Contents x
    V5 Permit Deny
    • 29 Jul 2024
    • 3 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    V5 Permit Deny

    • Updated on 29 Jul 2024
    • 3 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Post
    /api/runtime/5.0/decisions/permit-deny

    The Permit/Deny API call is a Yes/No Authorization question. It returns a response to Access Decision-related responses to a specific question detailed in the API Request. It can also optionally return additional information.

    Refer to the Working with the V5 Endpoint for API Access article for more information.

    Notice

    When accessing the Authorization APIs, the URL base/prefix, according to your PlainID PDP Location
  • United States Cloud PDP - `https://tenant-name.us1.plainid.io`
  • Canadian Cloud PDP - `https://tenant-name.ca1.plainid.io`
  • European Cloud PDP - `https://tenant-name.eu1.plainid.io`
  • Local PAA - `https://your-paa.acme.local`

    • For more information on which Asset Types to use with your PAA or Cloud PDP, refer to Managing Asset Types.

    Important note about headers

    Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample, if not, ensure you add it to your cURL sample before pasting into your API tool.

    Headers

    *Required
    HeaderValuecURL Line
    content-type`application/json``-H 'Content-Type: application/json' `
    Header parameters
    X-Client-Id
    string

    Client ID of the Scope
    The clientId is required, ensure that it is defined either in the header as X-Client-Id or in the body as clientId.

    X-Client-Secret
    string

    Client Secret ID of the Scope.
    You can also authenticate with an Authorization Token (in your API tool). Note that the X-Client-Id is still required, whether in the header or the body. Refer to Setting up an Authentication Method for more information.

    Body parameters
    PermitDeny
    {
  "method": "GET",
  "headers": {
    "x-request-id": "8CDAC3e6r4D252ABE60EFD7A31AFEEBA",
    "Authorization": "Bearer eyJhbG...lXvZQ"
  },
  "uri": {
    "schema": "https",
    "authority": null,
    "path": [
      "/portal/api/v1/profile/P4",
      "portal",
      "api",
      "v1",
      "profile",
      "P4"
    ],
    "query": "?details=true&type=2"
  },
  "body": {
    "paramA": "value",
    "paramB": "value"
  },
  "meta": {
    "runtimeFineTune": {
      "combinedMultiValue": false
    }
  }
}
    Expand All
    object
    method
    string Required

    The HTTP verb of the original API Request Method

    headers
    object Required

    REST API Request Headers. It is an object value with the header name (type) key value pairs and its value.

    uri
    object Required

    REST API Request URI - An object value with sub-properties for Path, Query params, etc.

    schema
    string
    authority
    object
    path
    Array of string Required

    An array of values containing all the uri path parts.

    string
    query
    object

    An object value containing all the query parameters and values.

    body
    object Required

    REST API Request Body - An object value that includes the full original body payload.

    meta
    object
    runtimeFineTune
    object

    Contains all PDP Request Parameters. Refer to the relevant endpoint in this API reference for the list of parameters to add here.

    Responses
    200

    User gets a Permit decision

    Permit
    {
  "result": "PERMIT"
}
    Deny
    {
  "result": "DENY"
}
    Permit with details
    {
  "result": "PERMIT",
  "response": [
    {
      "allowed": [
        {
          "path": "AS-XX-12575",
          "action": "Access",
          "template": "Accounts"
        }
      ],
      "denied": [],
      "not_applicable": []
    }
  ]
}
    Deny with details
    {
  "result": "DENY",
  "response": [
    {
      "allowed": [],
      "denied": [
        {
          "path": "AS-XX-12575",
          "action": "Access1",
          "template": "Accounts"
        }
      ],
      "not_applicable": []
    }
  ]
}
    Combined permit deny
    {
  "result": "DENY",
  "response": [
    {
      "allowed": [
        {
          "path": "AS-XX-12575",
          "action": "Access",
          "template": "Accounts"
        }
      ],
      "denied": [
        {
          "path": "AS-XX-1257566",
          "action": "Access",
          "template": "Accounts"
        }
      ],
      "not_applicable": []
    }
  ]
}
    Expand All
    AnyOf
    permitDenyResponse
    result
    string
    response
    Array of object
    object
    allowed
    Array of object
    object
    path
    string
    action
    string
    template
    string
    permissions
    Array of object
    object
    permission
    string
    permissionId
    string
    denied
    Array of object
    object
    path
    string
    action
    string
    template
    string
    not_applicable
    Array of object
    object
    identity
    object (identityResponse)
    type
    string
    typeName
    string
    attributes
    object
    additionalResponseInfo
    object (additionalResponseInfoResponse)
    identitySources
    object
    skipped
    Array of object (identitySourceInfo)
    object
    sourceId
    string
    sourceName
    string
    message
    string
    attributes
    Array of string
    string
    failed
    Array of object (identitySourceInfo)
    object
    sourceId
    string
    sourceName
    string
    message
    string
    attributes
    Array of string
    string
    assetContextPermitDenyResponse
    data
    Array of object
    object
    assetContext
    object (assetContextResponseItem)
    AnyOf
    object
    key
    string

    An auto-generated key to set the correlation between the requested object and the response object (optional). When working with a single assetContext object, use the “singleObjectResponse” value to align to the original structure response.

    object
    resourceType
    string
    path
    string
    action
    string
    assetAttributes
    object
    attribute_1
    Array of string
    string
    attribute_2
    Array of string
    string
    output
    object
    accessResponse
    object (permitDenyResponse)
    result
    string
    response
    Array of object
    object
    allowed
    Array of object
    object
    path
    string
    action
    string
    template
    string
    permissions
    Array of object
    object
    permission
    string
    permissionId
    string
    denied
    Array of object
    object
    path
    string
    action
    string
    template
    string
    not_applicable
    Array of object
    object
    identity
    object (identityResponse)
    type
    string
    typeName
    string
    attributes
    object
    additionalResponseInfo
    object (additionalResponseInfoResponse)
    identitySources
    object
    skipped
    Array of object (identitySourceInfo)
    object
    sourceId
    string
    sourceName
    string
    message
    string
    attributes
    Array of string
    string
    failed
    Array of object (identitySourceInfo)
    object
    sourceId
    string
    sourceName
    string
    message
    string
    attributes
    Array of string
    string
    error
    string
    400

    Bad Request

    401

    Unauthorized

    403

    Forbidden

    404

    Not Found

    500

    Internal Server Error

    501

    Not Implemented

    Was this article helpful?
    What's Next