Skip to main content

authz/query

The query API is the most abstract API for interacting with the Authorizer. It allows the caller to send a general query to the Authorizer, along with an input, and returns the output from the Authorizer.

URL#

POST .../api/v1/authz/query

Input payload#

{  "identityContext": {    "identity": "[aserto-user-guid]",    "type": "IDENTITY_TYPE_*"  },   "policyContext": {    "decisions": [      "string"    ],    "id": "string",    "path": "string"  },  "resourceContext": {    "additionalProp1": "string",    "additionalProp2": "string",    "additionalProp3": "string"  },  "input": "string",  "query": "string",  "options": {    "instrument": true,    "metrics": true,    "trace": "TRACE_LEVEL_*",    "traceSummary": true  }}

The identityContext map is documented here.

The policyContext map is documented here.

The resourceContext map is documented here.

The input parameter is a string that encodes a JSON document, and is mapped into the input in the context of evaluating the policy.

The query parameter is a rego query that is evaluated over the policy.

The options map allows the caller to instrument the query, retrieve metrics, set a trace level, and get a trace summary.

Trace levels#

The trace levels can be one of the following values:

  • TRACE_LEVEL_OFF
  • TRACE_LEVEL_FULL
  • TRACE_LEVEL_NOTES
  • TRACE_LEVEL_FAIL