Deny Authorization

An Authorization in pended status can be Denied using 'Deny Authorization' operation.

  • When an authorization is the status "Pended", a Deny link is added to the authorization resource:

The table below gives an overview:

Table 1. Deny link for an Authorization in status:
Status of the authorization Link Resource Available

Entry

No

In Process

No

Pended

Yes

Changed

No

Approved

No

Denied

No

 
{
  "links":
 [
  {
    "href": "http://[hostName]:[portNumber]/[api-context-root]/generic/authorizations/{id}",
    "rel": "self"
  },
  {
    "href": "http://[hostName]:[portNumber]/[api-context-root]/authorizations/{id}/deny",
    "rel": "authorization:deny",
    "httpMethod": "POST"
  }
 ]
}

  • Clicking on this link system asks to attach a fatal message. Clients must send one authorization fatal message in the POST payload:

{
  "authorizationmessage":
  {
    "message":
    {
      "id": "<id of message>"
    }
  }
}

  • Without a fatal message, HTTP Status 400 (Bad Request) is returned.

Operation

  • Status of the authorization changes to 'Denied'

  • Creates the Authorization status history for this change in the status

  • Creates Authorization pend history records for this change in the status for all pend reasons that are attached to the Authorization

    • The resolved by and resolved date time attributes of the Authorization pend history records of the most recent authorization status history for status pended are not set (because they are not yet resolved)

  • Pend reasons are removed and pend history corresponding to the authorization status history for the status pended (for the current process step) gets updated to resolved.

  • HTTP Status 201 is returned together with a representation of the authorization resource

  • Response Header with re-direction link to authorization is provided

Authorization

The operation in this section is protected by access restriction "authorization.deny IP". A grant must be given with create, read and update flag set. A Read grant must also be given to access restriction "authorizations API".

Response Message

Failure

Table 2. Response Messages
Response Description

AUT-IP-AUTO-001

Authorization id {id} is unknown

AUT-IP-AUTI-024

Authorizations in status {status} cannot be Denied

AUT-IP-AUTI-013

Message code {0} is unknown

See Response Messages for more details.