PDP Response Cache Invalidation

Prev Next
Post
/api/1.0/runtime/caches/response/{envId}/invalidate

Performs a cache invalidation operation for PDP response data in the PAAs related to the relevant Environment.

When to use this API

Use this API when the Policy decision results (responses) might no longer be valid—such as after Policy changes, updates to Identity Attributes, or Environment configuration changes—and you want to ensure fresh Authorization evaluations at Runtime. Although the cache typically expires based on TTL, this API allows you to proactively clear cached results when immediate re-evaluation is needed.

Using this API

Authentication

A valid PlainID Platform JWT is required in the `Authorization` header. Refer to our [Get Access Token API](/apidocs/get-access-token) to retrieve a valid JWT for the Bearer Token.

How to invalidate parameters

To invalidate all response caches in the Environment's PAAs, send an empty JSON object in the request body. The body must always be present, even when performing a full cache invalidation.

The invalidation can be scoped using these optional parameters in the request body:
  • Scope Client ID: Clears cached responses associated with a specific Scope.
    • If provided, all PDP response cache entries for the specified Scope are invalidated across all responses.
  • Identity ID: The unique identifier (UID) of the identity, used to clear cached responses for a specific user.
    • If provided, all cached PDP responses for that user across specific Scopes are invalidated.
  • If both parameters are provided, the cached PDP responses for the specified user within the specified Scope are invalidated.

Notice

When accessing the Authorization APIs, the URL base/prefix depends on your PlainID PDP location:
  • United States Cloud PDP - `https://tenant-name.us1.plainid.io`
  • Canadian Cloud PDP - `https://tenant-name.ca1.plainid.io`
  • European Cloud PDP - `https://tenant-name.eu1.plainid.io`
  • Local PAA - `https://your-paa.acme.local`

  • For more information on which Asset Types to use with your PAA or Cloud PDP, refer to Managing Asset Types.

    cURL Sample Guidelines

    In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right under the Try It\* or the Code Sample tabs. They will then appear in the cURL sample in the correct format to use in your API tool.

    \*Try It function coming soon.


    Important note about headers

    Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample—if not, ensure you add them before pasting into your API tool.

    Headers

    HeaderValuecURL Line
    Acceptapplication/json'accept: application/json'
    Content-Typeapplication/json'content-type: application/json'

    Note: RequestID Header (optional): You may include a `RequestID` in the header for traceability. If not provided, the system will generate one automatically.

    Security
    HTTP
    Type bearer

    For more details about Administration API Authentication, check out the Authentication APIs documentation
    Provide your bearer token in the Authorization header when making requests to protected resources.
    Example: Authorization: Bearer 123

    Path parameters
    envId
    stringRequired

    The Environment ID can be found under the Details Tab in the Environment Settings.

    Body parameters
    object

    The request body is required — even when performing a full cache invalidation. To clear all PDP response caches in the Environment's PAAs, send an empty JSON object.

    clientId
    string

    The Scope Client ID used to limit the invalidation to a specific Scope. This can be found in your Platform Environment or Tenant Settings.

    ExamplePGC64A2B6892DU68B6GV
    identityId
    string

    The UID of the identity whose PDP response cache should be invalidated, as modeled in the Identity Template. Note: This is the same user ID that is used when sending an Authorization request with the entityId parameter.

    Responses
    200

    ok

    400

    missing required parameters

    Expand All
    object
    errors
    Array of object (GenericError)
    Min items1
    object
    id
    string
    Min length1
    code
    string
    Min length1
    name
    string
    Min length1
    message
    string
    Min length1
    401

    unauthorized

    Expand All
    object
    errors
    Array of object (GenericError)
    Min items1
    object
    id
    string
    Min length1
    code
    string
    Min length1
    name
    string
    Min length1
    message
    string
    Min length1
    424

    failed dependency

    Expand All
    object
    errors
    Array of object (GenericError)
    Min items1
    object
    id
    string
    Min length1
    code
    string
    Min length1
    name
    string
    Min length1
    message
    string
    Min length1