Outgoing connections security


  • Zato services access external systems and resources through outgoing connections, e.g. REST, SOAP, IMAP, SQL, ElasticSearch and more
  • Outgoing connections represent a particular combination of technology and configuration specific to it, including authentication. For instance, a REST outgoing connection will contain information about what URL path to use but it will also include information what credentials are needed to invoke that particular external system.
  • A single security definition may be assigned to multiple outgoing connections
  • Changes to outgoing connections or to security definitions do not require any restarts

Using security definitions

  • Before it can be assigned to an outgoing connection, a security definition needs to be created
  • All types of security definitions can be found in Dashboard, in the Security menu option
  • Not all security types are applicable to all outgoing connection types, e.g. Basic Auth can be used with REST but they are not applicable to outgoing connections such as SAP or other types
  • To assign a security definition to an outgoing connection, create a security definition in Dashboard and then create or edit an outgoing connection of the expected type, as below:


  • Working in Dashboard is quick and convenient and, for automation purposes, all Zato objects can be also exported to YAML or JSON using a tool called enmasse
  • With enmasse, it is possible to store configuration in a repository and import it from command line in an automated manner
  • In this approach, Dashboard is used only initially during development but any actual automated work makes use of enmasse for repeatable builds
  • Refer to the chapter on enmasse


  • Outgoing connections can be secured with SSL/TLS client certificates
  • Refer to the chapter on SSL/TLS for details