What are the Possible XACML REST PDP Response Codes?

The Axiomatics Policy Server provides both a SOAP and a REST endpoint to which authorization requests can be sent to. This blog will focus on the REST endpoint.

The specification of the REST profile of XACML states that following response codes are possible.


Response Codes


200, 400, 401, 403, 406, 5xx


200, 400, 401, 403, 406, 415, 5xx

A more detailed description of some of these are:



400 Bad Request

The request was malformed

415 Media not supported

The media type of the request was not set to application/xacml+json

401 Unauthorized

Authentication failure

500 Internal Server Error

One possible reason is an expired license

200 OK

No server errors.  Check the decision for Permit / Deny / Not  Applicable / Indeterminate 

Tools such as SoapUI and Postman can be used to generate these requests without the need to develop your own PEP. This makes learning how to form a request and capturing the response codes much easier.

More information on the REST profile of XACML.

Examples of how to use Postman to simulate requests.


Things don’t always go as planned and when they don’t, knowing what response codes are returned will help you to understand what went wrong and resolve the issue.

Other Blogs

3 keys to re-evaluate your authorization management
On May 27, I had the pleasure to join the KuppingerCole KCLive event with several industry peers in a panel discussion about  “Enabling the Future...
How OAuth is related to Attribute Based Access Control
What is Authorization? Authorization, also referred to as Access Control, is the process that follows authentication (which checks your identity and ensures that you are...
Modern Enterprise Authorization Management System
Gartner has an interesting article titled “Modernize Your Runtime Authorization” that highlights some aspects you need from a modern enterprise authorization systems. Over the years...