---
title: "V5 Permit Deny"
slug: "v5-permit-deny"
updated: 2025-06-29T14:12:38Z
published: 2025-07-08T10:10:03Z
stale: true
---
> ## Documentation Index
> Fetch the complete documentation index at: https://docs.plainid.io/llms.txt
> Use this file to discover all available pages before exploring further.
# V5 Permit Deny
Post/api/runtime/5.0/decisions/permit-deny
The Permit/Deny API call is a Yes/No Authorization question. It returns a response to Access Decision-related responses to a specific question detailed in the API Request. It can also optionally return additional information. Refer to the [Working with the V5 Endpoint for API Access article](https://docs.plainid.io/apidocs/v5-endpoint-for-api-access) for more information.
### Notice
When accessing the Authorization APIs, the URL base/prefix, according to your PlainID PDP Location**United States Cloud PDP** - `https://tenant-name.us1.plainid.io`**Canadian Cloud PDP** - `https://tenant-name.ca1.plainid.io`**European Cloud PDP** - `https://tenant-name.eu1.plainid.io`**Local PAA** - `https://your-paa.acme.local`
For more information on which Asset Types to use with your PAA or Cloud PDP, refer to [Managing Asset Types](https://docs.plainid.io/docs/managing-asset-types).
### Important note about headers
Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample, if not, ensure you add it to your cURL sample before pasting into your API tool.
### Headers
*Required
| Header | Value | cURL Line |
| --- | --- | --- |
| Accept | `application/json` | `'accept: application/json'` |
| Content-Type | `application/json` | `'content-type: application/json'` |
Header parametersX-Client-Idstring
Client ID of the Scope The clientId is **required**, ensure that it is defined either in the header as `X-Client-Id` or in the body as `clientId` under the `runtimeFinetune` parameter. Refer to [Setting up an Authentication Method](https://docs.plainid.io/v1/docs/managing-scope-authentication#setting-up-an-authentication-method-in-the-scope) for more information.
X-Client-Secretstring
Client Secret ID of the Scope. You can also authenticate with an Authorization Token (in your API tool). Note that the `X-Client-Id` is still required, whether in the header or the body as `clientSecret` under the `runtimeFinetune` parameter. Refer to [Setting up an Authentication Method](https://docs.plainid.io/v1/docs/managing-scope-authentication#setting-up-an-authentication-method-in-the-scope) for more information.
Body parametersPermitDeny
```json
{
"method": "GET",
"headers": {
"x-request-id": "8CDAC3e6r4D252ABE60EFD7A31AFEEBA",
"Authorization": "Bearer eyJhbG...lXvZQ"
},
"uri": {
"schema": "https",
"authority": {
"param1": "val1",
"param2": "val2"
},
"path": [
"/portal/api/v1/profile/P4",
"portal",
"api",
"v1",
"profile",
"P4"
],
"query": {
"details": true,
"type": 2
}
},
"body": {
"paramA": "value",
"paramB": "value"
},
"meta": {
"runtimeFineTune": {
"combinedMultiValue": false
}
}
}
```
Expand Allobject methodstring Required
The HTTP verb of the original API Request Method
headersobject Required
REST API Request Headers. It is an object value with the header name (type) key value pairs and its value.
uriobject Required
REST API Request URI - An object value with sub-properties for Path, Query params, etc.
schemastring
authorityobject
path Array of string Required
An array of values containing all the uri path parts.
string
queryobject
An object value containing all the query parameters and values.
bodyobject Required
REST API Request Body - An object value that includes the full original body payload.
metaobject runtimeFineTuneobject
Contains all PDP Request Parameters. Refer to the relevant [endpoint](/apidocs/permit-deny) in this API reference for the list of parameters to add here.
Responses200
User gets a Permit decision
Permit
```json
{
"data": {
"result": "PERMIT"
}
}
```
Deny
```json
{
"data": {
"result": "DENY"
}
}
```
Permit with details
```json
{
"data": {
"result": "PERMIT",
"response": [
{
"allowed": [
{
"path": "AS-XX-12575",
"action": "Access",
"template": "Accounts"
}
],
"denied": [],
"not_applicable": []
}
]
}
}
```
Deny with details
```json
{
"data": {
"result": "DENY",
"response": [
{
"allowed": [],
"denied": [
{
"path": "AS-XX-12575",
"action": "Access1",
"template": "Accounts"
}
],
"not_applicable": []
}
]
}
}
```
Combined permit deny
```json
{
"data": {
"result": "DENY",
"response": [
{
"allowed": [
{
"path": "AS-XX-12575",
"action": "Access",
"template": "Accounts"
}
],
"denied": [
{
"path": "AS-XX-1257566",
"action": "Access",
"template": "Accounts"
}
],
"not_applicable": []
}
]
}
}
```
Expand AllAnyOfpermitDenyResponseobject (permitDenyResponse)resultstring
response Array of object object allowed Array of object object pathstring
actionstring
templatestring
permissions Array of object object permissionstring
permissionIdstring
permissionMetadataobject (permissionMetadata)
Additional response metadata. This response is only returned when the `includeAccessPolicy` is set to true, and when the `permissionMetadata` object contains one or more properties.
denied Array of object object pathstring
actionstring
templatestring
not_applicable Array of object object
identityobject (identityResponse) typestring
typeNamestring
attributesobject
additionalResponseInfoobject (additionalResponseInfoResponse) identitySourcesobject skipped Array of object (identitySourceInfo) object sourceIdstring
sourceNamestring
messagestring
attributes Array of string string
failed Array of object (identitySourceInfo) object sourceIdstring
sourceNamestring
messagestring
attributes Array of string string
assetContextPermitDenyResponseobject (assetContextPermitDenyResponse)data Array of object object assetContextobject AnyOfassetContextResponseItemobject (assetContextResponseItem)
assetContextMergedResponseItemobject (assetContextMergedResponseItem)resources Array of object (assetContextResponseItem) object AnyOfobjectobjectkeystring
An auto-generated key to set the correlation between the requested object and the response object (optional). When working with a single assetContext object, use the “singleObjectResponse” value to align to the original structure response.
objectobjectresourceTypestring
pathstring
actionstring
assetAttributesobject attribute_1 Array of string string
attribute_2 Array of string string
outputobject accessResponseobject (permitDenyResponse) resultstring
response Array of object object allowed Array of object object pathstring
actionstring
templatestring
permissions Array of object object permissionstring
permissionIdstring
permissionMetadataobject (permissionMetadata)
Additional response metadata. This response is only returned when the `includeAccessPolicy` is set to true, and when the `permissionMetadata` object contains one or more properties.
denied Array of object object pathstring
actionstring
templatestring
not_applicable Array of object object
identityobject (identityResponse) typestring
typeNamestring
attributesobject
additionalResponseInfoobject (additionalResponseInfoResponse) identitySourcesobject skipped Array of object (identitySourceInfo) object sourceIdstring
sourceNamestring
messagestring
attributes Array of string string
failed Array of object (identitySourceInfo) object sourceIdstring
sourceNamestring
messagestring
attributes Array of string string
errorstring
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
500
Internal Server Error
501
Not Implemented