Pub/sub publishers

  • Publishers are pub/sub endpoints that send (publish) messages to topics.
  • Their counterpart are subscribers which read (receive) messages that publishers send.
  • Publishers can be of several types: Python, REST, WebSockets or File transfer.
  • REST and WebSockets use Basic Auth to identify themselves with the message broker.
  • Pattern-based permissions are assigned to each publisher. If an endpoint publishes a message to a topic that does not match any pattern assigned to this publisher, such a publication is rejected.
  • It is possible to create more than one publisher endpoint for a given application, e.g. to represent different permissions assigned to different parts of the same application.

Credentials, authentication and authorization

  • REST and WebSocket-based publishers use Basic Auth credentials when they publish their messages
  • Basic Auth credentials let the message broker understand what application publishes the message (authentication) and, in combination with pattern-based permissions, whether it is allowed to publish the message to a particular topic (authorization)
  • Python and File transfer publishers do not need any credentials - they can always publish messages to any topic.
  • To create credentials, go to Security → HTTP Basic Auth in Zato Dashboard and fill out the form as in the example below:
  • Click here to learn more about pub/sub security


  • Python and File transfer publishers can always publish any message to any topic - their permissions are managed internally by the platform and they cannot be altered
  • For any other publisher types, each time they publish a message, the broker checks whether they are allowed to do it
  • Permissions are based around a notion of topic name patterns - when you create a publisher, you assign patterns to this endpoint. In runtime, when a message is published, Zato checks if the topic the message is mean to be published to matches one of the configured patterns. If it does, the message is accepted. Otherwise, the publisher receives an error appropriate for a given communication protocol, e.g. 403 for REST publishers.
  • As an example, if a publisher is assigned patterns such as /customer/* and /address/*/new, it will be able to publish to topics /customer/updated and /address/texas/new but not to /invoices/new or /accounts/virginia because the latter two do not match the assigned patterns
  • Click here to learn more about pub/sub permissions

Python publishers

  • Zato services can publish messages to topics or to other services, as in the example below
  • Python publishers are always allowed to publish any message to any topic. It is not required for such services to be registered or configured in any special way, simply call self.pubsub.publish at any point in your Python code.
  • Click here to learn more about using pub/sub from Python
def handle(self):

    # Topic to publish to
    topic_name = '/my/topic'

    # Data to publish
    data = {'client_id': 123, 'invoice_id': 456}

    # Publish the message now
    self.pubsub.publish(topic_name, data=data)

REST publishers

  • REST publishers use dedicated APIs, such as in the example below, to participate in integrations that involve pub/sub topics
  • There is no need that REST publishers be in Python, they can be implemented in any technology as long as they can send JSON messages to REST APIs
  • Click here to learn more about REST endpoints
$ curl -XPOST http://user:pass@localhost:17010/zato/pubsub/topic//crm/customer/new \
  -d '{"data":{"customer_name":"Jane Doe"}, "priority":7}'
{"msg_id": "zpsm1a150dbfb8ab3cb676a471b5"}

WebSockets-based publishers

  • A WebSocket client application written in any programming language can become a pub/sub endpoint. Such an endpoint uses JSON over WebSockets to send messages as a publisher.
  • WebSocket connections can be also used for Zato cluster-to-cluster publish/subscribe communication where services running on independent servers publish messages to each other via WebSockets

File transfer publishers

  • File transfer channels can publish the contents of files that are picked up to one or more pub/sub topic, as in the sample screenshot below which uses two topics
  • Each file transfer channel is automatically granted permissions to publish messages to any topic, there is no need for any additional configuration once such as a channel is created