JsonApiCondition
Last updated
Last updated
The JsonApiCondition works by sending an HTTPS GET request to a specified JSON API endpoint, extracting relevant data from the response using a query, and then comparing the extracted value against an expected result.
Potential use cases include geographic restrictions based on IP address or weather-based access control.
It is composed of the following properties:
endpoint: the HTTPS URI for the JSON API endpoint that will be queried, e.g.https://api.example.com/user/status
parameters(Optional): a key-value mapping of parameter names and values to pass as part of the HTTPS GET request. These parameters will be appended to the URL as query string parameters.
query(Optional): a JSONPath query used to extract specific data from the JSON response.
(Optional): A bearer token that will be included in the HTTPS Authorization header. It enables the use of endpoints that require OAuth/JWT authorization.
: the test to validate the value extracted by the JSONPath query.
Error Handling
If the HTTPS response does not return a status code of 200, the condition will fail automatically, and access will be denied.
If the JSONPath query is provided but cannot properly extract the desired value, the condition will fail, resulting in access being denied.
If an invalid authorizationToken is provided, the call to the API will fail, causing the condition to fail and access to be denied.
The condition would be satisfied if the API endpoint returned something analogous to the following:
Client-side:
Server-side: