The XACML-JSON policy decision point (PDP) API provides a standards-based HTTP API for decisions determined based on the policies configured within the PingAuthorize Server Policy Decision Service.
The XACML-JSON PDP API is implemented as a single endpoint, which consuming application
servers can access using POST requests to the /pdp path. The HTTP
requests must include the appropriate Content-Type
and
Accept
headers, and request bodies must adhere to the XACML-JSON
standard. For more information, see Requests.
XACML-JSON PDP API Endpoint path | Action | Content-Type/Accept | Request data |
---|---|---|---|
/pdp | POST | application/xacml+json | XACML-JSON |
The XACML-JSON PDP API supports the MultiRequests JSON object, which allows a client to make multiple decision requests in a single HTTP request.
Because this object also supports single decision requests, it is the only supported XACML-JSON request format.
A successful XACML-JSON PDP API request goes through the following two-phase flow:
- The client makes the XACML-JSON request, which is received by the XACML-JSON PDP API. The API converts the request to a PingAuthorize Server batch decision request and attempts to authorize the client.
- On authorize success, the request is handed off to the Policy Decision Service to process decisions in batch for the XACML-JSON PDP API. The API then converts the batch decision responses to a XACML-JSON response and writes the response to the client.
The following sections describe these stages in more detail.