Import Policy

Updated on Jan 30, 2025

5 minute(s) read

Post

Deprecated

/api/1.0/policies/{envId}

Note: This version will be sunset (retired) in June 2025.
See Import Policy V2 for the latest documentation.

This API is used to create new Policies, update existing Policies and promote Policies between Environments. Note that only valid Policies will be created successfully.

Notice

Accessing the Policy Management APIs is through a dedicated domain/URL, according to your PlainID Tenant Location

United States (US) - https://api.us1.plainid.io

Canada (CA) - https://api.ca1.plainid.io

Europe (EU) - https://api.eu1.plainid.io

Prerequisites

The following objects need to be available in the target Environment to successfully import the code:

Identity Templates in the target Environment with relevant Identity Attributes defined in the Identity Workspace Settings screen.

Asset Templates in the target Environment with associated Asset Attributes and Actions defined in the Asset Type Settings screen.

The following objects need to be available in the target Environment for Policies created to be considered in the access decision:

Asset Types used in the Policy should be connected to an Application defined in the Applications area of the Authorization Workspace.

The relevant Application should be connected to a Scope defined in the Environment settings.

These connections can be defined before or after importing the Policy. Without these objects, the Policies can be successfully imported, but will not be considered as part of the Access decisions calculation.

cURL Sample Guidelines

In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right. They will then appear in the cURL sample on the bottom of the page in the correct format.

Security

HTTP

Type bearer

For more details about Administration API Authentication, check out the Authentication APIs documentation. Provide your bearer token in the Authorization header when making requests to protected resources. Example: Authorization: Bearer 123

Path parameters

envId

stringRequired

The environment that the policy will be imported to
The Environment ID can be found under the Details tab in the Environment Settings.

Body parameters

Sample Import Policy - Valid

{
  "policyCode": "# METADATA\n# custom:\n#   plainid:\n#     policyId: PaC1\n#     name: Manage consumers accounts in branch\n#     description: Tellers, Senior Tellers, Branch Managers can manage private consumer accounts in their own branch only during business hours\n#     accessType: Allow\npackage policy\nimport future.keywords\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: BranchManager\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"internal\"\n\tidentity[\"title\"] == \"branch manager\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: SeniorTeller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"title\"] == \"Senior Teller\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: Teller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Ruleset\n#     name: Private consumer bank accounts managed in the user branch\nruleset(asset, identity, requestParams){\n\tasset.template == \"Bank Accounts\"\n\tidentity.template == \"User\"\n\tasset[\"account_type\"] == \"private\"\n\tasset[\"account_branch\"] == identity[\"User_Branch\"]\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Action\naction(asset){\n\tasset.template == \"Bank Accounts\"\n\tasset.action in [\"Manage\",\"View\"]\n}",
  "language": "rego",
  "authWsId": "57fd3c41-fada-41a9-b5ab-fad1133f1e63"
}

Sample Import Policy - With invalid `identity.template`

{
  "policyCode": "# METADATA\n# custom:\n#   plainid:\n#     policyId: PaC1\n#     name: Manage consumers accounts in branch\n#     description: Tellers, Senior Tellers, Branch Managers can manage private consumer accounts in their own branch only during business hours\n#     accessType: Allow\npackage policy\nimport future.keywords\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: BranchManager\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"internal\"\n\tidentity[\"title\"] == \"branch manager\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: SeniorTeller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"title\"] == \"Senior Teller\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: Teller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Ruleset\n#     name: Private consumer bank accounts managed in the user branch\nruleset(asset, identity, requestParams){\n\tasset.template == \"Bank Accounts\"\n\tidentity.template == \"User\"\n\tasset[\"account_type\"] == \"private\"\n\tasset[\"account_branch\"] == identity[\"User_Branch\"]\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Action\naction(asset){\n\tasset.template == \"Bank Accounts\"\n\tasset.action in [\"Manage\",\"View\"]\n}",
  "language": "rego",
  "authWsId": "57fd3c41-fada-41a9-b5ab-fad1133f1e63"
}

Sample Import Policy - With Multiple Errors

{
  "policyCode": "# METADATA\n# custom:\n#   plainid:\n#     policyId: PaC1\n#     name: Manage consumers accounts in branch\n#     description: Tellers, Senior Tellers, Branch Managers can manage private consumer accounts in their own branch only during business hours\n#     accessType: Allow\npackage policy\nimport future.keywords\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: BranchManager\ndynamic_group(identity){\n\tidentity.template == \"Usr\"\n\tidentity[\"User_Type\"] == \"internal\"\n\tidentity[\"title\"] == \"branch manager\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: SeniorTeller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"title\"] == \"Senior Teller\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: Teller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Ruleset\n#     name: Private consumer bank accounts managed in the user branch\nruleset(asset, identity, requestParams){\n\tasset.template == \"Bank Acounts\"\n\tidentity.template == \"User\"\n\tasset[\"account_type\"] == \"private\"\n\tasset[\"account_branch\"] == identity[\"User_Branch\"]\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Action\naction(asset){\n\tasset.template == \"Bank Acounts\"\n\tasset.action in [\"Manage\",\"View\"]\n}",
  "language": "rego",
  "authWsId": "57fd3c41-fada-41a9-b5ab-fad1133f1e63"
}

object

policyCode

string Required

Structured Rego Policy

Detailed instructions for structured Rego to be found [here] - (https://docs.plainid.io/apidocs/structured-rego)

authWsId

string Required

Authorization Workspace ID. This can be found in your Authorization Workspace Settings under Workspace ID.

language

string Required

The code language - rego

Responses

201

Policy Created

Headers

x-request-id

string

Policy Created Successfully

{
  "data": {
    "language": "rego",
    "policyCode": "# METADATA\n# custom:\n#   plainid:\n#     policyId: PaC1\n#     name: Manage consumers accounts in branch\n#     description: Tellers, Senior Tellers, Branch Managers can manage private consumer accounts in their own branch only during business hours\n#     accessType: Allow\npackage policy\nimport future.keywords\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: BranchManager\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"internal\"\n\tidentity[\"title\"] == \"branch manager\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: SeniorTeller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"title\"] == \"Senior Teller\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: Teller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Ruleset\n#     name: Private consumer bank accounts managed in the user branch\nruleset(asset, identity, requestParams){\n\tasset.template == \"Bank Accounts\"\n\tidentity.template == \"User\"\n\tasset[\"account_type\"] == \"private\"\n\tasset[\"account_branch\"] == identity[\"User_Branch\"]\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Action\naction(asset){\n\tasset.template == \"Bank Accounts\"\n\tasset.action in [\"Manage\",\"View\"]\n}",
    "isPolicyCompleted": true
  }
}

Expand All

object

data

object

language

string

policyCode

string

isPolicyCompleted

boolean

400

Policy Import Failed - Validation Errors

Headers

x-request-id

string

Validation error

{
  "errors": [
    {
      "code": "PACV-001",
      "id": "EVR045",
      "name": "TemplateNotFound",
      "message": "Template ID [Usr] was not found in Environment ID [ed252aa5-9d0c-4193-8388-60bf20b13109]. Hint: Did you mean [User]?",
      "line": 39
    }
  ]
}

Multiple validation errors

{
  "errors": [
    {
      "code": "PACV-001",
      "id": "EOEN7T",
      "name": "TemplateNotFound",
      "message": "Template ID [Usr] was not found in Environment ID [ed252aa5-9d0c-4193-8388-60bf20b13109]. Hint: Did you mean [User]?",
      "line": 39
    },
    {
      "code": "PACV-001",
      "id": "EJFMNJ",
      "name": "TemplateNotFound",
      "message": "Template ID [Bank Acounts] was not found in Environment ID [ed252aa5-9d0c-4193-8388-60bf20b13109]. Hint: Did you mean [Bank Accounts, Client Profiles, Credit Cards, Loans, Modules App customer, Modules App Internal]?",
      "line": 60
    },
    {
      "code": "PACV-004",
      "id": "E5KZRO",
      "name": "MissingRequiredActions",
      "message": "Action Rule was not defined for Asset Template [Bank Accounts]. Hint: Remove the Ruleset or add required Action Rule with one or more Actions [Manage, Suspend, View].",
      "line": -1
    }
  ]
}

Authorization Workspace not found

{
  "errors": [
    {
      "code": "PAC-001",
      "args": {
        "0": "57fd3c41-fada-41a9-b5ab-fad1133f1e63"
      },
      "id": "EBLBJH",
      "status": 400,
      "name": "AuthorizationWsNotFound",
      "message": "AuthorizationWs: [57fd3c41-fada-41a9-b5ab-fad1133f1e63] not found"
    }
  ]
}

Expand All

object

errors

Array of object

object

code

string

name

string

line

integer

message

string

401

Unauthorized

Headers

x-request-id

string

422

Validation Failed - Invalid UUID

Headers

x-request-id

string

Invalid ID Format

{
  "errors": [
    {
      "code": "V-032",
      "args": {
        "0": "ed252aa5-9d0c-4193-838-60bf20b13109",
        "1": "uuid"
      },
      "id": "EEJQMA",
      "status": 422,
      "name": "UnprocessableEntityError",
      "message": "$: ed252aa5-9d0c-4193-838-60bf20b13109 is an invalid uuid"
    }
  ]
}

Expand All

object

errors

Array of object

object

code

string

args

object

string

status

integer

name

string

message

string

Was this article helpful?