Class Reference
IRIS for UNIX 2024.1.2
 InterSystems: The power behind what matters   
Documentation  Search
  [USER] >  [%CSP] >  [REST]
Private  Storage   

class %CSP.REST extends %CSP.Login

Applications wishing to support REST should subclass this class, implement the methods to be called, and define a UrlMap XDATA block which maps Urls and request Method (DELETE/GET/POST/PUT) to those methods. Users define a csp web application which will be serviced by their custom subclass. To achieve this, in the management portal set the 'Dispatch Class' to the name of the custom subclass of %CSP.REST.

Note: %CSP.REST extends %CSP.Login instead of just %CSP.Page because %CSP.Login contains the default CORS support as well as being a subclass of %CSP.Page.

Inventory

Parameters Properties Methods Queries Indices ForeignKeys Triggers
26 23


Summary

Methods
%ClassIsLatestVersion %ClassName %DispatchClassMethod %DispatchGetModified
%DispatchGetProperty %DispatchMethod %DispatchSetModified %DispatchSetMultidimProperty
%DispatchSetProperty %Extends %GetParameter %IsA
%New %OriginalNamespace %PackageName %SetModified
AcceptsContentType AccessCheck ConvertParameter Decrypt
DispatchRequest DrawCSS3STYLE DrawHEAD DrawSTHEAD
DrawSTTitle DrawSTYLE DrawTitle DrawTitleSection
Encrypt Error EscapeHTML EscapeURL
GetAuthChallenge Http403 Http404 Http405
Http500 HyperEventCall HyperEventHead Include
InsertHiddenField InsertHiddenFields IsPrivate Link
Login OnErrorSetup OnHTTPHeader OnHandleCorsRequest
OnHandleOptionsRequest OnLoginPage OnPage OnPageError
OnPostHTTP OnPostHyperEvent OnPreDispatch OnPreHTTP
OnPreHyperEvent OnSecurityTokenPage Page QuoteJS
ReportHttpStatusCode RewriteURL SetResponseHeaderIfEmpty ShowError
StartTimer StatusToJSON StatusToProxyObject StopTimer
SupportedVerbs ThrowError UnescapeHTML UnescapeURL

Subclasses
%Api.DeepSee %Api.InteropMetrics %Api.Monitor
%Api.iKnow %Atelier.REST %DeepSee.REST.REST
%DocDB.REST %REST.disp %iKnow.REST.Base
Ens.Activity.API.REST Ens.ServiceRegistry.API.REST.Query EnsLib.REST.Service
apptools.core.rest

Parameters

• parameter CONTENTTYPEJSON = "application/json";
• parameter CONTENTTYPETEXT = "text/plain";
• parameter HTTP200OK = "200 OK";
• parameter HTTP201CREATED = "201 Created";
• parameter HTTP202ACCEPTED = "202 Accepted";
• parameter HTTP204NOCONTENT = "204 No Content";
• parameter HTTP304NOTMODIFIED = "304 Not Modified";
• parameter HTTP400BADREQUEST = "400 Bad Request";
• parameter HTTP401UNAUTHORIZED = "401 Unauthorized";
• parameter HTTP403FORBIDDEN = "403 Forbidden";
• parameter HTTP404NOTFOUND = "404 Not Found";
• parameter HTTP405METHODNOTALLOWED = "405 Method Not Allowed";
• parameter HTTP406NOTACCEPTABLE = "406 Not Acceptable";
• parameter HTTP409CONFLICT = "409 Conflict";
• parameter HTTP415UNSUPPORTEDMEDIATYPE = "415 Unsupported Media Type";
• parameter HTTP422UNPROCESSABLEENTITY = "422 Unprocessable Entity";
• parameter HTTP423LOCKED = "423 Locked";
• parameter HTTP500INTERNALSERVERERROR = "500 Internal Server Error";
• parameter HandleCorsRequest;
This parameter influences the CORS support. The default is an empty string meaning 'not specified'. If set to true (1) then CORS processing is ON. If set to false (0) then CORS processing is OFF. If left unset ("") then the decision to process CORS is delegated to the setting on the URL map route.
• parameter TokenLoginEndpoint = "login";
If the REST application is using token authentication, then this parameter gives the path to use for the "login" endpoint. The default is "/login".
• parameter TokenLogoutEndpoint = "logout";
If the REST application is using token authentication, then this parameter gives the path to use for the "logout" endpoint. The default is "/logout".
• parameter TokenRefreshEndpoint = "refresh";
If the REST application is using token authentication, then this parameter gives the path to use for the "refresh" endpoint. The default is "/refresh".
• parameter TokenRevokeEndpoint = "revoke";
If the REST application is using token authentication, then this parameter gives the path to use for the token revocation endpoint. The default is "/revoke".
• parameter UseSession = 0;
This parameter controls the CSP session support. By default the CSP session will be ended after each request in accordance with the spirit of REST. However this CAN be overridden by the user. To use a session, it's necessary to manage the CSPSESSION cookie. Browsers do this automatically but command line tools such as CURL require the setting of options.

Note that if you choose to use a session then this will use a CSP license until the session is ended or expires and the grace period has been satisfied. If you use the default of no session then this will be the same behavior as SOAP requests of holding a license for ten seconds.


Methods

• classmethod AcceptsContentType(pType As %String) as %Boolean
This method tests the HTTP_ACCEPT header and returns true if the passed content type is acceptable
• classmethod AccessCheck(Output pAuthorized As %Boolean = 0) as %Status
This method performs a basic access check. You can override this to add additional checks.
• classmethod DispatchRequest(url As %String, method As %String, forwarded As %Boolean = 0, args...) as %Status
Dispatch a REST request according to URL and Method. The pArgs argument is a local array of parameters from the caller. The forwarded argument is no longer used.
• classmethod Error(skipheader As %Boolean = 1) as %Status
Called for a REST page in the event of an error being trapped by CSP server
• classmethod GetAuthChallenge() as %String
This method determines what challenge will be sent with a 401 (Unauthorized) response. The default is the type of the Authorization header used in the request. For unauthenticated requests, the default is 'Basic'. Note most browsers will display a native login prompt in response to a 'Basic' challenge.
deprecatedfinal classmethod Http403(pSC As %Status = $$$OK) as %Status
Issue a '403' error (Deprecated, use ..ReportHttpStatusCode)
deprecatedfinal classmethod Http404(pSC As %Status = $$$OK) as %Status
Issue a '404' error (Deprecated, use ..ReportHttpStatusCode)
• classmethod Http405(pSupportedVerbs As %String = "") as %Status
Issue a '405' error ( user can override)
• classmethod Http500(pE As %Exception.AbstractException) as %Status
Issue a '500' error and give some indication as to what occurred
• classmethod Login(skipheader As %Boolean = 1) as %Status
Called for a REST page in the event of a login being required
• classmethod OnPreDispatch(pUrl As %String, pMethod As %String, ByRef pContinue As %Boolean) as %Status
This method gets called prior to dispatch of the request. Put any common code here that you want to be executed for EVERY request. If pContinue is set to 0, the request will NOT be dispatched according to the UrlMap. In this case it's the responsibility of the user to return a response.
• classmethod Page(skipheader As %Boolean = 1) as %Status
This method matches the request and method and calls the dispatcher
• classmethod ReportHttpStatusCode(pHttpStatus, pSC As %Status = $$$OK) as %Status
Issue an 'Http' error
• classmethod SetResponseHeaderIfEmpty(pHeader As %String, pValue As %String)
This utility method sets a response header only if it currently does not have a value
• final classmethod StatusToJSON(pSC As %Status, ByRef pJSON As %DynamicObject) as %Status
Render a %Status as JSON.
• final classmethod StatusToProxyObject(pSC As %Status, ByRef pJSON As %ZEN.proxyObject) as %Status
Render a %Status as JSON (in the form of an array of objects representing each status value).
• classmethod SupportedVerbs(pUrl, Output pVerbs As %String) as %Status
This generator creates the SupportedVerbs Method used to determine supported verbs to return for the OPTIONS request.

Copyright (c) 2025 by InterSystems Corporation. Cambridge, Massachusetts, U.S.A. All rights reserved. Confidential property of InterSystems Corporation.