PingOne

Making decision requests and examining recent decisions

Learn how policies are evaluated when an application makes decision requests and how you can examine the resulting decisions.

Making decision requests

About this task

You’ll use Postman requests to simulate an application requesting decisions about payment amounts. To get started, let’s walk through downloading a Postman collection and assigning values to variables used in the requests.

The PingOne platform requires an access token from your application before you can make calls to the API. You’ll use a Postman request to get the access token, then you’ll make decision requests.

Steps

  1. Import a copy of the Postman collection:

    1. Click the Run in Postman button below.

    2. Click the import a copy link.

    3. If you use workspaces in Postman, select a workspace and click Import.

  2. Go to Collections and click PingOne Authorize: Make a Decision Request to open the collection, then click the Variables tab.

    Screen capture of the PingOne Authorize: Make a Decision Request collection in Postman showing the Variables tab.
  3. If you are outside of North America, update the authUrl and apiUrl current values to use the data center closest to your geographic region.

    Variable Canada Europe Australia Asia Pacific

    authUrl

    https://auth.pingone.ca

    https://auth.pingone.eu

    https://auth.pingone.com.au

    https://auth.pingone.asia

    apiUrl

    https://api.pingone.ca

    https://api.pingone.eu

    https://api.pingone.com.au

    https://api.pingone.asia

  4. In PingOne, go to Applications → Applications.

  5. Click your worker application, then click the Configuration tab.

  6. Expand the General section, then copy the following values into the corresponding current value on the Variables tab in Postman:

    • Client ID: The Postman variable is clientID.

    • Client Secret: The Postman variable is clientSecret.

    • Environment ID: The Postman variable is envId.

      Screen capture of the worker app Configuration tab showing the Client ID, Client Secret, Environment ID, and associated copy icons.
  7. Go to Authorization → Decision Endpoints and expand the Test endpoint.

  8. Copy the Endpoint ID and paste it into the current value for endpointId in Postman.

    Screen capture of the Test endpoint showing the Endpoint ID and the copy icon.
  9. In Postman, click Save to save the current values you assigned.

    Result:

    Now you’re ready to send a request to get an access token.

  10. In Postman, select the Get Token request and click Send.

    Screen capture of Get Token request in Postman.

    Result:

    The access token is in the response.

    Screen capture of the access token response body in Postman.

    Now you’re ready to make a decision request.

  11. Select Make Decision Request and click the Body tab. Set the Amount parameter to 10990.

    Screen capture of the make decision request body in Postman showing the Amount parameter.
  12. Click Send.

    Result:

    The response body shows that the payment is denied according to our policy of denying payments greater than $10,000 USD.

    Screen capture of the make decision request response body in Postman showing the Deny decision.

    Let’s try a payment that’s less than $10,000 USD.

  13. Change the Amount value in the request body to 990 and click Send.

    Result:

    As you expect, the payment is permitted.

    Screen capture of the make decision request response body in Postman showing the Permit decision.

Result

You’ve simulated a couple of payment decision requests so that you have something to examine further.

Tutorial: examining recent decisions

About this task

Earlier, you configured the Test endpoint to keep track of recent decisions made during policy evaluation. You can use details about recent decisions to debug policy behavior during policy development.

Recent decisions are a policy debugging tool, and are not intended for monitoring of authorization decisions in real time. You can examine the 20 most recent decisions made for an endpoint in the last 24 hours.

Let’s examine recent decisions to make sure that the policy is handling payment requests correctly.

Steps

  1. Go to Authorization → Recent Decisions.

  2. In the Decision Endpoint list, select the Test endpoint.

  3. In the Decision to Visualize list, select the first decision.

    This is the most recent decision.

    Screen capture of the expanded Select Decision to Visualize list.
  4. Examine the decision flow to make sure that decisions are evaluated according to your expectations.

    The visualization is similar to what you saw when you tested your policy.

    Screen capture of the Visualization flow for permitting payments up to 10000 USD.
  5. Click the Permit payments up to 10000 USD box to show more details.

    Result:

    You can see that this represents your rule that permits payments up to $10,000 USD. The decision evaluated to Permit and it took 3.288 milliseconds.

    Screen capture of the Visualization details pane showing the decision result and elapsed time.
  6. In the Select Decision to Visualize list, select the second decision and then examine the Visualization tab and the other tabs to make sure that everything looks as expected:

    1. Click the Request tab to review the JSON request sent to the decision service and confirm that the expected information was sent.

      Screen capture of the Recent Decisions Request tab showing the JSON request.
    2. Click the Response tab to review the complete, high-verbosity response for the decision, including expanded errors and other helpful information.

      Screen capture of the Recent Decisions Response tab showing the complete, high-verbosity response.
    3. Click the Attributes tab for details about the attribute used in the decision.

      Screen capture of the Recent Decisions Attributes tab showing attribute details.

      Now that you’ve examined recent decisions for your named version, let’s roll it out to production by publishing it to the Prod endpoint.

  7. Go to Authorization → Version History.

  8. For the Payment checks version, click the More Options (⋮) icon and select Publish Version.

  9. In the Publish to list, select the Prod endpoint and click Publish.

    Result:

    The blue Prod icon indicates that the version is now published in Prod in addition to Test and Dev.

    Screen capture of Version History showing icons for published endpoints.

Result

Congratulations! You’ve built your first dynamic authorization policy, tested it, and rolled it out to production.