Export Policy

Updated on Oct 5, 2025
Published on Apr 7, 2024

4 minute(s) read

Get

/api/2.0/policies/{envId}

Export Policy by Environment ID and Workspace ID. This API supports different response formats based on the Accept header.
In the Try It section, view examples and code samples based on Response format, Content Type (next to the Body title), and Body dropdowns.

Notice

Accessing the Policy Management APIs is through a dedicated domain/URL, according to your PlainID Tenant Location

United States (US) - https://api.us1.plainid.io

Canada (CA) - https://api.ca1.plainid.io

Europe (EU) - https://api.eu1.plainid.io

Using HTML Encoded Special Characters

Use HTML encoded patterns when working with values that contain special characters like spaces, dashes, etc. Refer to this HTML URL Encoding Reference for a full list.

Important note about headers

Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample, if not, ensure you add it to your cURL sample before pasting into your API tool.

Headers

*Required

Header	Value	cURL Line
Accept	`text/plain;language=rego` or `application/json`	`-H "Accept:text/plain;language=rego"` or `-H "Accept:application/json"`

Note: Use text/plain;language=rego when exporting a Structured policy as Rego.
Use application/json when exporting either Structured or Native policy in JSON format. See the examples below for more information.

cURL Sample Guidelines

In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right in the Try It or Code Sample tabs. You can then copy the cURL sample from the Code Sample tab in the correct format.

Security

HTTP

Type bearer

For more details about Administration API Authentication, check out the Authentication APIs documentation
Provide your bearer token in the Authorization header when making requests to protected resources.
Example: Authorization: Bearer 123

Path parameters

envId

string (uuid) Required

The Environment ID can be found under the Details tab in the Environment Settings.

Query parameters

filter[authWsId]

string (uuid) Required

Authorization Workspace ID. This can be found in your Authorization Workspace Settings under Workspace ID.

filter[id]

stringRequired

Policy ID Filter

extendedSchema

boolean

Toggle to either enable or disable additional metadata, like the Policy id and description, in the response.

Defaulttrue

Responses

200

successful operation

Headers

x-request-id

string

Native Policy Response

{
  "data": {
    "format": "json",
    "policy": {
      "policyId": "08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825",
      "name": "Bank Account Access Policy",
      "description": "Policy for accessing bank accounts",
      "accessType": "Allow",
      "policyUse": "SAAS_APPLICATIONS",
      "applications": [
        {
          "applicationId": "POP1V3WFXZ4PRIO",
          "attributes": {
            "vendorPolicyKind": "Row Access Policy",
            "vendorPolicyName": "POL1",
            "vendorPolicyOrder": 1,
            "database": "DB",
            "schema": "SCHEMA",
            "owner": "ROLE"
          },
          "nativeCode": {
            "language": "sql",
            "code": "{\"policy\":\"CREATE OR REPLACE ROW ACCESS POLICY \"POL1\"\"}"
          }
        }
      ]
    }
  }
}

Structured Policy Response

{
  "data": {
    "format": "rego",
    "Structured Policy": "# METADATA\n# custom:\n#   plainid:\n#     policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825\n#     name: Manage personal account and Credit cards\n#     description: Customer can view and manage their own accounts an credit cards only with MFA\n#     accessType: Allow\npackage policy\nimport rego.v1\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: dg1\n#     id: f28c17c2-caeb-4cf2-a549-02bf03fe4e17\n#     description: \"test DG\"\ndynamic_group(identity) if {\n  identity.template == \"idWs1\"\n  identity[\"idAttr1\"] == \"test\"\n  identity[\"idAttr1\"] != \"prod\"\n}\n"
  }
}

Expand All

object

Response object for export policy endpoint

data

object (ExportPolicyByFormatResponse)

format

string

The format of the exported policy

Valid values[ "json", "rego" ]

policy

OneOf

object

policyId

string

Policy external ID

name

string

Policy name

description

string

Policy description

accessType

string

Policy access type

Valid values[ "Allow", "Deny" ]

policyUse

string

Policy usage type

applications

Array of object

object

applicationId

string

Application ID

attributes

object

Application attributes

nativeCode

object

language

string

Native code language (e.g., SQL, Python)

code

string

Native code content

customAttributes

object

Custom policy attributes

string

meta

object (meta)

Response Meta

total

integer

Total number of records

limit

integer

Limit the number of records returned

offset

integer

The starting point for return of records

errors

Array of object (Error)

object

code

string

status

integer

name

string

message

string

args

object

path

string

Structured Policy

# METADATA
# custom:
#   plainid:
#     policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825
#     name: Manage personal account and Credit cards
#     description: Customer can view and manage their own accounts an credit cards only with MFA
#     accessType: Allow
package policy
import rego.v1

# METADATA
# custom:
#   plainid:
#     kind: DynamicGroup
#     name: dg1
#     id: f28c17c2-caeb-4cf2-a549-02bf03fe4e17
#     description: "test DG"
dynamic_group(identity) if {
  identity.template == "idWs1"
  identity["idAttr1"] == "test"
  identity["idAttr1"] != "prod"
}

string

Policy as Rego code (only for structured policies)

400

bad request

Headers

x-request-id

string

Authorization WS not found

{
  "errors": [
    {
      "code": "PAC-001",
      "args": {
        "0": "ceef5853-1491-4d1c-ae52-2f2a1729b3a4"
      },
      "id": "EWWOTR",
      "status": 400,
      "name": "AuthorizationWsNotFound",
      "message": "AuthorizationWs: [ceef5853-1491-4d1c-ae52-2f2a1729b3a4] not found"
    }
  ]
}

Structured policy not available

{
  "errors": [
    {
      "code": "PAC-012",
      "id": "EWWOTR",
      "status": 400,
      "name": "StructuredPolicyNotAvailable",
      "message": "Structured policy is not available"
    }
  ]
}

Expand All

object

errors

Array of object (Error)

object

code

string

status

integer

name

string

message

string

args

object

path

string

401

Unauthorized

Headers

x-request-id

string

404

not found

Headers

x-request-id

string

Policy not found

{
  "errors": [
    {
      "code": "PUA-033",
      "args": {
        "0": "a0a455bb-7dc3-4cd3-b0d2-86631ac75379",
        "1": "ceef5853-1491-4d1c-ae52-2f2a1729b3a4"
      },
      "id": "E7WJBB",
      "status": 404,
      "name": "PolicyNotFoundError",
      "message": "Policy Id doesn't exist in the environment"
    }
  ]
}

Expand All

object

errors

Array of object (Error)

object

code

string

status

integer

name

string

message

string

args

object

path

string

422

Validation Failed - Invalid UUID

Headers

x-request-id

string

Invalid ID Format

{
  "errors": [
    {
      "code": "V-032",
      "args": {
        "0": "ed252aa5-9d0c-4193-838-60bf20b13109",
        "1": "uuid"
      },
      "id": "EEJQMA",
      "status": 422,
      "name": "UnprocessableEntityError",
      "message": "$: test is an invalid uuid"
    }
  ]
}

Expand All

object

errors

Array of object (Error)

object

code

string

status

integer

name

string

message

string

args

object

path

string

Was this article helpful?