The Access Evaluations Service

At the heart of the SGNL Access API suite is the Evaluations API, which addresses the following fundamental question that most organizations have with regards to access to protected assets:

Can this Principal perform this Action on this Asset?

Based on business context at the time of the request and configured policy, the Access API returns a clear “Allow” or “Deny” response.

cURL Request

curl --location 'https://{yourClientName}.sgnlapis.cloud/access/v2/evaluations' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <Authentication Token for the Protected System>' \
--data-raw '{
   "principal": {
       "id": "[email protected]"
   },
   "queries": [
       {
           "action": "read",
           "assetId": "Issue-314"
       },
       {
           "action": "write",
           "assetId": "Issue-314"
       },
       {
           "action": "read",
           "assetId": "Issue-1618"
       }
   ]
}'

cURL Response

{
   "decisions": [
       {
           "action": "read",
           "assetId": "Issue-314",
           "decision": "Allow"
       },
       {
           "action": "write",
           "assetId": "Issue-314",
           "decision": "Allow"
       },
       {
           "action": "read",
           "assetId": "Issue-1618",
           "decision": "Deny"
       }
   ],
   "evaluationDuration": 9,
   "issuedAt": "2023-11-08T02:53:56.562262241Z",
   "principalId": "[email protected]"
}

Sample Python Code

import requests
import json

# The API endpoint
url = "https://{yourClientName}.sgnlapis.cloud/access/v2/evaluations"

# The headers for the request
headers = {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer <Authentication Token for the Protected System>'
}

# The JSON data payload
payload = json.dumps({
    "principal": {
        "id": "[email protected]"
    },
    "queries": [
        {"action": "read", "assetId": "Issue-314"},
        {"action": "write", "assetId": "Issue-314"},
        {"action": "read", "assetId": "Issue-1618"}
    ]
})

# Make the POST request
response = requests.post(url, headers=headers, data=payload)

# Check if the request was successful
if response.ok:
    # Process and print results
    response_data = response.json()
    for decision in response_data.get('decisions', []):
        print(f"{response_data['principalId']}, {decision['assetId']}, {decision['action']}, {decision['decision']}")
else:
    print(f"Failed to get a valid response, status code: {response.status_code}")

For those who prefer Node.js, SGNL provides an Node.js SDK.

The SGNL Access Evaluations API documentation can be found on our API Documentation Page.