2023 State of Authorization Report offers guidance on critical issues impacting authorization Learn more  

What are the Possible XACML REST PDP Response Codes?

The Axiomatics Policy Server provides both a SOAP and a REST endpoint to which authorization requests can be sent to. This blog will focus on the REST endpoint.

The specification of the REST profile of XACML states that following response codes are possible.


Response Codes


200, 400, 401, 403, 406, 5xx


200, 400, 401, 403, 406, 415, 5xx

A more detailed description of some of these are:



400 Bad Request

The request was malformed

415 Media not supported

The media type of the request was not set to application/xacml+json

401 Unauthorized

Authentication failure

500 Internal Server Error

One possible reason is an expired license

200 OK

No server errors.  Check the decision for Permit / Deny / Not  Applicable / Indeterminate 

Tools such as SoapUI and Postman can be used to generate these requests without the need to develop your own PEP. This makes learning how to form a request and capturing the response codes much easier.

More information on the REST profile of XACML.

Examples of how to use Postman to simulate requests.


Things don’t always go as planned and when they don’t, knowing what response codes are returned will help you to understand what went wrong and resolve the issue.

Archived under:
  Join us on LinkedIn for more insights
About the author