Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

More about Service REST rules

Updated on April 6, 2022


When the service runs as an authenticated user, the external application sending the request must include the username and password of an Operator ID in the request. The external application can send these values either in an HTTP header, or appended to the URL as name/value pairs for the parameters UserIdentifier and Password. The value of the password must be base64-encoded.

Stateful sessions

When the session state in a service package is set to Stateful, the service returns a cookie in the response with the Set-Cookie HTTP header. The cookie contains the Requestor ID of the requestor that processed the first request, with the prefix "PegaRULES." For another request to access the same session data, the external application must include the PegaRULES cookie in the header of that request.

Custom cookies and stateful sessions

A response can contain only one Set-Cookie header. If a Set-Cookie is set in the data mapping on the Response tab, the Pega Platform does not set the PegaRULES cookie for you. So if the services run in a stateful session and you need to return custom cookies, your rules are also responsible for constructing the PegaRULES cookie.

Create the cookie string by concatenating all the cookies to be sent, including the PegaRULES cookie, into one string. The value of the PegaRULES cookie must be the requestor ID. For example: PegaRULES=H40F706525721982DE3C8530D6DC64FCD.

Get the value of the requestor ID from the pzRequestorId property on the pxRequestor page, which is always present on the clipboard. This can be accomplished either by having the service activity set a clipboard property, or through a Rule-Utility-Function. Then, use the Response tab to configure a Set-Cookie header that contains the string with the values of all the cookies.

  • Previous topic Creating a response for Service REST methods by using an automation implementation
  • Next topic Endpoint configuration upgrade

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us