Skip to main content


class %CSP.REST extends %CSP.Login

Applications wishing to support REST should subclass this class, implement the methods to be called, and define a UrlMap XDATA block which maps Urls and request Method (DELETE/GET/POST/PUT) to those methods. Users define a csp web application which will be serviced by their custom subclass. To achieve this, in the management portal set the 'Dispatch Class' to the name of the custom subclass of %CSP.REST. See the csp/samples/docserver web application and the corresponding REST.DocServer sample in the SAMPLES namespace.

Note: %CSP.REST extends %CSP.Login instead of just %CSP.Page because %CSP.Login contains the default CORS support as well as being a subclass of %CSP.Page.

Note: The REST support uses features not available on VMS and will not function on VMS platforms.

Method Inventory


parameter CONTENTTYPEJSON = application/json;
parameter CONTENTTYPETEXT = text/plain;
parameter HTTP200OK = 200 OK;
parameter HTTP201CREATED = 201 Created;
parameter HTTP202ACCEPTED = 202 Accepted;
parameter HTTP204NOCONTENT = 204 No Content;
parameter HTTP304NOTMODIFIED = 304 Not Modified;
parameter HTTP400BADREQUEST = 400 Bad Request;
parameter HTTP401UNAUTHORIZED = 401 Unauthorized;
parameter HTTP403FORBIDDEN = 403 Forbidden;
parameter HTTP404NOTFOUND = 404 Not Found;
parameter HTTP405METHODNOTALLOWED = 405 Method Not Allowed;
parameter HTTP406NOTACCEPTABLE = 406 Not Acceptable;
parameter HTTP409CONFLICT = 409 Conflict;
parameter HTTP415UNSUPPORTEDMEDIATYPE = 415 Unsupported Media Type;
parameter HTTP423LOCKED = 423 Locked;
parameter HTTP500INTERNALSERVERERROR = 500 Internal Server Error;
parameter HandleCorsRequest;
This parameter influences the CORS support. The default is an empty string meaning 'not specified'. If set to true (1) then CORS processing is ON. If set to false (0) then CORS processing is OFF. If left unset ("") then the decision to process CORS is delegated to the setting on the URL map route.
parameter UseSession = 0;
This parameter controls the CSP session support. By default the CSP session will be ended after each request in accordance with the spirit of REST. However this CAN be overridden by the user. To use a session, it's necessary to manage the CSPSESSION cookie. Browsers do this automatically but command line tools such as CURL require the setting of options.

Note that if you choose to use a session then this will use a CSP license until the session is ended or expires and the grace period has been satisfied. If you use the default of no session then this will be the same behavior as SOAP requests of holding a license for ten seconds.


classmethod AcceptsContentType(pType As %String) as %Boolean
This method tests the HTTP_ACCEPT header and returns true if the passed content type is acceptable
classmethod AccessCheck(Output pAuthorized As %Boolean = 0) as %Status
This method performs a basic access check. You can override this to add additional checks.
classmethod DispatchMap(pIndex As %Integer) as %String
This generator creates the DispatchMap Method used to dispatch the Url and Method to the associated target method
classmethod DispatchRequest(pUrl As %String, pMethod As %String, pForwarded As %Boolean = 0) as %Status
Dispatch a REST request according to URL and Method
classmethod Error(skipheader As %Boolean = 1) as %Status
Called for a REST page in the event of an error being trapped by CSP server
final classmethod Http403(pSC As %Status = $$$OK) as %Status
Issue a '403' error (Deprecated, use ..ReportHttpStatusCode)
final classmethod Http404(pSC As %Status = $$$OK) as %Status
Issue a '404' error (Deprecated, use ..ReportHttpStatusCode)
classmethod Http405(pSupportedVerbs As %String = "") as %Status
Issue a '405' error ( user can override)
classmethod Http500(pE As %Exception.AbstractException) as %Status
Issue a '500' error and give some indication as to what occurred
classmethod Login(skipheader As %Boolean = 1) as %Status
Called for a REST page in the event of a login being required
classmethod OnPreDispatch(pUrl As %String, pMethod As %String, ByRef pContinue As %Boolean) as %Status
This method gets called prior to dispatch of the request. Put any common code here that you want to be executed for EVERY request. If pContinue is set to 0, the request will NOT be dispatched according to the UrlMap. In this case it's the responsibility of the user to return a response.
classmethod Page(skipheader As %Boolean = 1) as %Status
This method matches the request and method and calls the dispatcher
classmethod ReportHttpStatusCode(pHttpStatus, pSC As %Status = $$$OK) as %Status
Issue an 'Http' error
classmethod ResolveTarget(pOriginalUrl As %String, Output pTargetUrl As %String = "", Output pTargetClass As %String = "") as %Status
This resolves the target class and url according to the forwarding rules
classmethod SetResponseHeaderIfEmpty(pHeader As %String, pValue As %String)
This utility method sets a response header only if it currently does not have a value
final classmethod StatusToJSON(pSC As %Status, ByRef pJSON As %DynamicObject) as %Status
Render a %Status as JSON.
final classmethod StatusToProxyObject(pSC As %Status, ByRef pJSON As %ZEN.proxyObject) as %Status
Render a %Status as JSON (in the form of an array of objects representing each status value).
classmethod SupportedVerbs(pUrl, Output pVerbs As %String) as %Status
This generator creates the SupportedVerbs Method used to determine supported verbs for return via 405 HTTP Status

Inherited Members

Inherited Methods


FeedbackOpens in a new tab