Request Attributes

Prev Next

Request Attributes represent dynamic input parameters passed in Authorization requests, enabling fine-grained, request-specific logic to be evaluated as part of the Access Decision.

The PDP evaluates these Attributes when used by the Policy logic in Conditions or Assets Rule Sets with the request. syntax.

If Request Attributes are defined with API Mappers in the Workspace settings, the PDP extracts the Request Attribute value dynamically according to the defined mapper. Values can be extracted from the incoming REST request's path, query parameters, headers, or body—based on the configured Mappers and their associated API Mappers, similar to how Asset Attributes use API Mappers.


Managing Request Attributes

You can manage Request Attributes in the Authorization Workspace under the Request Attributes tab. Each Attribute includes a Display Name, ID, optional Description, and a list of Mappings that determine where the PDP retrieves its value.

Creating a Request Attribute

  1. Open your Authorization Workspace Settings.
  2. Select the Request Attributes tab.
  3. Click New Attribute.
  4. Enter a Display Name (used in the Workspace UI).
  5. Enter a Request Attribute ID (Referenced in the Policy logic and used in Authorization request calculations).
  6. Enter a Description (optional).
  7. Click Create to create your Request Attribute

Defining Request Attribute Mappings

  1. To use the Request Attribute with dynamic API Mappers, define the Mappings by clicking on Request Attribute Mappings under the Mapping section.
  2. In the side panel that opens, click Add to create a new collapsible Mapping block. You can also edit or delete a Mapping block by clicking on Edit or the trash icon.
  3. Fill out the Mapping form:
    • Source – The source of the value (e.g., Path, Body, Header, Query).
    • Path – The path to the value in the request.
    • API Mapper – Select from the list of defined API Mappers for the Application.
  4. Click Save, then Close the side panel.
API Mappers
  • A Mapper is marked as Incomplete if no API Mapper is selected.
  • If an API Mapper is already used in another Mapping block, it will be unavailable to use in another mapping block.

Editing a Request Attribute

  1. Go to the Authorization Workspace Settings.
  2. Select the Request Attributes tab.
  3. Select the Attribute in the list and click Edit.
  4. Modify the fields as needed.
  5. Click Save to apply your changes.

Deleting a Request Attribute

  1. Navigate to the Authorization Workspace Settings.
  2. Open the Request Attributes tab.
  3. Hover over the Attribute you want to delete and click the trash icon.
  4. Confirm the deletion in the Delete this Request Attribute? prompt.

⚠️ You cannot delete a Request Attribute that is currently connected to an API Mapper. Ensure that you unlink the API Mapper or delete the Mapping block before deleting the Request Attribute.

Defining the Source and Path

Each Mapper defines a Source (where the value comes from) and a Path (how to extract it). The table below outlines the available options:

Source Description Example Value
Path Extracts a value from the URI path. A numeric path index (e.g., [4]) indicates the position of the segment in the URI. [4]
Body Extracts the value from the JSON body of the request using JSONPath syntax. $.accounts.accountId
Header Extracts the value from a specified HTTP header. x-user-role
Query Extracts the value from a query parameter in the URI. /loan?status=pending
URI Regex Extracts the value using a regular expression applied to the full URI. This allows more flexible matching patterns. ^/env/\d+\?action=(\w+)$

Path Mapping Example

In the following example, two Attributes are included in the API call. The API Mapper defines the user Attribute value by the path [4] and the account Attribute by the path [6].

image.png

For more information about using Request Attributes with the V5 API, refer to Working with the V5 Endpoint for API Access.