Skip to main content


The decisiontree API allows the caller to get the value of any decisions across ALL policy modules, with a user context, but without a resource context.

This API is useful for getting a "decision tree" that guides a calling application around what functionality will be available to a user based on their context.

It is used by the the display state map middleware in SDKs such as the Topaz Node.js SDK, in conjunction with the Topaz React SDK, that is useful in conditionally rendering UI elements based on the display state that corresponds to a decision.

The inputs to the decisiontree API are the user context, the set of decisions that the calling application wants to evaluate, the (optional) policy module used to make the decision(s), the (optional) resource context, and a set of options.


POST .../api/v2/authz/decisiontree

Input payload

"identityContext": {
"identity": "<subject>"
"policyContext": {
"decisions": ["visible", "enabled"],
"path": "sample"
"resourceContext": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
"options": {
"pathSeparator": "PATH_SEPARATOR_SLASH"

The identityContext map is documented here.

The policyContext map is documented here.

The resourceContext map is documented here.

The options map allows the caller to specify the format for retrieving the cartesian product of paths and decisions that are being requested.

Path separator

Path separator values are:

  • PATH_SEPARATOR_SLASH: the key in the returned decision tree is of the form VERB/route/segments/etc
  • PATH_SEPARATOR_DOT: the key in the returned decision tree is of the form VERB.route.segments.etc

Output payload

The return payload for the options above may look like the following:

"GET/api/orders": {
"visible": true,
"enabled": true