Create Statement

POST {{apiPath}}/v2/policy-manager/statements?branch={{branchId}}

The POST /v2/policy-manager/statements operation creates a new statement in a specified Policy Editor branch. The request must provide either a branch ID or a snapshot ID in the request URL to specify where the statement should be added.

Use the unique ID generated upon creation to add that statement to a policy. Refer to Create Policy.

Prerequisites

Create a branch to get a branch ID.
Create a snapshot to get a snapshot ID.

Query parameters

Query parameter Description

Query parameter	Description
`branch`	Branch ID or name
`snapshot`	Snapshot ID

branch

Branch ID or name

snapshot

Snapshot ID

Request Model

For property descriptions, refer to Statements data model.

Property Type Required

Property	Type	Required
`name`	String	Required
`code`	String	Required
`appliesIf`	String	Optional
`appliesTo`	String	Optional
`attributes`	Object	Optional
`description`	String	Optional
`obligatory`	Boolean	Optional
`payload`	String	Optional
`services`	Object	Optional

name

String

Required

code

String

Required

appliesIf

String

Optional

appliesTo

String

Optional

attributes

Object

Optional

description

String

Optional

obligatory

Boolean

Optional

payload

String

Optional

services

Object

Optional

Headers

Content-Type application/json

x-user-id {{userId}}

Body

raw ( application/json )

{
    "type": "statement",
    "name": "new-example-statement",
    "description": "An example statement for deny decisions.",
    "shared": false,
    "code": "denied-reason",
    "appliesTo": "DENY",
    "appliesIf": "PATH_MATCHES",
    "payload": "Requested operation not allowed by the granted OAuth scopes.",
    "obligatory": false,
    "attributes": [],
    "services": []
}

Example Request

curl --location --globoff '{{apiPath}}/v2/policy-manager/statements?branch={{branchId}}' \
--header 'x-user-id: {{userId}}' \
--header 'Content-Type: application/json' \
--data '{
    "type": "statement",
    "name": "new-example-statement",
    "description": "An example statement for deny decisions.",
    "shared": false,
    "code": "denied-reason",
    "appliesTo": "DENY",
    "appliesIf": "PATH_MATCHES",
    "payload": "Requested operation not allowed by the granted OAuth scopes.",
    "obligatory": false,
    "attributes": [],
    "services": []
}'

var options = new RestClientOptions("{{apiPath}}/v2/policy-manager/statements?branch={{branchId}}")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("x-user-id", "{{userId}}");
request.AddHeader("Content-Type", "application/json");
var body = @"{" + "\n" +
@"    ""type"": ""statement""," + "\n" +
@"    ""name"": ""new-example-statement""," + "\n" +
@"    ""description"": ""An example statement for deny decisions.""," + "\n" +
@"    ""shared"": false," + "\n" +
@"    ""code"": ""denied-reason""," + "\n" +
@"    ""appliesTo"": ""DENY""," + "\n" +
@"    ""appliesIf"": ""PATH_MATCHES""," + "\n" +
@"    ""payload"": ""Requested operation not allowed by the granted OAuth scopes.""," + "\n" +
@"    ""obligatory"": false," + "\n" +
@"    ""attributes"": []," + "\n" +
@"    ""services"": []" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);

package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/v2/policy-manager/statements?branch={{branchId}}"
  method := "POST"

  payload := strings.NewReader(`{
    "type": "statement",
    "name": "new-example-statement",
    "description": "An example statement for deny decisions.",
    "shared": false,
    "code": "denied-reason",
    "appliesTo": "DENY",
    "appliesIf": "PATH_MATCHES",
    "payload": "Requested operation not allowed by the granted OAuth scopes.",
    "obligatory": false,
    "attributes": [],
    "services": []
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("x-user-id", "{{userId}}")
  req.Header.Add("Content-Type", "application/json")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

POST /v2/policy-manager/statements?branch={{branchId}} HTTP/1.1
Host: {{apiPath}}
x-user-id: {{userId}}
Content-Type: application/json

{
    "type": "statement",
    "name": "new-example-statement",
    "description": "An example statement for deny decisions.",
    "shared": false,
    "code": "denied-reason",
    "appliesTo": "DENY",
    "appliesIf": "PATH_MATCHES",
    "payload": "Requested operation not allowed by the granted OAuth scopes.",
    "obligatory": false,
    "attributes": [],
    "services": []
}

OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"type\": \"statement\",\n    \"name\": \"new-example-statement\",\n    \"description\": \"An example statement for deny decisions.\",\n    \"shared\": false,\n    \"code\": \"denied-reason\",\n    \"appliesTo\": \"DENY\",\n    \"appliesIf\": \"PATH_MATCHES\",\n    \"payload\": \"Requested operation not allowed by the granted OAuth scopes.\",\n    \"obligatory\": false,\n    \"attributes\": [],\n    \"services\": []\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/v2/policy-manager/statements?branch={{branchId}}")
  .method("POST", body)
  .addHeader("x-user-id", "{{userId}}")
  .addHeader("Content-Type", "application/json")
  .build();
Response response = client.newCall(request).execute();

var settings = {
  "url": "{{apiPath}}/v2/policy-manager/statements?branch={{branchId}}",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "x-user-id": "{{userId}}",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify({
    "type": "statement",
    "name": "new-example-statement",
    "description": "An example statement for deny decisions.",
    "shared": false,
    "code": "denied-reason",
    "appliesTo": "DENY",
    "appliesIf": "PATH_MATCHES",
    "payload": "Requested operation not allowed by the granted OAuth scopes.",
    "obligatory": false,
    "attributes": [],
    "services": []
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});

var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/v2/policy-manager/statements?branch={{branchId}}',
  'headers': {
    'x-user-id': '{{userId}}',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    "type": "statement",
    "name": "new-example-statement",
    "description": "An example statement for deny decisions.",
    "shared": false,
    "code": "denied-reason",
    "appliesTo": "DENY",
    "appliesIf": "PATH_MATCHES",
    "payload": "Requested operation not allowed by the granted OAuth scopes.",
    "obligatory": false,
    "attributes": [],
    "services": []
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});

import requests
import json

url = "{{apiPath}}/v2/policy-manager/statements?branch={{branchId}}"

payload = json.dumps({
  "type": "statement",
  "name": "new-example-statement",
  "description": "An example statement for deny decisions.",
  "shared": False,
  "code": "denied-reason",
  "appliesTo": "DENY",
  "appliesIf": "PATH_MATCHES",
  "payload": "Requested operation not allowed by the granted OAuth scopes.",
  "obligatory": False,
  "attributes": [],
  "services": []
})
headers = {
  'x-user-id': '{{userId}}',
  'Content-Type': 'application/json'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/v2/policy-manager/statements?branch={{branchId}}');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'x-user-id' => '{{userId}}',
  'Content-Type' => 'application/json'
));
$request->setBody('{\n    "type": "statement",\n    "name": "new-example-statement",\n    "description": "An example statement for deny decisions.",\n    "shared": false,\n    "code": "denied-reason",\n    "appliesTo": "DENY",\n    "appliesIf": "PATH_MATCHES",\n    "payload": "Requested operation not allowed by the granted OAuth scopes.",\n    "obligatory": false,\n    "attributes": [],\n    "services": []\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}

require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/v2/policy-manager/statements?branch={{branchId}}")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["x-user-id"] = "{{userId}}"
request["Content-Type"] = "application/json"
request.body = JSON.dump({
  "type": "statement",
  "name": "new-example-statement",
  "description": "An example statement for deny decisions.",
  "shared": false,
  "code": "denied-reason",
  "appliesTo": "DENY",
  "appliesIf": "PATH_MATCHES",
  "payload": "Requested operation not allowed by the granted OAuth scopes.",
  "obligatory": false,
  "attributes": [],
  "services": []
})

response = http.request(request)
puts response.read_body

let parameters = "{\n    \"type\": \"statement\",\n    \"name\": \"new-example-statement\",\n    \"description\": \"An example statement for deny decisions.\",\n    \"shared\": false,\n    \"code\": \"denied-reason\",\n    \"appliesTo\": \"DENY\",\n    \"appliesIf\": \"PATH_MATCHES\",\n    \"payload\": \"Requested operation not allowed by the granted OAuth scopes.\",\n    \"obligatory\": false,\n    \"attributes\": [],\n    \"services\": []\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/v2/policy-manager/statements?branch={{branchId}}")!,timeoutInterval: Double.infinity)
request.addValue("{{userId}}", forHTTPHeaderField: "x-user-id")
request.addValue("application/json", forHTTPHeaderField: "Content-Type")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "id": "764308bd-36fe-4fbe-bf79-39f7042cc2b4",
    "version": "1e5985fd-310c-4438-8173-6d2971c10264",
    "type": "statement",
    "name": "new-example-statement",
    "description": "An example statement for deny decisions.",
    "shared": false,
    "code": "denied-reason",
    "appliesTo": "DENY",
    "appliesIf": "PATH_MATCHES",
    "payload": "Requested operation not allowed by the granted OAuth scopes.",
    "obligatory": false,
    "permissions": {
        "inherit": true,
        "rolePermissions": []
    },
    "attributes": [],
    "services": []
}

PingAuthorize API Reference

Create Statement

Prerequisites

Headers

Body

Example Request

Example Response