Performs a cache invalidation operation for PDP response data in the PAAs related to the relevant Environment.
When to use this API
Use this API when the Policy decision results (responses) might no longer be valid—such as after Policy changes, updates to Identity Attributes, or Environment configuration changes—and you want to ensure fresh Authorization evaluations at Runtime. Although the cache typically expires based on TTL, this API allows you to proactively clear cached results when immediate re-evaluation is needed.Using this API
Authentication
A valid PlainID Platform JWT is required in the `Authorization` header. Refer to our [Get Access Token API](/apidocs/get-access-token) to retrieve a valid JWT for the Bearer Token.How to invalidate parameters
To invalidate all response caches in the Environment's PAAs, send an empty JSON object in the request body. The body must always be present, even when performing a full cache invalidation.The invalidation can be scoped using these optional parameters in the request body:
- Scope Client ID: Clears cached responses associated with a specific Scope.
- If provided, all PDP response cache entries for the specified Scope are invalidated across all responses.
- Identity ID: The unique identifier (UID) of the identity, used to clear cached responses for a specific user.
- If provided, all cached PDP responses for that user across specific Scopes are invalidated.
- If both parameters are provided, the cached PDP responses for the specified user within the specified Scope are invalidated.
Notice
When accessing the Authorization APIs, the URL base/prefix depends on your PlainID PDP location:For more information on which Asset Types to use with your PAA or Cloud PDP, refer to Managing Asset Types.
cURL Sample Guidelines
In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right under the Try It\* or the Code Sample tabs. They will then appear in the cURL sample in the correct format to use in your API tool.
\*Try It function coming soon.
Important note about headers
Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample—if not, ensure you add them before pasting into your API tool.
Headers
Header | Value | cURL Line |
---|---|---|
Accept | application/json | 'accept: application/json' |
Content-Type | application/json | 'content-type: application/json' |
Note: RequestID Header (optional): You may include a `RequestID` in the header for traceability. If not provided, the system will generate one automatically.
For more details about Administration API Authentication, check out the Authentication APIs documentation
Provide your bearer token in the Authorization header when making requests to protected resources.
Example: Authorization: Bearer 123
The Environment ID can be found under the Details Tab in the Environment Settings.
The request body is required — even when performing a full cache invalidation. To clear all PDP response caches in the Environment's PAAs, send an empty JSON object.
The Scope Client ID used to limit the invalidation to a specific Scope. This can be found in your Platform Environment or Tenant Settings.
The UID of the identity whose PDP response cache should be invalidated, as modeled in the Identity Template. Note: This is the same user ID that is used when sending an Authorization request with the entityId parameter.
ok
missing required parameters
unauthorized
failed dependency