Evaluate a Bulk Decision Request
POST {{gatewayInstanceBaseUrl}}/api/authorizeThe POST {{gatewayInstanceBaseUrl}}/api/authorize operation executes a bulk decision request against self-managed gateway instances.
Use localhost:<port> for {{gatewayInstanceBaseUrl}} in the request URL. The default port is 8080, but this can be configured when you start a gateway instance. See Starting an Authorize gateway instance in the PingOne admin documentation for more information.
This operation uses the application/vnd.pingidentity.decisionengine.authorize.bulk+json custom media type in the Content-Type request header.
The request body contains two main parts:
-
Top-level properties:
parametersanduserContext, which apply to all decision requests. These properties are optional. -
decisionRequest: An array of individual decision requests, each with its ownparametersanduserContextproperties. There’s no limit on how many requests can be included in thedecisionRequestarray. This property is required.
|
If any parameters are shared between the top-level request and individual requests, the individual request value overrides the top-level value. |
This operation uses the opt-in authentication feature. When authentication is enabled and the correct authentication is not provided, a 401 response is returned.
When successful, a 200 OK status code is returned.
Prerequisites
-
See Setting up an Authorize gateway and Authentication for Authorize gateway endpoints in the PingOne admin documentation for information on deploying Authorize gateways and defining a shared secret for gateway instances.
Request Model
For property descriptions, refer to Policy decision evaluation request data model.
| Property | Type? | Required? |
|---|---|---|
|
Array |
Required |
|
Object |
Optional |
|
UUID |
Optional |
|
The Try a Request functionality below is not applicable to this request. |
Headers
Authorization Bearer {{sharedSecret}}
Content-Type application/vnd.pingidentity.decisionengine.authorize.bulk+json
Body
raw ( application/vnd.pingidentity.decisionengine.authorize.bulk+json )
{
"parameters": {
"resource.type": "payment",
"resource.currency": "USD"
},
"userContext": {
"user": {
"id": "{{userID}}"
}
},
"decisionRequests": [
{
"parameters": {
"requestId": "payment-001",
"resource.amount": 120.00,
"accountBalance": 500.00
}
},
{
"parameters": {
"requestId": "payment-002",
"resource.amount": 2000.00,
"accountBalance": 1000.00
}
}
]
}Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{gatewayInstanceBaseUrl}}/api/authorize' \
--header 'Content-Type: application/vnd.pingidentity.decisionengine.authorize.bulk+json' \
--header 'Authorization: Bearer {{sharedSecret}}' \
--data '{
"parameters": {
"resource.type": "payment",
"resource.currency": "USD"
},
"userContext": {
"user": {
"id": "{{userID}}"
}
},
"decisionRequests": [
{
"parameters": {
"requestId": "payment-001",
"resource.amount": 120.00,
"accountBalance": 500.00
}
},
{
"parameters": {
"requestId": "payment-002",
"resource.amount": 2000.00,
"accountBalance": 1000.00
}
}
]
}'var options = new RestClientOptions("{{gatewayInstanceBaseUrl}}/api/authorize")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/vnd.pingidentity.decisionengine.authorize.bulk+json");
request.AddHeader("Authorization", "Bearer {{sharedSecret}}");
var body = @"{" + "\n" +
@" ""parameters"": {" + "\n" +
@" ""resource.type"": ""payment""," + "\n" +
@" ""resource.currency"": ""USD"" " + "\n" +
@" }," + "\n" +
@" ""userContext"": {" + "\n" +
@" ""user"": {" + "\n" +
@" ""id"": ""{{userID}}""" + "\n" +
@" }" + "\n" +
@" }," + "\n" +
@" ""decisionRequests"": [" + "\n" +
@" {" + "\n" +
@" ""parameters"": {" + "\n" +
@" ""requestId"": ""payment-001""," + "\n" +
@" ""resource.amount"": 120.00," + "\n" +
@" ""accountBalance"": 500.00" + "\n" +
@" }" + "\n" +
@" }," + "\n" +
@" {" + "\n" +
@" ""parameters"": {" + "\n" +
@" ""requestId"": ""payment-002""," + "\n" +
@" ""resource.amount"": 2000.00," + "\n" +
@" ""accountBalance"": 1000.00" + "\n" +
@" }" + "\n" +
@" }" + "\n" +
@" ]" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{gatewayInstanceBaseUrl}}/api/authorize"
method := "POST"
payload := strings.NewReader(`{
"parameters": {
"resource.type": "payment",
"resource.currency": "USD"
},
"userContext": {
"user": {
"id": "{{userID}}"
}
},
"decisionRequests": [
{
"parameters": {
"requestId": "payment-001",
"resource.amount": 120.00,
"accountBalance": 500.00
}
},
{
"parameters": {
"requestId": "payment-002",
"resource.amount": 2000.00,
"accountBalance": 1000.00
}
}
]
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/vnd.pingidentity.decisionengine.authorize.bulk+json")
req.Header.Add("Authorization", "Bearer {{sharedSecret}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /api/authorize HTTP/1.1
Host: {{gatewayInstanceBaseUrl}}
Content-Type: application/vnd.pingidentity.decisionengine.authorize.bulk+json
Authorization: Bearer {{sharedSecret}}
{
"parameters": {
"resource.type": "payment",
"resource.currency": "USD"
},
"userContext": {
"user": {
"id": "{{userID}}"
}
},
"decisionRequests": [
{
"parameters": {
"requestId": "payment-001",
"resource.amount": 120.00,
"accountBalance": 500.00
}
},
{
"parameters": {
"requestId": "payment-002",
"resource.amount": 2000.00,
"accountBalance": 1000.00
}
}
]
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/vnd.pingidentity.decisionengine.authorize.bulk+json");
RequestBody body = RequestBody.create(mediaType, "{\n \"parameters\": {\n \"resource.type\": \"payment\",\n \"resource.currency\": \"USD\" \n },\n \"userContext\": {\n \"user\": {\n \"id\": \"{{userID}}\"\n }\n },\n \"decisionRequests\": [\n {\n \"parameters\": {\n \"requestId\": \"payment-001\",\n \"resource.amount\": 120.00,\n \"accountBalance\": 500.00\n }\n },\n {\n \"parameters\": {\n \"requestId\": \"payment-002\",\n \"resource.amount\": 2000.00,\n \"accountBalance\": 1000.00\n }\n }\n ]\n}");
Request request = new Request.Builder()
.url("{{gatewayInstanceBaseUrl}}/api/authorize")
.method("POST", body)
.addHeader("Content-Type", "application/vnd.pingidentity.decisionengine.authorize.bulk+json")
.addHeader("Authorization", "Bearer {{sharedSecret}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{gatewayInstanceBaseUrl}}/api/authorize",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/vnd.pingidentity.decisionengine.authorize.bulk+json",
"Authorization": "Bearer {{sharedSecret}}"
},
"data": JSON.stringify({
"parameters": {
"resource.type": "payment",
"resource.currency": "USD"
},
"userContext": {
"user": {
"id": "{{userID}}"
}
},
"decisionRequests": [
{
"parameters": {
"requestId": "payment-001",
"resource.amount": 120,
"accountBalance": 500
}
},
{
"parameters": {
"requestId": "payment-002",
"resource.amount": 2000,
"accountBalance": 1000
}
}
]
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{gatewayInstanceBaseUrl}}/api/authorize',
'headers': {
'Content-Type': 'application/vnd.pingidentity.decisionengine.authorize.bulk+json',
'Authorization': 'Bearer {{sharedSecret}}'
},
body: JSON.stringify({
"parameters": {
"resource.type": "payment",
"resource.currency": "USD"
},
"userContext": {
"user": {
"id": "{{userID}}"
}
},
"decisionRequests": [
{
"parameters": {
"requestId": "payment-001",
"resource.amount": 120,
"accountBalance": 500
}
},
{
"parameters": {
"requestId": "payment-002",
"resource.amount": 2000,
"accountBalance": 1000
}
}
]
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{gatewayInstanceBaseUrl}}/api/authorize"
payload = json.dumps({
"parameters": {
"resource.type": "payment",
"resource.currency": "USD"
},
"userContext": {
"user": {
"id": "{{userID}}"
}
},
"decisionRequests": [
{
"parameters": {
"requestId": "payment-001",
"resource.amount": 120,
"accountBalance": 500
}
},
{
"parameters": {
"requestId": "payment-002",
"resource.amount": 2000,
"accountBalance": 1000
}
}
]
})
headers = {
'Content-Type': 'application/vnd.pingidentity.decisionengine.authorize.bulk+json',
'Authorization': 'Bearer {{sharedSecret}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{gatewayInstanceBaseUrl}}/api/authorize');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/vnd.pingidentity.decisionengine.authorize.bulk+json',
'Authorization' => 'Bearer {{sharedSecret}}'
));
$request->setBody('{\n "parameters": {\n "resource.type": "payment",\n "resource.currency": "USD" \n },\n "userContext": {\n "user": {\n "id": "{{userID}}"\n }\n },\n "decisionRequests": [\n {\n "parameters": {\n "requestId": "payment-001",\n "resource.amount": 120.00,\n "accountBalance": 500.00\n }\n },\n {\n "parameters": {\n "requestId": "payment-002",\n "resource.amount": 2000.00,\n "accountBalance": 1000.00\n }\n }\n ]\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{gatewayInstanceBaseUrl}}/api/authorize")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/vnd.pingidentity.decisionengine.authorize.bulk+json"
request["Authorization"] = "Bearer {{sharedSecret}}"
request.body = JSON.dump({
"parameters": {
"resource.type": "payment",
"resource.currency": "USD"
},
"userContext": {
"user": {
"id": "{{userID}}"
}
},
"decisionRequests": [
{
"parameters": {
"requestId": "payment-001",
"resource.amount": 120,
"accountBalance": 500
}
},
{
"parameters": {
"requestId": "payment-002",
"resource.amount": 2000,
"accountBalance": 1000
}
}
]
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"parameters\": {\n \"resource.type\": \"payment\",\n \"resource.currency\": \"USD\" \n },\n \"userContext\": {\n \"user\": {\n \"id\": \"{{userID}}\"\n }\n },\n \"decisionRequests\": [\n {\n \"parameters\": {\n \"requestId\": \"payment-001\",\n \"resource.amount\": 120.00,\n \"accountBalance\": 500.00\n }\n },\n {\n \"parameters\": {\n \"requestId\": \"payment-002\",\n \"resource.amount\": 2000.00,\n \"accountBalance\": 1000.00\n }\n }\n ]\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{gatewayInstanceBaseUrl}}/api/authorize")!,timeoutInterval: Double.infinity)
request.addValue("application/vnd.pingidentity.decisionengine.authorize.bulk+json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{sharedSecret}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
200 OK
{
"summary": {
"requested": 2,
"errors": 0,
"successful": 2
},
"correlationId": "a1b2c3d4-e5f6-7890-1234-567890fedcba",
"authorizationVersion": {
"id": "v2024-09-26-policy"
},
"timestamp": "2025-09-26T16:03:09.123456Z",
"responses": [
{
"id": "payment-001",
"elapsedMicroseconds": 150000,
"decision": "PERMIT",
"statements": [
{
"name": "Transaction Approved",
"code": "TXN-APPROVED",
"payload": "{\"resource.type\": \"payment\", \"resource.currency\": \"USD\", \"resource.amount\": 120.00, \"accountBalance\": 500.00}"
}
],
"status": {
"code": "OKAY",
"messages": [
"Balance check passed: $500.00 > $120.00"
],
"errors": []
}
},
{
"id": "payment-002",
"elapsedMicroseconds": 180000,
"decision": "DENY",
"statements": [
{
"name": "Insufficient Funds",
"code": "INSUF-FUNDS",
"payload": "{\"resource.type\": \"payment\", \"resource.currency\": \"USD\", \"resource.amount\": 2000.00, \"accountBalance\": 1000.00}"
}
],
"status": {
"code": "OKAY",
"messages": [
"Balance check failed: $1000.00 < $2000.00"
],
"errors": []
}
}
]
}