Skip to content

Controlling Access with Conditions and Actions

This tutorial presents a fictional scenario that guides you through configuring a rate table and setting up conditions and actions that determine whether a user is permitted to access a certain line item.

Scenario

Your customer has purchased 200 tokens in a single line item with activation ID abc123. They want to allow access to the line item only if the requester is from the Engineering, Product Management, or Product Marketing departments. They also want to allocate 150 tokens to Engineering, and 50 tokens to Product Management and Product Marketing combined.

Nobody else should be able to consume tokens from this line item.

Steps in This Section

Step 1: Check the line item

Call /v1.0/instances/{instanceId}/line-items using GET to view the line item that your customer has purchased. Take a note of the activation ID and quantity in the response.

Further reading:

LockIcons_Outline.svg Authorization: administration token or client token

API Call

curl -i -X GET \
  'https://{siteid}.flexnetoperations.{domainextension}/dynamicmonetization/provisioning/api/v1.0/instances/{instanceId}/line-items' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Example Response

The response includes details about the line item. Note the activation ID abc123 and quantity of 200.

[
  {
    "activationId": "abc123",
    "state": "DEPLOYED",
    "start": 1695772800000,
    "end": 1790467199999,
    "quantity": 200,
    "used": 0,
    "attributes": {
      "elastic": true,
      "rateTableSeries": "1"
    }
  }
]

Step 2: Set Up a Rate Table

POST to /v1.0/rate-tables to create a rate table. Ensure that the rate table has an item that can be requested by requesters.

Further reading:

LockIcons_Outline.svg Authorization: administration token

API Call

curl -i -X POST \
  'https://{siteid}.flexnetoperations.{domainextension}/dynamicmonetization/provisioning/api/v1.0/rate-tables' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "effectiveFrom": 0,
    "series": "string",
    "version": "string",
    "items": [
      {
        "name": "string",
        "version": "string",
        "rate": 0.1
      }
    ]
  }'

Step 3: Define Conditions

Create conditions that check:

  • if the requester's department attribute is set to Engineering.
  • if the requester's department attribute is set to ProductManagement or ProductMarketing.

The response will return two condition objects, each with a generated ID. Note the first ID associated with the Engineering department, as it will be needed in the next step.

Further reading:

LockIcons_Outline.svg Authorization: administration token or client token

API Call

curl -i -X POST \
  'https://{siteid}.flexnetoperations.{domainextension}/dynamicmonetization/api/v1.0/instances/{instanceId}/conditions' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '[
    {
      "name": "compositeCondition",
      "operator": "AND",
      "conditions": [
        {
          "operator": "IN",
          "property": "status",
          "values": [
            "active",
            "pending"
          ]
        },
        {
          "operator": "NOT",
          "condition": {
            "operator": "IN",
            "property": "category",
            "values": [
              "restricted"
            ]
          }
        }
      ]
    },
    {
      "name": "simpleCondition",
      "operator": "IN",
      "property": "category",
      "values": [
        "gold",
        "silver"
      ]
    }
  ]'

Request Body Example

[ 
  {
    "operator": "IN",
    "property": "department",
    "values": [
      "Engineering"
    ]
  },
  {
    "operator": "IN",
    "property": "department",
    "values": [
      "ProductManagement",
      "ProductMarketing"
    ]
  }
]

Example Response

[ 
  {
    "operator": "IN",
    "property": "department",
    "values": [
      "Engineering"
    ],
    "id": "673cd8ee-d4d4-48ba-a4cc-235e61c96516"
  },
  {
    "operator": "IN",
    "property": "department",
    "values": [
      "ProductManagement",
      "ProductMarketing"
    ],
    "id": "8077bc18-c3f7-4d9d-a560-637d5b118d0b"
  }
]

Step 4: Create Actions Based on the Conditions

Now, define actions that use the conditions to allow access and allocate the tokens. Replace the conditionId with the generated ID received in your conditions response.

Add a final condition that denies requests from anything not matching one of the conditions. This prevents tokens being consumed, which have been allocated to the two groups.

Further reading:

LockIcons_Outline.svg Authorization: administration token or client token

API Call

curl -i -X POST \
  'https://{siteid}.flexnetoperations.{domainextension}/dynamicmonetization/api/v1.0/instances/{instanceId}/line-items/{lineItemId}/actions' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '[
    {
      "name": "string",
      "conditionId": "1e06e0eb-07f6-4fcd-8750-870cbafd1693",
      "action": "ALLOW",
      "allocation": 1000
    }
  ]'

Request Body Example

[
  {
    "name": "Engineering allocation",
    "conditionId": "673cd8ee-d4d4-48ba-a4cc-235e61c96516",
    "action": "ALLOW",
    "allocation": 100
  },
  {
    "name": "PM & PMM allocation",
    "conditionId": "8077bc18-c3f7-4d9d-a560-637d5b118d0b",
    "action": "ALLOW",
    "allocation": 150
  },
  {
    "name": "default",
    "conditionId": "",
    "action":"DENY"
  }
]

Response Example

[
  {
    "name": "Engineering allocation",
    "conditionId": "673cd8ee-d4d4-48ba-a4cc-235e61c96516",
    "action": "ALLOW",
    "allocation": 100,
    "id": "6e8d23b0-8e7c-4962-8963-74ef1de693e2"
  },
  {
    "name": "PM & PMM allocation",
    "conditionId": "8077bc18-c3f7-4d9d-a560-637d5b118d0b",
    "action": "ALLOW",
    "allocation": 150,
    "id": "d8a9e55e-ad56-4b89-849f-c08eae92feb8"
  },
  {
    "name": "default",
    "conditionId": "",
    "action":"DENY",
    "id": "7fdf0258-3350-4d94-868f-f5c8e821a616"
  }
]

Step 5: Verify the Setup

Call /conditions and /actions to confirm everything is configured correctly.

Further reading:

LockIcons_Outline.svg Authorization: administration token or client token

API Call to Check Conditions

curl -i -X GET \
  'https://{siteid}.flexnetoperations.{domainextension}/dynamicmonetization/api/v1.0/instances/{instanceId}/conditions' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

API Call to Check Actions

curl -i -X GET \
  'https://{siteid}.flexnetoperations.{domainextension}/dynamicmonetization/api/v1.0/instances/{instanceId}/line-items/{lineItemId}/actions' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Step 6: Check Enforcement of Allocations

Verify that the item was successfully accessed. The response should indicate which action was used.

Further reading:

LockIcons_Outline.svg Authorization: administration token or client token

API Call

curl -i -X POST \
  'https://{siteid}.flexnetoperations.{domainextension}/dynamicmonetization/elastic/api/v1.0/instances/{instanceId}/access-request' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "requester": {
      "type": "string",
      "value": "string"
    },
    "requestedItems": [
      {
        "item": "string",
        "version": "string",
        "count": 0.1,
        "metaData": {}
      }
    ]
  }'

Request Body Example

{
  "requester": {
    "type": "user",
    "value": "alice",
    "dictionary": {"department":"engineering"}
  },
  "requestedItems": [
    {
      "item": "string",
      "version": "string",
      "count": 7,
      "metaData": {}
    }
  ]
}

Response Example

{
  "correlationId": "f36d6ceb-7f83-4838-ae5a-933e6ced4e12",
  "requester": {
    "type": "user",
    "value": "alice",",
    "dictionary": {"department":"engineering"}    
  },
  "requestedItems": [
    {
      "item": "string",
      "version": "string",
      "count": 7,
      "status": {
        "code": "101",
        "description": "Successfully checked out"
      },
      "totalTokensCharged": 21,
      "lineItems": [
        {
          "rate": 3.0,
          "actionId": "6e8d23b0-8e7c-4962-8963-74ef1de693e2",
          "activationId": "abc123",
          "tokensCharged": 21
        }
      ]
    }
  ]
}

Optional: Retrieve Actions to Verify Token Consumption

You can verify that the tokens were consumed from the line item by retrieving the actions again using /v1.0/instances/{instanceId}/line-items/{lineItemId}/actions.

Further reading:

LockIcons_Outline.svg Authorization: administration token or client token

API Call

curl -i -X GET \
  'https://{siteid}.flexnetoperations.{domainextension}/dynamicmonetization/api/v1.0/instances/{instanceId}/line-items/{lineItemId}/actions' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Response Example

[
  {
    "name": "Engineering allocation",
    "conditionId": "673cd8ee-d4d4-48ba-a4cc-235e61c96516",
    "action": "ALLOW",
    "allocation": 100,
    "id": "6e8d23b0-8e7c-4962-8963-74ef1de693e2",
    "used": 21
  },
  {
    "name": "PM & PMM allocation",
    "conditionId": "8077bc18-c3f7-4d9d-a560-637d5b118d0b",
    "action": "ALLOW",
    "allocation": 150,
    "id": "d8a9e55e-ad56-4b89-849f-c08eae92feb8"
  },
  {
    "name": "default",
    "conditionId": "",
    "action":"DENY",
    "id": "7fdf0258-3350-4d94-868f-f5c8e821a616"
  }
]

Optional: Further Exercise

As a further exercise, you could:

  • Create a request that can access tokens by somebody from Product Management.
  • Try a request by somebody from the Customer Success team, and check that it is denied.

Optional: Clean Up

To remove the configuration, use the following API calls:

  • Delete Actions:
    DELETE /v1.0/instances/{instanceId}/line-items/{lineItemId}/actions

  • Delete Conditions:
    DELETE /v1.0/instances/{instanceId}/conditions