OAA Admin API

Gets the policy with trigger combinations

get

/policy/risk/v1/policies/{policygid}

Policy Browser is intended for migration customers who wishes to see the old policies created in their system. This API can be used to form the trigger combination body if its required to update a trigger combination.

Request

Path Parameters

policygid(required): string

Identifier of the policy.

There's no request body for this operation.

Response

Supported Media Types

application/xml
application/json

200 Response

Policy information

Root Schema : PolicyDetailedResponse

Type: object

Policy Detail with Trigger Combinations for Policy Browser

Show Source

checkpoint: string

Checkpoint of the policy.
message: string

Message related to the status of the request
policyDescription: string

Description of the policy.
policygid: string

Identifier of the policy.
policyname: string

Name of the policy.
policyStatus: string

Status of the policy.
rules: array rules
scoringEngine: string

Scoring Engine of the policy.
status: string

Status of the request
triggerCombinations: array triggerCombinations
weight: string

Weight of the policy.

{
    "type":"object",
    "description":"Policy Detail with Trigger Combinations for Policy Browser",
    "properties":{
        "status":{
            "type":"string",
            "description":"Status of the request"
        },
        "message":{
            "type":"string",
            "description":"Message related to the status of the request"
        },
        "policygid":{
            "type":"string",
            "description":"Identifier of the policy."
        },
        "policyname":{
            "type":"string",
            "description":"Name of the policy."
        },
        "policyDescription":{
            "type":"string",
            "description":"Description of the policy."
        },
        "policyStatus":{
            "type":"string",
            "description":"Status of the policy."
        },
        "checkpoint":{
            "type":"string",
            "description":"Checkpoint of the policy."
        },
        "scoringEngine":{
            "type":"string",
            "description":"Scoring Engine of the policy."
        },
        "weight":{
            "type":"string",
            "description":"Weight of the policy."
        },
        "rules":{
            "type":"array",
            "items":{
                "$ref":"#/components/schemas/RuleObjectDetail"
            }
        },
        "triggerCombinations":{
            "type":"array",
            "items":{
                "$ref":"#/components/schemas/TriggerCombinationsObject"
            }
        }
    }
}

Nested Schema : rules

Type: array

Show Source

Array of: object RuleObjectDetail

Rule detail for PolicyDetailedResponse for Policy Browser

{
    "type":"array",
    "items":{
        "$ref":"#/components/schemas/RuleObjectDetail"
    }
}

Nested Schema : triggerCombinations

Type: array

Show Source

Array of: object TriggerCombinationsObject

Trigger Combinations detail for PolicyDetailedResponse for Policy Browser

{
    "type":"array",
    "items":{
        "$ref":"#/components/schemas/TriggerCombinationsObject"
    }
}

Nested Schema : RuleObjectDetail

Type: object

Rule detail for PolicyDetailedResponse for Policy Browser

Show Source

actionGroup: string

Action group name
alertGroup: string

Alert group name
rulegid: string

Unique identifier for Rule
ruleName: string

Name of the Rule
ruleNotes: string

Description of the rule
ruleStatus: string

Status of the rule
score: integer

Score returned by the rule
weight: integer

Weight if the score if there are multiple rules in the context.

{
    "type":"object",
    "description":"Rule detail for PolicyDetailedResponse for Policy Browser",
    "properties":{
        "rulegid":{
            "type":"string",
            "description":"Unique identifier for Rule"
        },
        "ruleName":{
            "type":"string",
            "description":"Name of the Rule"
        },
        "score":{
            "type":"integer",
            "description":"Score returned by the rule"
        },
        "weight":{
            "type":"integer",
            "description":"Weight if the score if there are multiple rules in the context."
        },
        "actionGroup":{
            "type":"string",
            "description":"Action group name"
        },
        "alertGroup":{
            "type":"string",
            "description":"Alert group name"
        },
        "ruleStatus":{
            "type":"string",
            "description":"Status of the rule"
        },
        "ruleNotes":{
            "type":"string",
            "description":"Description of the rule"
        }
    }
}

Nested Schema : TriggerCombinationsObject

Type: object

Trigger Combinations detail for PolicyDetailedResponse for Policy Browser

Show Source

actionGroup: string

Action group name
alertGroup: string

Alert group id
description: string

Description of trigger combination
score: integer

Score of trigger combination
triggerCombinations: array triggerCombinations

{
    "type":"object",
    "description":"Trigger Combinations detail for PolicyDetailedResponse for Policy Browser",
    "properties":{
        "description":{
            "type":"string",
            "description":"Description of trigger combination"
        },
        "score":{
            "type":"integer",
            "description":"Score of trigger combination"
        },
        "actionGroup":{
            "type":"string",
            "description":"Action group name"
        },
        "alertGroup":{
            "type":"string",
            "description":"Alert group id"
        },
        "triggerCombinations":{
            "type":"array",
            "items":{
                "$ref":"#/components/schemas/RuleResult"
            }
        }
    }
}

Nested Schema : triggerCombinations

Type: array

Show Source

Array of: object RuleResult

Rule and Result for trigger combinations

{
    "type":"array",
    "items":{
        "$ref":"#/components/schemas/RuleResult"
    }
}

Nested Schema : RuleResult

Type: object

Rule and Result for trigger combinations

Show Source

ruleName: string

Name of the rule associated with trigger combination
ruleResult: string

Result value of the rule associated with trigger combination

{
    "type":"object",
    "description":"Rule and Result for trigger combinations",
    "properties":{
        "ruleName":{
            "type":"string",
            "description":"Name of the rule associated with trigger combination"
        },
        "ruleResult":{
            "type":"string",
            "description":"Result value of the rule associated with trigger combination"
        }
    }
}

401 Response

Unauthorized

500 Response

Internal server error

503 Response

Service Unavailable

Examples

The following example shows a sample request and response for retrieving an OAAM policy based on the Policy Gid. You can find the Policy Gid on the OAAM Policy Explorer.

cURL Command to Retrieve Existing OAAM Policy in JSON Format

curl --location --request GET '<PolicyUrl>/policy/risk/v1/policies/<policy_gid>' \
--header 'Authorization: Basic <Base64Encoded(<username>:<password>)>' \
--header 'Content-Type: application/json' \
--data '{
    "description": "Assertion Level between 50 and 100",
    "rules": [
        {
            "ruleName": "Challenge SMS Available",
            "ruleResult": "ANY"
        },
        {
            "ruleName": "Maximum failed Email attempts",
            "ruleResult": "ANY"
        },
        {
            "ruleName": "Maximum failed SMS attempts",
            "ruleResult": "ANY"
        },
        {
            "ruleName": "Maximum failed Question attempts",
            "ruleResult": "ANY"
        },
        {
            "ruleName": "Challenge Email Available",
            "ruleResult": "ANY"
        },
        {
            "ruleName": "Questions Active",
            "ruleResult": "ANY"
        },
        {
            "ruleName": "Check for High Risk Score",
            "ruleResult": "ANY"
        },
        {
            "ruleName": "Assertion Level <=50",
            "ruleResult": "ANY"
        },
        {
            "ruleName": "Assertion Level 50 -100",
            "ruleResult": "TRUE"
        },
        {
            "ruleName": "Assertion level 100-150",
            "ruleResult": "ANY"
        },
        {
            "ruleName": "AssertionLevel 150-200",
            "ruleResult": "ANY"
        },
        {
            "ruleName": "Assertion Level 200-250",
            "ruleResult": "ANY"
        }
    ],
    "score": "400",
    "actionGroup": "OAAM Challenge SMS",
    "alertGroup": "10003"
}'

Sample Response in JSON Format

{
    "policyName": "does user have profile",
    "status": "200",
    "message": "Policy information.",
    "policygid": "51143_424de17591ff7cb74bba3759a9fa6aaf453769e756b08693b43253d09a113439",
    "policyname": "does user have profile",
    "policyDescription": "This policy checks if pattern auto learning is enabled and if a user has past behavior recorded. Users with enough recorded behavior will be evaluated against their own profile while users without enough recorded behavior will be evaluated against the profiles of all other users.",
    "policyStatus": "ACTIVE",
    "policyStatusDisplayValue": "Active",
    "checkpoint": "User Authentication",
    "scoringEngine": "Average",
    "weight": "100",
    "rules": [
        {
            "rulegid": "51356_3d3903a75f923ab9925c3a7b5935d03cd2e9e4a31936f7ec7ad1c1294f71969a",
            "ruleName": "Does user have a profile",
            "score": "0",
            "weight": "100",
            "ruleStatus": "ACTIVE",
            "ruleStatusDisplayValue": "Active",
            "ruleNotes": "This rule checks if the pattern auto learning is enabled and if the user has a historical behavior profile."
        },
        {
            "rulegid": "9353_e49b40e49ebac38d36f5ce08ea16afc25a2e1e57642b2a7e8f9ee47a6844927b",
            "ruleName": "Is there enough pattern data available?",
            "score": "0",
            "weight": "100",
            "ruleStatus": "ACTIVE",
            "ruleStatusDisplayValue": "Active",
            "ruleNotes": "Rule checks if enough pattern data is available so that auto-learning rules can make use of it."
        }
    ],
    "triggerCombinations": [
        {
            "description": "If the profile contains enough recorded behavior, the user is evaluated by this policy.",
            "rules": [
                {
                    "ruleName": "Does user have a profile",
                    "ruleResult": "True"
                },
                {
                    "ruleName": "Is there enough pattern data available?",
                    "ruleResult": "True"
                }
            ],
            "score": "0"
        },
        {
            "description": "If a user does not have enough recorded behavior in their profile they will be evaluated by this policy.",
            "rules": [
                {
                    "ruleName": "Does user have a profile",
                    "ruleResult": "Any"
                },
                {
                    "ruleName": "Is there enough pattern data available?",
                    "ruleResult": "True"
                }
            ],
            "score": "0"
        }
    ]
}

cURL Command to Retrieve Existing OAAM Policy in XML Format

curl --location --request GET '<PolicyUrl>/policy/risk/v1/policies/<policy_gid>' \
--header 'Authorization: Basic <Base64Encoded(<username>:<password>)>' \
--header 'Content-Type: application/xml' \
--header 'Accept: application/xml' \
--data '<?xml version="1.0" encoding="UTF-8" ?>
 <TriggerCombinationsObject>
     <description>Assertion Level between 50 and 100</description>
     <rules>
         <ruleName>Challenge SMS Available</ruleName>
         <ruleResult>ANY</ruleResult>
     </rules>
     <rules>
         <ruleName>Maximum failed Email attempts</ruleName>
         <ruleResult>ANY</ruleResult>
     </rules>
     <rules>
         <ruleName>Maximum failed SMS attempts</ruleName>
         <ruleResult>ANY</ruleResult>
     </rules>
     <rules>
         <ruleName>Maximum failed Question attempts</ruleName>
         <ruleResult>ANY</ruleResult>
     </rules>
     <rules>
         <ruleName>Challenge Email Available</ruleName>
         <ruleResult>ANY</ruleResult>
     </rules>
     <rules>
         <ruleName>Questions Active</ruleName>
         <ruleResult>ANY</ruleResult>
     </rules>
     <rules>
         <ruleName>Check for High Risk Score</ruleName>
         <ruleResult>ANY</ruleResult>
     </rules>
     <rules>
         <ruleName>Assertion Level <=50</ruleName>
         <ruleResult>ANY</ruleResult>
     </rules>
     <rules>
         <ruleName>Assertion Level 50 -100</ruleName>
         <ruleResult>TRUE</ruleResult>
     </rules>
     <rules>
         <ruleName>Assertion level 100-150</ruleName>
         <ruleResult>ANY</ruleResult>
     </rules>
     <rules>
         <ruleName>AssertionLevel 150-200</ruleName>
         <ruleResult>ANY</ruleResult>
     </rules>
     <rules>
         <ruleName>Assertion Level 200-250</ruleName>
         <ruleResult>ANY</ruleResult>
     </rules>
     <score>400</score>
     <actionGroup>OAAM Challenge SMS</actionGroup>
     <alertGroup>10003</alertGroup>
 </TriggerCombinationsObject>
'

Sample Response in XML Format

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <PolicyDetailedResponse>
     <policyName>does user have profile</policyName>
     <status>200</status>
     <message>Policy information.</message>
     <policygid>51143_424de17591ff7cb74bba3759a9fa6aaf453769e756b08693b43253d09a113439</policygid>
     <policyname>does user have profile</policyname>
     <policyDescription>This policy checks if pattern auto learning is enabled and if a user has past behavior recorded. Users with enough recorded behavior will be evaluated against their own profile while users without enough recorded behavior will be evaluated against the profiles of all other users.</policyDescription>
     <policyStatus>ACTIVE</policyStatus>
     <policyStatusDisplayValue>Active</policyStatusDisplayValue>
     <checkpoint>User Authentication</checkpoint>
     <scoringEngine>Average</scoringEngine>
     <weight>100</weight>
     <rules>
         <rulegid>51356_3d3903a75f923ab9925c3a7b5935d03cd2e9e4a31936f7ec7ad1c1294f71969a</rulegid>
         <ruleName>Does user have a profile</ruleName>
         <score>0</score>
         <weight>100</weight>
         <ruleStatus>ACTIVE</ruleStatus>
         <ruleStatusDisplayValue>Active</ruleStatusDisplayValue>
         <ruleNotes>This rule checks if the pattern auto learning is enabled and if the user has a historical behavior profile.</ruleNotes>
     </rules>
     <rules>
         <rulegid>9353_e49b40e49ebac38d36f5ce08ea16afc25a2e1e57642b2a7e8f9ee47a6844927b</rulegid>
         <ruleName>Is there enough pattern data available?</ruleName>
         <score>0</score>
         <weight>100</weight>
         <ruleStatus>ACTIVE</ruleStatus>
         <ruleStatusDisplayValue>Active</ruleStatusDisplayValue>
         <ruleNotes>Rule checks if enough pattern data is available so that auto-learning rules can make use of it.</ruleNotes>
     </rules>
     <triggerCombinations>
         <description>If the profile contains enough recorded behavior, the user is evaluated by this policy.</description>
         <rules>
             <ruleName>Does user have a profile</ruleName>
             <ruleResult>True</ruleResult>
         </rules>
         <rules>
             <ruleName>Is there enough pattern data available?</ruleName>
             <ruleResult>True</ruleResult>
         </rules>
         <score>0</score>
     </triggerCombinations>
     <triggerCombinations>
         <description>If a user does not have enough recorded behavior in their profile they will be evaluated by this policy.</description>
         <rules>
             <ruleName>Does user have a profile</ruleName>
             <ruleResult>Any</ruleResult>
         </rules>
         <rules>
             <ruleName>Is there enough pattern data available?</ruleName>
             <ruleResult>True</ruleResult>
         </rules>
         <score>0</score>
     </triggerCombinations>
 </PolicyDetailedResponse>