Policies Endpoints

The Policies API provides endpoints for managing access policies that define expected access patterns and governance rules.

Base URL

All endpoints are relative to /api/v1/policies.

List Policies

Retrieve a paginated list of policies.

http

GET /api/v1/policies

::: note Administrator Only This endpoint requires Administrator role. :::

Query Parameters

Parameter	Type	Description
`search`	string	Search by policy name
`type`	string	Filter by policy type
`status`	string	Filter by status (active, inactive, draft)
`limit`	number	Number of items to return
`offset`	number	Offset for pagination

Response

json

{
  "policies": [
    {
      "id": "pol-123",
      "name": "Engineering Access Policy",
      "type": "role_based_access",
      "status": "active",
      "priority": 100,
      "created_at": "2024-01-15T10:30:00Z"
    }
  ],
  "total": 25,
  "limit": 10,
  "offset": 0
}

Get Policy

Retrieve details for a specific policy.

http

GET /api/v1/policies/{id}

::: note Administrator Only This endpoint requires Administrator role. :::

Path Parameters

Parameter	Type	Description
`id`	string	Policy ID

Response

json

{
  "id": "pol-123",
  "name": "Engineering Access Policy",
  "description": "Defines expected access for engineering roles",
  "type": "role_based_access",
  "status": "active",
  "priority": 100,
  "rules": [
    {
      "condition": "role.department == 'Engineering'",
      "effect": "allow",
      "resources": ["app-github", "app-jira"]
    }
  ],
  "associated_roles": ["role-eng-senior", "role-eng-junior"],
  "target_applications": ["app-github", "app-jira"],
  "target_groups": [],
  "auto_approve": true,
  "created_at": "2024-01-15T10:30:00Z",
  "updated_at": "2024-02-01T14:22:00Z"
}

Create Policy

Create a new access policy.

http

POST /api/v1/policies

::: note Administrator Only This endpoint requires Administrator role. :::

Request Body

json

{
  "name": "Finance Access Policy",
  "description": "Defines expected access for finance roles",
  "type": "role_based_access",
  "priority": 90,
  "rules": [
    {
      "condition": "role.department == 'Finance'",
      "effect": "allow",
      "resources": ["app-sap", "app-netsuite"]
    }
  ],
  "associated_roles": ["role-finance-analyst"],
  "target_applications": ["app-sap", "app-netsuite"],
  "auto_approve": false
}

Policy Types

Type	Description
`role_based_access`	Policies based on role assignments
`owner_account_approval`	Policies for owner-account relationships
`application_access`	Policies for application-specific access
`group_membership`	Policies for group membership rules

Response

Returns the created policy object.

Update Policy

Update an existing policy.

http

PUT /api/v1/policies/{id}

::: note Administrator Only This endpoint requires Administrator role. :::

Path Parameters

Parameter	Type	Description
`id`	string	Policy ID

Request Body

Include only the fields to update.

Response

Returns the updated policy object.

Delete Policy

Delete a policy.

http

DELETE /api/v1/policies/{id}

::: note Administrator Only This endpoint requires Administrator role. :::

Path Parameters

Parameter	Type	Description
`id`	string	Policy ID

Response

Returns 204 No Content on success.

Evaluate Policies

Evaluate policies for an owner.

http

POST /api/v1/policies/evaluate

::: note Administrator Only This endpoint requires Administrator role. :::

Request Body

json

{
  "owner_id": "own-123"
}

Response

json

{
  "owner_id": "own-123",
  "evaluations": [
    {
      "policy_id": "pol-123",
      "policy_name": "Engineering Access Policy",
      "result": "compliant",
      "matching_rules": 2,
      "violations": []
    }
  ]
}

Get Policies by Role

Retrieve all policies associated with a role.

http

GET /api/v1/policies/by-role/{roleId}

::: note Administrator Only This endpoint requires Administrator role. :::

Path Parameters

Parameter	Type	Description
`roleId`	string	Role ID

Response

json

{
  "policies": [
    {
      "id": "pol-123",
      "name": "Engineering Access Policy",
      "type": "role_based_access",
      "status": "active"
    }
  ]
}

Generate Policy from Role

Generate a policy based on a role's access patterns.

http

POST /api/v1/policies/generate-from-role

::: note Administrator Only This endpoint requires Administrator role. :::

Request Body

json

{
  "role_id": "role-123"
}

Response

Returns the generated policy object based on the role's common applications and groups.

Policy Status Values

Status	Description
`draft`	Policy is being configured
`active`	Policy is active and being evaluated
`inactive`	Policy is disabled

Error Responses

Status Code	Description
`400`	Bad Request - Invalid policy configuration
`401`	Unauthorized - Authentication required
`403`	Forbidden - Insufficient permissions
`404`	Not Found - Policy does not exist
`409`	Conflict - Policy name already exists
`500`	Internal Server Error

Policies - User guide
Roles API - Role management endpoints
Campaign Rules API - Rule management endpoints
API Reference - Complete API index

Policies Endpoints ​

Base URL ​

List Policies ​

Query Parameters ​

Response ​

Get Policy ​

Path Parameters ​

Response ​

Create Policy ​

Request Body ​

Policy Types ​

Response ​

Update Policy ​

Path Parameters ​

Request Body ​

Response ​

Delete Policy ​

Path Parameters ​

Response ​

Evaluate Policies ​

Request Body ​

Response ​

Get Policies by Role ​

Path Parameters ​

Response ​

Generate Policy from Role ​

Request Body ​

Response ​

Policy Status Values ​

Error Responses ​

Related Topics ​

Policies Endpoints

Base URL

List Policies

Query Parameters

Response

Get Policy

Path Parameters

Response

Create Policy

Request Body

Policy Types

Response

Update Policy

Path Parameters

Request Body

Response

Delete Policy

Path Parameters

Response

Evaluate Policies

Request Body

Response

Get Policies by Role

Path Parameters

Response

Generate Policy from Role

Request Body

Response

Policy Status Values

Error Responses

Related Topics