Create policy

POST

/v1/policies

const url = 'https://example.com/v1/policies';
const options = {
  method: 'POST',
  headers: {
    'X-Tenant-ID': '2489E9AD-2EE2-8E00-8EC9-32D5F69181C0',
    'X-API-Key': '<X-API-Key>',
    'Content-Type': 'application/json'
  },
  body: '{"name":"example","description":"example","enabled":true,"priority":0,"max_duration_seconds":1,"default_duration_seconds":1,"notification_channel":"example","cedar_policy_set":"example"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request POST \
  --url https://example.com/v1/policies \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <X-API-Key>' \
  --header 'X-Tenant-ID: 2489E9AD-2EE2-8E00-8EC9-32D5F69181C0' \
  --data '{ "name": "example", "description": "example", "enabled": true, "priority": 0, "max_duration_seconds": 1, "default_duration_seconds": 1, "notification_channel": "example", "cedar_policy_set": "example" }'

Authorizations

ApiKeyAuth

Parameters

Header Parameters

X-Tenant-ID

required

string format: uuid

Tenant identifier. Must match the tenant associated with the credential. Returns 403 tenant_mismatch if the credential and header belong to different tenants.

Request Body^required

application/json

Create a new policy.

object

name

required

Policy name (required).

string

description

string

nullable

enabled

boolean

default: true

priority

integer

max_duration_seconds

required

Maximum grant duration in seconds (required).

integer

default_duration_seconds

integer

nullable

notification_channel

string

nullable

cedar_policy_set

Optional multi-statement Cedar text, parsed into rules.

string

nullable

Responses

201

Created

application/json

Full policy with nested rules.

object

required

string format: uuid

name

required

Policy name (required).

string

description

Optional description.

string

nullable

enabled

required

Whether the policy is active.

boolean

priority

required

Higher values evaluated first.

integer

max_duration_seconds

required

Maximum allowed grant duration in seconds (required).

integer

default_duration_seconds

Default grant duration if not specified in request.

integer

nullable

notification_channel

Optional notification channel for approvals.

string

nullable

rules

required

Nested rules for this policy.

Array<object>

Single rule within a policy.

object

required

string format: uuid

ordinal

required

Evaluation order within the policy.

integer

effect

required

string

Allowed values: permit forbid

policy_text

required

Assembled Cedar text for this rule.

string

principal_scope_type

required

string

Allowed values: any eq in is is_in

principal_entity_type

string

nullable

principal_entity_id

string

nullable

action_scope_type

required

string

Allowed values: any eq in

action_ids

Array<string>

resource_scope_type

required

string

Allowed values: any eq in is is_in

resource_entity_type

string

nullable

resource_entity_id

string

nullable

conditions

Raw Cedar when/unless clause text.

string

nullable

notice

User-facing message for this rule.

string

nullable

audit_session

Whether grants should have session auditing.

boolean

created_at

required

string format: date-time

cedar_policy_set

required

Assembled Cedar policy text for all rules.

string

created_at

required

string format: date-time

updated_at

required

string format: date-time

Example

{
  "rules": [
    {
      "effect": "permit",
      "principal_scope_type": "any",
      "action_scope_type": "any",
      "resource_scope_type": "any"
    }
  ]
}

400

Invalid input or Cedar policy.

application/json

object

code

required

Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).

string

message

required

Human-readable description of the error.

string

details

Optional additional context about the error.

object

key

additional properties

any

notices

Policy notices from determining Cedar rules, if applicable.

Array<string>

Example ^generated

{
  "code": "example",
  "message": "example",
  "details": {},
  "notices": [
    "example"
  ]
}

401

Unauthenticated

application/json

object

code

required

Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).

string

message

required

Human-readable description of the error.

string

details

Optional additional context about the error.

object

key

additional properties

any

notices

Policy notices from determining Cedar rules, if applicable.

Array<string>

Example ^generated

{
  "code": "example",
  "message": "example",
  "details": {},
  "notices": [
    "example"
  ]
}

403

Forbidden

application/json

object

code

required

Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).

string

message

required

Human-readable description of the error.

string

details

Optional additional context about the error.

object

key

additional properties

any

notices

Policy notices from determining Cedar rules, if applicable.

Array<string>

Example ^generated

{
  "code": "example",
  "message": "example",
  "details": {},
  "notices": [
    "example"
  ]
}

Create policy

Authorizations

Parameters

Header Parameters

Request Body required

Responses

201

Example

400

Example generated

401

Example generated

403

Example generated

Request Body^required

Example ^generated

Example ^generated

Example ^generated