Export Policy by Environment ID and Workspace ID. This API supports different response formats based on the Accept header.
In the Try It section, view examples and code samples based on Response format, Content Type (next to the Body title), and Body dropdowns.
Notice
Accessing the Policy Management APIs is through a dedicated domain/URL, according to your PlainID Tenant Locationhttps://api.us1.plainid.io
https://api.ca1.plainid.io
https://api.eu1.plainid.io
Using HTML Encoded Special Characters
Use HTML encoded patterns when working with values that contain special characters like spaces, dashes, etc. Refer to this HTML URL Encoding Reference for a full list.
Important note about headers
Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample, if not, ensure you add it to your cURL sample before pasting into your API tool.
Headers
*RequiredHeader | Value | cURL Line |
---|---|---|
Accept | `text/plain;language=rego` or `application/json` | `-H "Accept:text/plain;language=rego"` or `-H "Accept:application/json"` |
text/plain;language=rego
when exporting a Structured policy as Rego.Use
application/json
when exporting either Structured or Native policy in JSON format.
See the examples below for more information.
cURL Sample Guidelines
In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right in the Try It or Code Sample tabs. You can then copy the cURL sample from the Code Sample tab in the correct format.
For more details about Administration API Authentication, check out the Authentication APIs documentation
Provide your bearer token in the Authorization header when making requests to protected resources.
Example: Authorization: Bearer 123
The Environment ID can be found under the Details tab in the Environment Settings.
Authorization Workspace ID. This can be found in your Authorization Workspace Settings under Workspace ID.
Policy ID Filter
Toggle to either enable or disable additional metadata, like the Policy id
and description
, in the response.
successful operation
{
"data": {
"format": "json",
"policy": {
"policyId": "08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825",
"name": "Bank Account Access Policy",
"description": "Policy for accessing bank accounts",
"accessType": "Allow",
"policyUse": "SAAS_APPLICATIONS",
"applications": [
{
"applicationId": "POP1V3WFXZ4PRIO",
"attributes": {
"vendorPolicyKind": "Row Access Policy",
"vendorPolicyName": "POL1",
"vendorPolicyOrder": 1,
"database": "DB",
"schema": "SCHEMA",
"owner": "ROLE"
},
"nativeCode": {
"language": "sql",
"code": "{\"policy\":\"CREATE OR REPLACE ROW ACCESS POLICY \"POL1\"\"}"
}
}
]
}
}
}
{
"data": {
"format": "rego",
"Structured Policy": "# METADATA\n# custom:\n# plainid:\n# policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825\n# name: Manage personal account and Credit cards\n# description: Customer can view and manage their own accounts an credit cards only with MFA\n# accessType: Allow\npackage policy\nimport rego.v1\n\n# METADATA\n# custom:\n# plainid:\n# kind: DynamicGroup\n# name: dg1\n# id: f28c17c2-caeb-4cf2-a549-02bf03fe4e17\n# description: \"test DG\"\ndynamic_group(identity) if {\n identity.template == \"idWs1\"\n identity[\"idAttr1\"] == \"test\"\n identity[\"idAttr1\"] != \"prod\"\n}\n"
}
}
Response object for export policy endpoint
The format of the exported policy
Policy external ID
Policy name
Policy description
Policy access type
Policy usage type
Application ID
Application attributes
Native code language (e.g., SQL, Python)
Native code content
Custom policy attributes
Response Meta
Total number of records
Limit the number of records returned
The starting point for return of records
# METADATA
# custom:
# plainid:
# policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825
# name: Manage personal account and Credit cards
# description: Customer can view and manage their own accounts an credit cards only with MFA
# accessType: Allow
package policy
import rego.v1
# METADATA
# custom:
# plainid:
# kind: DynamicGroup
# name: dg1
# id: f28c17c2-caeb-4cf2-a549-02bf03fe4e17
# description: "test DG"
dynamic_group(identity) if {
identity.template == "idWs1"
identity["idAttr1"] == "test"
identity["idAttr1"] != "prod"
}
Policy as Rego code (only for structured policies)
bad request
{
"errors": [
{
"code": "PAC-001",
"args": {
"0": "ceef5853-1491-4d1c-ae52-2f2a1729b3a4"
},
"id": "EWWOTR",
"status": 400,
"name": "AuthorizationWsNotFound",
"message": "AuthorizationWs: [ceef5853-1491-4d1c-ae52-2f2a1729b3a4] not found"
}
]
}
{
"errors": [
{
"code": "PAC-012",
"id": "EWWOTR",
"status": 400,
"name": "StructuredPolicyNotAvailable",
"message": "Structured policy is not available"
}
]
}
Unauthorized
not found
{
"errors": [
{
"code": "PUA-033",
"args": {
"0": "a0a455bb-7dc3-4cd3-b0d2-86631ac75379",
"1": "ceef5853-1491-4d1c-ae52-2f2a1729b3a4"
},
"id": "E7WJBB",
"status": 404,
"name": "PolicyNotFoundError",
"message": "Policy Id doesn't exist in the environment"
}
]
}
Validation Failed - Invalid UUID
{
"errors": [
{
"code": "V-032",
"args": {
"0": "ed252aa5-9d0c-4193-838-60bf20b13109",
"1": "uuid"
},
"id": "EEJQMA",
"status": 422,
"name": "UnprocessableEntityError",
"message": "$: test is an invalid uuid"
}
]
}