Making decision requests and examining recent decisions
Learn how policies are evaluated when an application makes decision requests and how you can examine the resulting decisions.
Making decision requests
About this task
You’ll use Postman requests to simulate an application requesting decisions about payment amounts. To get started, let’s walk through downloading a Postman collection and assigning values to variables used in the requests.
The PingOne platform requires an access token from your application before you can make calls to the API. You’ll use a Postman request to get the access token, then you’ll make decision requests.
Steps
-
Import a copy of the Postman collection:
-
Click the Run in Postman button below.
-
Click the import a copy link.
-
If you use workspaces in Postman, select a workspace and click Import.
-
-
Go to Collections and click PingOne Authorize: Make a Decision Request to open the collection, then click the Variables tab.
-
If you are outside of North America, update the
authUrl
andapiUrl
current values to use the data center closest to your geographic region.Variable Canada Europe Australia Asia Pacific authUrl
https://auth.pingone.ca
https://auth.pingone.eu
https://auth.pingone.com.au
https://auth.pingone.asia
apiUrl
https://api.pingone.ca
https://api.pingone.eu
https://api.pingone.com.au
https://api.pingone.asia
-
In PingOne, go to Applications → Applications.
-
Click your worker application, then click the Configuration tab.
-
Expand the General section, then copy the following values into the corresponding current value on the Variables tab in Postman:
-
Client ID: The Postman variable is
clientID
. -
Client Secret: The Postman variable is
clientSecret
. -
Environment ID: The Postman variable is
envId
.
-
-
Go to Authorization → Decision Endpoints and expand the Test endpoint.
-
Copy the Endpoint ID and paste it into the current value for endpointId in Postman.
-
In Postman, click Save to save the current values you assigned.
Result:
Now you’re ready to send a request to get an access token.
-
In Postman, select the Get Token request and click Send.
Result:
The access token is in the response.
Now you’re ready to make a decision request.
-
Select Make Decision Request and click the Body tab. Set the
Amount
parameter to10990
. -
Click Send.
Result:
The response body shows that the payment is denied according to our policy of denying payments greater than $10,000 USD.
Let’s try a payment that’s less than $10,000 USD.
-
Change the
Amount
value in the request body to990
and click Send.Result:
As you expect, the payment is permitted.
Result
You’ve simulated a couple of payment decision requests so that you have something to examine further.
Tutorial: examining recent decisions
About this task
Earlier, you configured the Test endpoint to keep track of recent decisions made during policy evaluation. You can use details about recent decisions to debug policy behavior during policy development.
Recent decisions are a policy debugging tool, and are not intended for monitoring of authorization decisions in real time. You can examine the 20 most recent decisions made for an endpoint in the last 24 hours. |
Let’s examine recent decisions to make sure that the policy is handling payment requests correctly.
Steps
-
Go to Authorization → Recent Decisions.
-
In the Decision Endpoint list, select the Test endpoint.
-
In the Decision to Visualize list, select the first decision.
This is the most recent decision.
-
Examine the decision flow to make sure that decisions are evaluated according to your expectations.
The visualization is similar to what you saw when you tested your policy.
-
Click the Permit payments up to 10000 USD box to show more details.
Result:
You can see that this represents your rule that permits payments up to $10,000 USD. The decision evaluated to
Permit
and it took 3.288 milliseconds. -
In the Select Decision to Visualize list, select the second decision and then examine the Visualization tab and the other tabs to make sure that everything looks as expected:
-
Click the Request tab to review the JSON request sent to the decision service and confirm that the expected information was sent.
-
Click the Response tab to review the complete, high-verbosity response for the decision, including expanded errors and other helpful information.
-
Click the Attributes tab for details about the attribute used in the decision.
Now that you’ve examined recent decisions for your named version, let’s roll it out to production by publishing it to the Prod endpoint.
-
-
Go to Authorization → Version History.
-
For the Payment checks version, click the More Options (⋮) icon and select Publish Version.
-
In the Publish to list, select the Prod endpoint and click Publish.
Result:
The blue Prod icon indicates that the version is now published in Prod in addition to Test and Dev.
Result
Congratulations! You’ve built your first dynamic authorization policy, tested it, and rolled it out to production.