---
title: About the Authorization Policy Decision APIs
description: The PingAuthorize Server provides Authorization Policy Decision APIs to support non-API use cases needing attribute-based access control (ABAC).
component: pingauthorize
version: 11.0
page_id: pingauthorize:pingauthorize_server_administration_guide:paz_authr_policy_decision
canonical_url: https://docs.pingidentity.com/pingauthorize/11.0/pingauthorize_server_administration_guide/paz_authr_policy_decision.html
revdate: June 26, 2023
---

# About the Authorization Policy Decision APIs

The PingAuthorize Server provides Authorization Policy Decision APIs to support non-API use cases needing attribute-based access control (ABAC).

|   |                                                                                                                                                         |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | The Authorization Policy Decision APIs feature requires PingAuthorize Premier. For more information, contact your Ping Identity account representative. |

The PingAuthorize Server's main functionality is to enforce fine-grained policies for data accessed through an application programming interface (API) *(tooltip: \<div class="paragraph">
\<p>A specification of interactions available for building software to access an application or service.\</p>
\</div>)*. However, organizations might need to use the core Policy Decision Service for non-API use cases. For example, an application server might use it to request policy decisions when generating dynamic web content. In this configuration, PingAuthorize Server becomes the policy decision point (PDP), and the application server becomes the policy enforcement point (PEP).

The Authorization Policy Decision APIs consist of the following PDP APIs:

* XACML-JSON PDP API

  This API provides a standards-based interface.

  Standards-based enforcement points request policy decisions based on a subset of the XACML-JSON standard. For more information, see [XACML 3.0 JSON Profile 1.1](http://docs.oasis-open.org/xacml/xacml-json-http/v1.1/csprd01/xacml-json-http-v1.1-csprd01.html).

* JSON PDP API

  This API provides a simpler interface.

|   |                                                                                                                                                              |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|   | The Authorization Policy Decision APIs can indicate when a request or response triggers statements, but the application server must implement the statement. |

To make a PDP API available, you must:

* Configure the PingAuthorize Server with a feature-enabled license during setup.

* Configure the Policy Decision Point Service. For more information, see [Use policies in a production environment](paz_config_embedded_pdp.html).

* For the XACML-JSON PDP API, configure an access token *(tooltip: \<div class="paragraph">
  \<p>A data object by which a client authenticates to a resource server and lays claim to authorizations for accessing particular resources.\</p>
  \</div>)* validator or use token validation within your rules and policies. For more information, see [Access token validators](paz_access_token_validators.html) or [Policy conditions](../pingauthorize_policy_administration_guide/paz_conditions.html).