Skip to main content
Version: 1.17

APIs

Access Decision Service (ADS) provides REST APIs that serve as the programmatic interface for various ADS functions. These APIs are designed to offer a streamlined approach to query access permissions and to manage the service itself.

  • Application API

    The Application API of ADS provides a suite of RESTful endpoints through which you can submit authorization queries. The API evaluates these queries against authorization policies defined in ADS and returns responses that include authorization decisions.

  • Administration API

    The Administration API is used for the operational management of ADS. It includes a range of RESTful endpoints for service maintenance, including those for conducting health checks, monitoring service metrics, and retrieving system information. This API is crucial for continuous monitoring and ensuring that ADS operates efficiently.

Follow the links below to read more information on ADS APIs:

Configure service connectors

You can find instructions on how to customize service connectors for Application and Administration API endpoints in the Service connectors section.

Authentication

You can enhance security by incorporating authentication in the authorization process of ADS.

When ADS is configured to use authentication, any request without authentication headers, or with invalid credentials, will return HTTP 401 Unauthorized.

The authorization header carries authentication parameters. For example, in basic authentication, this header includes the word Basic followed by a base64-encoded string that merges the username, a colon character, and the password.

While most HTTP clients provide simplified methods for inputting these details, understanding the underlying process is essential.

Example

The following examples use curl:

curl --data @request.json -H content-type:application/xacml+json http://localhost:8080/authorize -H authorization:Basic\ YWRzLXVzZXI6c2VjcmV0

This command is simplified with -u in curl, which internally constructs the necessary authorization header:

curl --data @request.json -H content-type:application/xacml+json http://localhost:8080/authorize -u ads-user:secret

For detailed information, refer to the documentation of your respective HTTP client.

Read more on authentication options in the Authentication section.