IndyKite Developer Hub logo
Back to all resources
ContX IQ ContX IQ Json

ContX IQ: With User node as a subject, retrieve data using IN "array" and links between nodes.

This use case explains how to retrieve properties for a resource node using IN "array" in the policy filter.

ContX IQ: With User node as a subject, retrieve data using IN "array" and links between nodes.

Implement a policy using IN "array" in the filter, with a user as subject.

Use case

In this case, a user access token is sent and introspected.

Then we are going to fetch properties of nodes Contract.

ikg

Requirements

- ServiceAccount credentials created in the IndyKite Hub for your organization.

- AppAgent credentials created in the IndyKite Hub, using the REST endpoints or using Terraform for your Project / Application.

- Access token for a Person node

User Access token is sent in CIQ Execution in Headers: key:Authorization, value:Bearer token.

Steps

1. Using the AppAgent credential as API Key (name: X-IK-ClientKey), ingest data in your IKG (IndyKite Knowledge Graph) using the script provided.

2. Using the ServiceAccount credential as Bearer token, create a CIQ Policy which designates the Subject node, the cypher and the nodes allowed to be read.

3. Using the ServiceAccount credential as Bearer token, create a CIQ Query in the context of the policy to retrieve the properties of nodes Contract.

4. Using the AppAgent credential as API Key (name: X-IK-ClientKey), run a CIQ Execution to read the data.

Step 1

Ingest the nodes needed for this use case.

POST https://eu.api.indykite.com/capture/v1/nodes/Json
{
  "nodes": [
    {
      "external_id": "alice_sub_value",
      "is_identity": true,
      "type": "Person",
      "properties": [
        {
          "type": "email",
          "value": "alice@email.com"
        },
        {
          "type": "given_name",
          "value": "Alice"
        },
        {
          "type": "last_name",
          "value": "Smith"
        }
      ]
    },
    {
      "external_id": "ryan",
      "is_identity": true,
      "type": "Person",
      "properties": [
        {
          "type": "email",
          "value": "ryan@yahoo.co.uk"
        },
        {
          "type": "given_name",
          "value": "ryan"
        },
        {
          "type": "last_name",
          "value": "mushu"
        }
      ]
    },
    {
      "external_id": "tilda",
      "is_identity": true,
      "type": "Person",
      "properties": [
        {
          "type": "email",
          "value": "tilda@yahoo.co.uk"
        },
        {
          "type": "given_name",
          "value": "tilda"
        },
        {
          "type": "last_name",
          "value": "mushu"
        }
      ]
    },
    {
      "external_id": "ct123",
      "type": "Contract",
      "properties": [
        {
          "type": "category",
          "value": "Insurance"
        },
        {
          "type": "status",
          "value": "Active"
        },
        {
          "type": "signers",
          "value": [
            "tilda"
          ]
        }
      ]
    },
    {
      "external_id": "ct234",
      "type": "Contract",
      "properties": [
        {
          "type": "category",
          "value": "Insurance"
        },
        {
          "type": "status",
          "value": "Active"
        },
        {
          "type": "signers",
          "value": [
            "alice_sub_value",
            "ryan"
          ]
        }
      ]
    },
    {
      "external_id": "ct985",
      "type": "Contract",
      "properties": [
        {
          "type": "category",
          "value": "Insurance"
        },
        {
          "type": "status",
          "value": "Active"
        },
        {
          "type": "signers",
          "value": [
            "alice_sub_value",
            "ryan",
            "tilda"
          ]
        }
      ]
    }
  ]
}

Ingest the relationships needed for this use case.

POST https://eu.api.indykite.com/capture/v1/relationships/Json
{
  "relationships": [
    {
      "source": {
        "external_id": "alice_sub_value",
        "type": "Person"
      },
      "target": {
        "external_id": "ct985",
        "type": "Contract"
      },
      "type": "ACCEPTED"
    },
    {
      "source": {
        "external_id": "alice_sub_value",
        "type": "Person"
      },
      "target": {
        "external_id": "ct234",
        "type": "Contract"
      },
      "type": "ACCEPTED"
    },
    {
      "source": {
        "external_id": "ryan",
        "type": "Person"
      },
      "target": {
        "external_id": "ct985",
        "type": "Contract"
      },
      "type": "ACCEPTED"
    },
    {
      "source": {
        "external_id": "ryan",
        "type": "Person"
      },
      "target": {
        "external_id": "ct234",
        "type": "Contract"
      },
      "type": "ACCEPTED"
    },
    {
      "source": {
        "external_id": "tilda",
        "type": "Person"
      },
      "target": {
        "external_id": "ct985",
        "type": "Contract"
      },
      "type": "ACCEPTED"
    },
    {
      "source": {
        "external_id": "tilda",
        "type": "Person"
      },
      "target": {
        "external_id": "ct123",
        "type": "Contract"
      },
      "type": "ACCEPTED"
    }
  ]
}

Step 2

Create a CIQ Policy which designates the Subject node, the cypher, the nodes allowed to be upserted and the nodes allowed to be read.

policy.jsonJson
{
  "meta": {
    "policy_version": "1.0-ciq"
  },
  "subject": {
    "type": "Person"
  },
  "condition": {
    "cypher": "MATCH (subject:Person)-[r1:ACCEPTED]->(contract:Contract)",
    "filter": [
      {
        "app": "app1",
        "operator": "AND",
        "operands": [
          {
            "attribute": "subject.external_id",
            "operator": "IN",
            "value": "$idList"
          },
          {
            "attribute": "subject.external_id",
            "operator": "IN",
            "value": "@contract.property.signers"
          }
        ]
      }
    ]
  },
  "allowed_reads": {
    "nodes": [
      "contract.*"
    ],
    "relationships": [
      "r1.*"
    ]
  }
}

Request to create the CIQ Policy configuration using REST.

POST https://eu.api.indykite.com/configs/v1/authorization-policiesJson
{
  "project_id": "your_project_gid",
  "description": "description of policy",
  "display_name": "policy name",
  "name": "policy-name",
  "policy": "{\"meta\":{\"policy_version\":\"1.0-ciq\"},\"subject\":{\"type\":\"Person\"},\"condition\":{\"cypher\":\"MATCH (subject:Person)-[r1:ACCEPTED]->(contract:Contract)\",\"filter\":[{\"app\":\"app1\",\"operator\":\"AND\",\"operands\":[{\"attribute\":\"subject.external_id\",\"operator\":\"IN\",\"value\":\"$idList\"},{\"attribute\":\"subject.external_id\",\"operator\":\"IN\",\"value\":\"@contract.property.signers\"}]}]},\"allowed_reads\":{\"nodes\":[\"contract.*\"],\"relationships\":[\"r1.*\"]}}",
  "status": "ACTIVE",
  "tags": []
}

Request to read the CIQ Policy configuration using REST.

policy_request.jsonJson
{
  "id": "your_policy_configuration_gid"
}

Step 3

Create a CIQ Query in the context of the policy to retrieve the designated properties.

knowledge_query.jsonJson
{
  "nodes": [
    "contract.external_id",
    "contract.property.signers",
    "contract.property.category"
  ]
}

Request to create a CIQ Query configuration using REST.

POST https://eu.api.indykite.com/configs/v1/knowledge-queriesJson
{
  "project_id": "your_project_gid",
  "description": "description of knowledge query",
  "display_name": "knowledge query name",
  "name": "knowledge-query-name",
  "policy_id": "your_policy_gid",
  "query": "{\"nodes\":[\"contract.external_id\",\"contract.property.signers\",\"contract.property.category\"]}",
  "status": "ACTIVE"
}

Read the CIQ Query Configuration.

GET https://eu.api.indykite.com/configs/v1/knowledge-queries/{id}Json
{
  "id": "your_knowledge_query_configuration_gid"
}

Step 4

Run a CIQ Execution to get the designated information.

POST https://eu.api.indykite.com/contx-iq/v1/executeJson
{
  "id": "knowledge_query_gid",
  "input_params": {
    "idList": [
      "alice_sub_value",
      "ryan"
    ]
  },
  "page_token": 1
}

CIQ Execution response.

response.jsonJson
{
  "data": [
    {
      "nodes": {
        "contract.external_id": "ct234",
        "contract.property.category": "Insurance",
        "contract.property.signers": [
          "alice_sub_value",
          "ryan"
        ]
      }
    },
    {
      "nodes": {
        "contract.external_id": "ct985",
        "contract.property.category": "Insurance",
        "contract.property.signers": [
          "alice_sub_name",
          "ryan",
          "tilda"
        ]
      }
    },
    {
      "nodes": {
        "contract.external_id": "ct985",
        "contract.property.category": "Insurance",
        "contract.property.signers": [
          "alice_sub_name",
          "ryan",
          "tilda"
        ]
      }
    }
  ]
}

Tags

CIQ Policy CIQ Query CIQ Execution Security

Related Resources

ContX IQ basic example

ContX IQ Python

ContX IQ: list authorized resources.

ContX IQ Python

ContX IQ: allow READ action

ContX IQ Json

ContX IQ: allow creation nodes and relationships.

ContX IQ Json

ContX IQ: upsert relationships

ContX IQ Json

ContX IQ: delete nodes and relationships.

ContX IQ Json

ContX IQ: loyalty program.

ContX IQ Json

ContX IQ: link the _Application node to other data in the IKG.

ContX IQ Json

ContX IQ: With _Application node as a subject, read resources and upsert relationships and nodes.

ContX IQ Json

ContX IQ: With User node as a subject, read resources and upsert relationships and nodes.

ContX IQ Json