PingOne

Making decision requests to Authorize gateway instances

Use the POST localhost:<port>/api/authorize operation to execute a decision request against a gateway instance.

Before you execute decision requests against gateway instances in your organization’s infrastructure, make sure you’ve completed steps 1 - 5 in Setting up an Authorize gateway.

Authentication

You can enforce client authentication on the /api/authorize endpoint by configuring a shared secret. Learn more in Authentication for Authorize gateway endpoints.

Request body

The request body requires the parameters property.

The userContext property is required when your authorization policies include built-in PingOne User attributes. Learn more in Built-in attributes.

Parameters consist of an attribute name and value separated by a colon. For example:

{
    "parameters": {
        "Amount": "990",
        "Account": "Basic Checking",
        "Payment.consentId": "{{consentID}}"
    },
    "userContext": {
        "user": {
            "id": "{{userID}}"
        }
    }
}

Example request

curl --location 'http://localhost:8080/api/authorize' \
  --header 'Authorization: Bearer example-secret' \
  --header 'Content-Type: application/json' \
  --data '
{
  "parameters": {
    "Amount": "990"
  },
  "userContext": {
    "user": {
      "id": "12356bca-0e34-4c02-8b19-51349ddd4ed5"
    }
  }
}'

Example response

{
   "id": "13234d13-7cc5-4394-a1a4-c685cbff4a5d",
   "authorizationVersion: {
       "id": "2027cfbe-4fcc-46f8-9c2f-d1f34983a43f"
    },
   "timestamp": "2025-07-25T23:09:11.439455948Z",
   "elapsedMicroseconds": 409,
   "decision": "PERMIT",
   "authorized": true,
   "statements": [],
   "status": {
       "code": "OKAY",
       "messages": [],
       "errors": []
   }
}