Export Policy

Prev Next
Get
/api/2.0/policies/{envId}

Export Policy by Environment ID and Workspace ID. This API supports different response formats based on the Accept header.
In the Try It section, view examples and code samples based on Response format, Content Type (next to the Body title), and Body dropdowns.


Notice

Accessing the Policy Management APIs is through a dedicated domain/URL, according to your PlainID Tenant Location
  • United States (US) - https://api.us1.plainid.io
  • Canada (CA) - https://api.ca1.plainid.io
  • Europe (EU) - https://api.eu1.plainid.io

  • Using HTML Encoded Special Characters

    Use HTML encoded patterns when working with values that contain special characters like spaces, dashes, etc. Refer to this HTML URL Encoding Reference for a full list.


    Important note about headers

    Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample, if not, ensure you add it to your cURL sample before pasting into your API tool.

    Headers

    *Required
    Header Value cURL Line
    Accept `text/plain;language=rego` or `application/json` `-H "Accept:text/plain;language=rego"` or `-H "Accept:application/json"`
    Note: Use text/plain;language=rego when exporting a Structured policy as Rego.
    Use application/json when exporting either Structured or Native policy in JSON format. See the examples below for more information.

    cURL Sample Guidelines

    In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right in the Try It or Code Sample tabs. You can then copy the cURL sample from the Code Sample tab in the correct format.

    Security
    HTTP
    Type bearer

    For more details about Administration API Authentication, check out the Authentication APIs documentation
    Provide your bearer token in the Authorization header when making requests to protected resources.
    Example: Authorization: Bearer 123

    Path parameters
    envId
    string (uuid) Required

    The Environment ID can be found under the Details tab in the Environment Settings.

    Query parameters
    filter[authWsId]
    string (uuid) Required

    Authorization Workspace ID. This can be found in your Authorization Workspace Settings under Workspace ID.

    filter[id]
    stringRequired

    Policy ID Filter

    extendedSchema
    boolean

    Toggle to either enable or disable additional metadata, like the Policy id and description, in the response.

    Defaulttrue
    Responses
    200

    successful operation

    Headers
    x-request-id
    string
    Native Policy Response
    {
      "data": {
        "format": "json",
        "policy": {
          "policyId": "08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825",
          "name": "Bank Account Access Policy",
          "description": "Policy for accessing bank accounts",
          "accessType": "Allow",
          "policyUse": "SAAS_APPLICATIONS",
          "applications": [
            {
              "applicationId": "POP1V3WFXZ4PRIO",
              "attributes": {
                "vendorPolicyKind": "Row Access Policy",
                "vendorPolicyName": "POL1",
                "vendorPolicyOrder": 1,
                "database": "DB",
                "schema": "SCHEMA",
                "owner": "ROLE"
              },
              "nativeCode": {
                "language": "sql",
                "code": "{\"policy\":\"CREATE OR REPLACE ROW ACCESS POLICY \"POL1\"\"}"
              }
            }
          ]
        }
      }
    }
    Structured Policy Response
    {
      "data": {
        "format": "rego",
        "Structured Policy": "# METADATA\n# custom:\n#   plainid:\n#     policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825\n#     name: Manage personal account and Credit cards\n#     description: Customer can view and manage their own accounts an credit cards only with MFA\n#     accessType: Allow\npackage policy\nimport rego.v1\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: dg1\n#     id: f28c17c2-caeb-4cf2-a549-02bf03fe4e17\n#     description: \"test DG\"\ndynamic_group(identity) if {\n  identity.template == \"idWs1\"\n  identity[\"idAttr1\"] == \"test\"\n  identity[\"idAttr1\"] != \"prod\"\n}\n"
      }
    }
    Expand All
    object

    Response object for export policy endpoint

    data
    object (ExportPolicyByFormatResponse)
    format
    string

    The format of the exported policy

    Valid values[ "json", "rego" ]
    policy
    OneOf
    object
    object
    policyId
    string

    Policy external ID

    name
    string

    Policy name

    description
    string

    Policy description

    accessType
    string

    Policy access type

    Valid values[ "Allow", "Deny" ]
    policyUse
    string

    Policy usage type

    applications
    Array of object
    object
    applicationId
    string

    Application ID

    attributes
    object

    Application attributes

    nativeCode
    object
    language
    string

    Native code language (e.g., SQL, Python)

    code
    string

    Native code content

    customAttributes
    object

    Custom policy attributes

    string
    string
    meta
    object (meta)

    Response Meta

    total
    integer

    Total number of records

    limit
    integer

    Limit the number of records returned

    offset
    integer

    The starting point for return of records

    errors
    Array of object (Error)
    object
    code
    string
    id
    string
    status
    integer
    name
    string
    message
    string
    args
    object
    path
    string
    Structured Policy
    # METADATA
    # custom:
    #   plainid:
    #     policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825
    #     name: Manage personal account and Credit cards
    #     description: Customer can view and manage their own accounts an credit cards only with MFA
    #     accessType: Allow
    package policy
    import rego.v1
    
    # METADATA
    # custom:
    #   plainid:
    #     kind: DynamicGroup
    #     name: dg1
    #     id: f28c17c2-caeb-4cf2-a549-02bf03fe4e17
    #     description: "test DG"
    dynamic_group(identity) if {
      identity.template == "idWs1"
      identity["idAttr1"] == "test"
      identity["idAttr1"] != "prod"
    }
    
    string

    Policy as Rego code (only for structured policies)

    400

    bad request

    Headers
    x-request-id
    string
    Authorization WS not found
    {
      "errors": [
        {
          "code": "PAC-001",
          "args": {
            "0": "ceef5853-1491-4d1c-ae52-2f2a1729b3a4"
          },
          "id": "EWWOTR",
          "status": 400,
          "name": "AuthorizationWsNotFound",
          "message": "AuthorizationWs: [ceef5853-1491-4d1c-ae52-2f2a1729b3a4] not found"
        }
      ]
    }
    Structured policy not available
    {
      "errors": [
        {
          "code": "PAC-012",
          "id": "EWWOTR",
          "status": 400,
          "name": "StructuredPolicyNotAvailable",
          "message": "Structured policy is not available"
        }
      ]
    }
    Expand All
    object
    errors
    Array of object (Error)
    object
    code
    string
    id
    string
    status
    integer
    name
    string
    message
    string
    args
    object
    path
    string
    401

    Unauthorized

    Headers
    x-request-id
    string
    404

    not found

    Headers
    x-request-id
    string
    Policy not found
    {
      "errors": [
        {
          "code": "PUA-033",
          "args": {
            "0": "a0a455bb-7dc3-4cd3-b0d2-86631ac75379",
            "1": "ceef5853-1491-4d1c-ae52-2f2a1729b3a4"
          },
          "id": "E7WJBB",
          "status": 404,
          "name": "PolicyNotFoundError",
          "message": "Policy Id doesn't exist in the environment"
        }
      ]
    }
    Expand All
    object
    errors
    Array of object (Error)
    object
    code
    string
    id
    string
    status
    integer
    name
    string
    message
    string
    args
    object
    path
    string
    422

    Validation Failed - Invalid UUID

    Headers
    x-request-id
    string
    Invalid ID Format
    {
      "errors": [
        {
          "code": "V-032",
          "args": {
            "0": "ed252aa5-9d0c-4193-838-60bf20b13109",
            "1": "uuid"
          },
          "id": "EEJQMA",
          "status": 422,
          "name": "UnprocessableEntityError",
          "message": "$: test is an invalid uuid"
        }
      ]
    }
    Expand All
    object
    errors
    Array of object (Error)
    object
    code
    string
    id
    string
    status
    integer
    name
    string
    message
    string
    args
    object
    path
    string