Make sure you have defined an API service, as well as a custom policy with transformational statements protecting that service.


PingOne Authorize only processes built-in statements defined in custom policies and rules for API services. For more information, see Statement templates.

  1. Go to Authorization > Policies.
  2. Select the policy that you want to test, and then click the Test tab.
  3. Define test parameters.
  4. Select the Process Statements check box, and select REQUEST or RESPONSE depending on which stage of the API request flow you want to test.
  5. In the API Request form, configure the testing scenario.

    For example, consider the Users starting a new game policy from the tutorials. You can add a set-attributes statement to update the ID attribute in an API request.

    Screen capture of an example statement setting the ID attribute to a value of 456.

    Then, use the following testing scenario to test the statement.

    Screen capture of an example API POST request to test statement processing against

    Click the angle brackets next to the Body field to display a rich JSON text editor.

  6. Click Execute.

    The Visualization tab shows test results. The Processing Result tab displays the transformed API request or response body with statements applied, along with any specified URI and headers. This tab is only displayed if you enabled statement processing.

    Screen capture of the Processing Result tab in the test suite displaying the transformed API request payload

    This tab also displays full and partial statement processing failures, including the code of the failed statement and a description of the failure.