Channels - Plain HTTP (REST)


Used to create, update, delete and browse through plain HTTP channels.

A plain HTTP channel is a means of accepting synchronous HTTP service invocations. Contrary to what SOAP channels assume, plain HTTP ones don’t except the data to be in any particular format, it can be anything that can be transferred over HTTP, including JSON, CSV, XML or virtually anything.


Create and Edit

Header Notes
Name Channel name
Active Documented below
URL path A path to mount this channel on. Must be unique in a cluster. May include patterns - for instance /cust/{cust_id}/program/{prog_id} will let the service access self.request.input.cust_id and self.request.input.prog_id if using SimpleIO.
Merge URL params to req If using SimpleIO, should URL parameters be taken into account when constructing the input to the service
URL params priority Used to decide which parameters will take precedence if both URL parameters and path patterns are used as part of the input to a service.
Params priority Used to decide which parameters will take precedence if URL parameters and/or path parameters are considered part of the input to the service and both URL/path parameters and the payload contain parameters of the same name.
Method (Optional) An HTTP method that must be used by clients to invoke this particular channel. It can be any string and Zato won’t check if it’s a valid HTTP 1.1 method. Leave empty to allow any method be used.
Service Name of an already existing service to invoke for each HTTP request received
Data format (Optional) The expected data format Zato should parse incoming messages as. This will also populate a service’s data_format attribute.
Security definition

Name of a security definition - API keys, HTTP Basic Auth, OAuth, SSL/TLS, technical account, XPath or a WS-Security definition - to use for securing the access to the channel.

Pick ‘No security’ explicitly to indicate that no such definition should be used. This can be used to expose certain services without any usernames or to indicate that a service will implement a custom security scheme itself.

RBAC (Optional) Whether the channel uses Role-Based Access Control (RBAC).



Deletes the channel from ODB and servers. The channel won’t exist anymore and invoking a URL it was mounted on will return HTTP 404 error.

The ‘Active’ flag

If a channel is made inactive, an attempt to invoke it will result in an HTTP 404 error.


Version Notes

Added new fields:

  • Merge URL params to req
  • URL params priority
  • RBAC

Changed fields:

  • URL path now accepts patterns
  • Renamed ‘Security’ to ‘Security definition’
  • Added new security definition types: API keys, OAuth, SSL/TLS and XPath
1.0 Added initially