authz/query

The query API is the most abstract API for interacting with the Authorizer. It allows the caller to send a general query to the Authorizer, along with an input, and returns the output from the Authorizer.

URL

POST .../api/v2/authz/query

Input payload

{
  "identityContext": {
    "identity": "[topaz-user-guid]",
    "type": "IDENTITY_TYPE_*"
  },
  "policyContext": {
    "decisions": ["string"],
    "path": "string"
  },
  "resourceContext": {
    "additionalProp1": "string",
    "additionalProp2": "string",
    "additionalProp3": "string"
  },
  "input": "string",
  "query": "string",
  "options": {
    "instrument": true,
    "metrics": true,
    "trace": "TRACE_LEVEL_*",
    "traceSummary": true
  }
}

The identityContext map is documented here.

The policyContext map is documented here.

The resourceContext map is documented here.

The input parameter is a string that encodes a JSON document, and is mapped into the input in the context of evaluating the policy.

The query parameter is a rego query that is evaluated over the policy.

The options map allows the caller to instrument the query, retrieve metrics, set a trace level, and get a trace summary.

Trace levels

The trace levels can be one of the following values:

TRACE_LEVEL_OFF
TRACE_LEVEL_FULL
TRACE_LEVEL_NOTES
TRACE_LEVEL_FAIL

authz/query

URL​

Input payload​

Trace levels​

URL

Input payload

Trace levels