What are the Possible XACML REST PDP Response Codes?

The Axiomatics Policy Server provides both a SOAP and a REST endpoint to which authorization requests can be sent to. This blog will focus on the REST endpoint.

The specification of the REST profile of XACML states that following response codes are possible.


Response Codes


200, 400, 401, 403, 406, 5xx


200, 400, 401, 403, 406, 415, 5xx

A more detailed description of some of these are:



400 Bad Request

The request was malformed

415 Media not supported

The media type of the request was not set to application/xacml+json

401 Unauthorized

Authentication failure

500 Internal Server Error

One possible reason is an expired license

200 OK

No server errors.  Check the decision for Permit / Deny / Not  Applicable / Indeterminate 

Tools such as SoapUI and Postman can be used to generate these requests without the need to develop your own PEP. This makes learning how to form a request and capturing the response codes much easier.

More information on the REST profile of XACML.

Examples of how to use Postman to simulate requests.


Things don’t always go as planned and when they don’t, knowing what response codes are returned will help you to understand what went wrong and resolve the issue.

Related Articles

You could build your own Authorization solution…but should you?
Dynamic Authorization
Having spoken with many customers about the challenges around authorization, one of the themes that has come up time and time again is whether an...
The one about ISO certifications | Dynamically Speaking
Dynamically Speaking
Recently, Axiomatics announced we’d achieved ISO 9001 and ISO 27001 certifications. But…what does that really mean? In this episode of Dynamically Speaking, Axiomatics COO Alexander...
What happened to Robinhood?
Recently, Robinhood shared they experienced a data security incident whereby someone gained access to the personal information of some customers. The attack stemmed from a...