PingOne Authorize provides three default endpoints for deployment stages: Dev, Test, and Prod. Add more endpoints and update or delete endpoints to suit your organization’s needs. An additional default endpoint, API Access Management Decision Endpoint, is used for API Access Management policy deployment. You cannot delete this endpoint.

You can configure an endpoint to use the latest version of a policy, or you can deploy a specific named version of a policy to the endpoint. When you use the latest version of a policy, any updates to the policy are published to the endpoint automatically. Because this compiles a publishing package each time a request is made to the endpoint and can cause a slower system response, Use latest is intended for policy development and debugging only. By default, the Dev stage endpoint is configured to use the latest version of a policy. You can change this setting, or configure endpoints for other stages to use the latest version or specific versions of policies.

You can configure decision endpoints to keep track of the 20 most recent decisions made during policy evaluation. It’s helpful to enable this setting during policy development as a debugging tool so you can visualize and examine recent decisions. This can cause a slower system response, so the setting is disabled by default.

Event subscriptions, or webhooks, enable you to use third-party tools to monitor audit events for decision endpoints.

The PingOne API provides operations to create, read, update, and delete decision endpoint resources. It also provides an evaluation action to execute a decision request against a resource. For more information about using the API, see PingAuthorize Policy Decision Service.