Common API Parts

All common API Parts like used headers are defined in Common REST API Guide.

Decision Enforcement

POST ing an Event will return an AuthorizationDecision based on the currently deployed Policies. Content-Type for request and response is application/json. The header needs to contain an authentication token (see below).

Example request

POST /event HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJjczQiXSwiZXhwIjoxNDkxNjIxODI5LCJzb2x1dGlvbl9pZCI6ImNzNCIsImF1dGhvcml0aWVzIjpbIlJPTEVfQ0xJRU5UIl0sImp0aSI6IjNlMDg4N2RhLTkxMGQtNGI2Yi05MTlhLTRlYmU5MTA4NGNlOCIsImNsaWVudF9pZCI6ImNzNCJ9.X9FshfaVhwoViYc5JbXKyAZSUAOSYmrZ07RuWUii6po
Content-Type: application/json

{ "actionId": { "scope": "test", "action": "showEmployee" }, "timestamp": 1491578472797, "parameters": [] }

Example response

HTTP/1.1 200 OK
Content-Type: application/json

  "id": {
    "identifier": "urn:decision:allow"
  "eventAllowed": true,
  "modifiers": [],
  "delay": 0


In order to do an Enforcement at PDP /event/ Endpoint the caller has to provide an OAuth access-token. This can be retreived at the Authorization Server. The URL and the client credentials are provided during account creation. The token should be provided in the Bearer Authorization Header. To get the access token do the following, query the Authorization Header like follows (credentials are located in form body):

$ curl -i -H 'Content-Type: application/x-www-form-urlencoded'
  	-X POST 'https://authorizationserver:port/oauth/token‚
    -d 'grant_type=client_creentials&client_id=cs4&client_secret=secret123