parameters and path patterns are used as part of the input to a service.
Merge to request If using SimpleIO, should URL parameters be taken into account when constructing the input to the service
Params priority Used to decide which parameters will take precedence if URL parameters and/or path parameters are considered part of the input to the service and both URL/path parameters and the payload contain parameters of the same name.
Method (Optional) An HTTP method that must be used by clients to invoke this particular channel. It can be any string and Zato won’t check if it’s a valid HTTP 1.1 method. Leave empty to allow any method be used.
Encoding (Optional) Using what format responses should be encoded - leave empty for no encoding. Currently the only supported value is gzip.
Service Name of an already existing service to invoke for each HTTP request received
Data format (Optional) The expected data format Zato should parse incoming messages as. This will also populate a service’s data_format attribute.
Security definition

Name of a security definition - API keys, HTTP Basic Auth, OAuth, SSL/TLS, XPath or a WS-Security definition - to use for securing the access to the channel.

Pick ‘No security’ explicitly to indicate that no such definition should be used. This can be used to expose certain services without any usernames or to indicate that a service will implement a custom security scheme itself.

Cache (Optional) Using what definitions responses from the channel should cached, if at all
Expiry (Optional) For how many minutes responses should be cached
RBAC (Optional) Whether the channel uses Role-Based Access Control (RBAC).



Deletes the channel from ODB and servers. The channel won’t exist anymore and invoking a URL it was mounted on will return HTTP 404 error.

The ‘Active’ flag

If a channel is made inactive, an attempt to invoke it will result in an HTTP 404 error.


Version Notes

Added new fields:

  • Encoding
  • Cache
  • Expiry
  • Match slash

Added new fields:

  • Merge URL params to req
  • URL params priority
  • RBAC

Changed fields:

  • URL path now accepts patterns
  • Renamed ‘Security’ to ‘Security definition’
  • Added new security definition types: API keys, OAuth, SSL/TLS and XPath
1.0 Added initially