JSON PDP API request format
Individual requests
A valid JSON PDP API request is a simple JSON object that can be forwarded to the Policy Decision Service. Policies can match a decision request by Service
, Domain
, Action
, or other attributes.
The following table describes the values contained in a valid JSON PDP API request:
Field | Type | Required | PingAuthorize Trust Framework type | Example value |
---|---|---|---|---|
|
string |
no |
Domain |
|
|
string |
no |
Action |
|
|
string |
no |
Service |
|
|
string |
no |
Identity Provider |
|
|
map<string, string> |
yes |
Other Attributes |
|
Although the |
The following example shows the correct format of a JSON individual decision request:
{
"domain": "Sales.Asia Pacific",
"action": "Retrieve",
"service": "Mobile.Landing page",
"identityProvider": "Social Networks.Spacebook",
"attributes": {
"Prospect name": "B. Vo"
}
}
The following image shows how Prospect name
is defined in the Policy Administration GUI. In this example, the Prospect name attribute has a Request resolver and a Value Settings type of string.
The Trust Framework attribute name must match with the key of the attributes map. For example, if you have an attribute named |
Batch requests
Batch requests consist of an array named "requests"
of JSON objects, each of which is a standard JSON PDP API single decision request.
The following example shows the correct format of a JSON batch decision request:
{
"requests": [
{
"domain": "Sales.Asia Pacific",
"action": "Retrieve",
"service": "Mobile.Landing page",
"identityProvider": "Social Networks.Spacebook",
"attributes": {
"Prospect name": "B. Vo"
}
},
{
"domain": "Sales.EMEA",
"action": "Search",
"service": "Mobile.Users search",
"identityProvider": "Social Networks.Chirper",
"attributes": {
"Prospect name": "A. Mann"
}
}
]
}
Query requests
Query requests differ from individual and batch JSON PDP API requests in allowing the following types of attributes:
-
Unbounded: A request attribute without any value specified. These attributes' values can be populated at decision runtime by making calls to external services.
-
Multivalued: A request attribute with multiple values specified.
Query requests consist of the following fields:
-
query
: An array containing the following elements:-
attribute
: The full name of an unbounded, multivalued, or standard authorization attribute. -
values
: An optional array defining the values of the attribute. If you include more than one value in this array, the JSON PDP API treats the attribute as multivalued. If the attribute is unbounded, do not include this array.You cannot leave the
values
array empty in a query request sent in embedded policy decision point (PDP) mode. If you leave thevalues
array empty in a request sent in external PDP mode, the relevant attribute is treated as an unbounded attribute.
The
query
array has the following constraints:-
At most one attribute can be included without values (unbounded).
-
At most two attributes can be multivalued.
-
At most three attributes can be included in the array, but not all three can be multivalued or unbounded.
-
-
"context"
(optional): A JSON object containing the fields included in a typical individual JSON PDP API request.
You can include single-valued attributes in the query
or context
fields. Including a single-valued attribute in the query
field will add that attribute and its value to each results
array element in the query response.
The following example asks, "Which actions can Joe perform on the account?":
{
"query": [
{
"attribute": "action"
},
{
"attribute": "Subject",
"values": ["{\"id\": 23, \"name\":\"Joe\"}"]
},
{
"attribute": "Resource",
"values": ["account"]
}
]
}
Learn more in Policy queries.