Invoke the RTSS XACML engine

Invoke the RTSS XACML engine

The RTSS XACML engine can be invoked directly to retrieve policy decisions. Both Reverse Proxy or Application resources can be used in an RTSS request. A JSON endpoint that roughly adheres to the XACML JSON specification can be accessed via:
https://{runtime_hostname}/rtss/rest/authz/json

To determine which policy to evaluate, the engine will lookup configured policy attachments via a policy key. The key corresponds to the concatenation of the resource server and resourceUri. For example,a policy attachment with server isam.ibm.com-default and resourceURI /protected will be referenced by key...
isam.ibm.com-default/protected

This key is required when sending the JSON request. The engine will attempt to find the policy key via the Request.Environment attributes ContextId or ApplicationId, and if neither are set then the Request.Resource resource-id attribute will be used.

ContextId JSON example

ApplicationId JSON example

resource-id JSON example

Parent topic: Access control policies