The JSONJSON
(JavaScript Object Notation) An open, lightweight data-interchange format that uses
human-readable text to store and transmit data. policy decision point (PDP) APIapplication programming interface (API)
A specification of interactions available for building software to access an application or service. provides an HTTP REST API for attribute-based access control based on
policies configured in the PingAuthorize Server Policy
Decision Service.
The JSON PDP API is implemented with both an individual decision request endpointendpoint
One end in a communication channel, typically a URI. and a batch request endpoint that consuming application servers
can access using POSTPOST
An HTTP method used to request that the service or server accept the entity enclosed in
the request as an addition to the resource identified in the URI. requests to the
/governance-engine or
/governance-engine/batch paths, respectively.
The HTTP requestsHTTP request
A client transaction sent over HTTP to the server specifying a request method (such as GET,
POST, DELETE) to execute against a resource or resources on the server. must include the appropriate
Content-Type and Accept headers, and request
bodies must be valid JSON in the expected request format.
The endpoint paths and headers are listed in the following table.
JSON PDP API Endpoint path
Action
Content-Type/Accept
Request data
/governance-engine
POST
application/json
JSON
/governance-engine/batch
POST
application/json
JSON
A successful JSON PDP API request goes through the following flow:
The client makes the JSON request, which is received by the JSON PDP API. The API forwards
the request to the Policy Decision Service.
When the Policy Decision Service returns a response, the API sends the response to the
client.
Note:
The Policy Enforcement Point (PEP) must apply any obligations or advice. See the
JSON PDP API Reference for more information about making
API requests.