Skip to main content

Policy

The Authorizer makes three APIs available to the calling application for the purpose of interacting with the Policies modules that are loaded in the Authorizer:

  • policy/policies
  • policy/policies/{id}
  • policy/modules/{id}

Each of these APIs is a GET style API.

policy/policies#

GET .../api/v1/policy/policies

This will return a list of all the policies loaded in the Authorizer.

results#

{  "results": [    {      "name": "peoplefinder",      "id": "193725120"    },    {      "name": "mycars",      "id": "193790657"    }  ]}

policy/policies/{id}#

GET .../api/v1/policy/policies/{id}

This will return the list of policy modules for the policy ID specified, which is extracted from the results of the /policy/policies call.

results#

{  "id": "193725120",  "name": "peoplefinder",  "policies": [    {      "name": "peoplefinder.DELETE.api.users.__id",      "id": "YXNlcnRvMS9wZW9wbGVmaW5kZXIvdXNlcnMvX19pZC9kZWxldGUucmVnbw=="    },    {      "name": "peoplefinder.GET.api.users.__id",      "id": "YXNlcnRvMS9wZW9wbGVmaW5kZXIvdXNlcnMvX19pZC9nZXQucmVnbw=="    },    ...  ]}

policy/modules/{id}#

GET .../api/v1/policy/modules/{id}

This will return the content of the policy module ID specified, which is extracted from the results of the /policy/policies/{id} call.

results#

{  "module": {    "id": "YXNlcnRvMS9wZW9wbGVmaW5kZXIvdXNlcnMvcG9zdC5yZWdv",    "name": "peoplefinder.POST.api.users",    "content": "package peoplefinder.POST.api.users\n\ndefault allowed = false\n\ndefault visible = false\n\ndefault enabled = false\n\nallowed {\n\tu = input.user\n\tu.attributes.properties.department == \"Operations\"\n\tu.attributes.properties.title == \"IT Manager\"\n}\n\nvisible {\n\tallowed\n}\n\nenabled {\n\tallowed\n}\n",    "rules": [      "allowed",      "visible",      "enabled",      "allowed",      "visible",      "enabled"    ]  }}