Skip to main content

authz/query

The query API is the most abstract API for interacting with the Authorizer. It allows the caller to send a general query to the Authorizer, along with an input, and returns the output from the Authorizer.

URL

POST .../api/v2/authz/query

Input payload

{
"identityContext": {
"identity": "[topaz-user-guid]",
"type": "IDENTITY_TYPE_*"
},
"policyContext": {
"decisions": ["string"],
"path": "string"
},
"resourceContext": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"input": "string",
"query": "string",
"options": {
"instrument": true,
"metrics": true,
"trace": "TRACE_LEVEL_*",
"traceSummary": true
}
}

The identityContext map is documented here.

The policyContext map is documented here.

The resourceContext map is documented here.

The input parameter is a string that encodes a JSON document, and is mapped into the input in the context of evaluating the policy.

The query parameter is a rego query that is evaluated over the policy.

The options map allows the caller to instrument the query, retrieve metrics, set a trace level, and get a trace summary.

Trace levels

The trace levels can be one of the following values:

  • TRACE_LEVEL_OFF
  • TRACE_LEVEL_FULL
  • TRACE_LEVEL_NOTES
  • TRACE_LEVEL_FAIL