Authorization

The Authorizer makes three APIs available to the calling application for the purpose of authorization:

• authz/is
• authz/query
• authz/decisiontree

Each of these APIs is a POST style API and accepts an input payload.

The payload for each of these APIs includes three common objects:

• Identity context identifies the user
• Policy context identifies the path and decisions
• Policy instance identifies the policy instance
• Resource context identifies the (optional) resource