Import Policy

24 Sep 2024
3 Minutes to read

Print
Dark
Light
PDF

Import Policy

Updated on 24 Sep 2024
3 Minutes to read

Print
Dark
Light
PDF

Article summary

Did you find this summary helpful?

Thank you for your feedback

Post

/api/2.0/policies/{envId}

Note - for the older version, see Import Policy V1.

This API is used to create new Policies, update existing Policies and promote Policies between Environments. Only valid Policies will be created successfully.

Notice

Accessing the Policy Management APIs is through a dedicated domain/URL, according to your PlainID Tenant Location

United States (US) - https://api.us1.plainid.io

Canada (CA) - https://api.ca1.plainid.io

Europe (EU) - https://api.eu1.plainid.io

Local PAA - https://api.plainid.local

Using HTML Encoded Special Characters

Use HTML encoded patterns when working with values that contain special characters like spaces, dashes, etc. Refer to this HTML URL Encoding Reference for a full list.

Prerequisites

The following objects need to be available in the target Environment to successfully import the code:

Identity Templates in the target Environment with relevant Identity Attributes defined in the Identity Workspace Settings.

Asset Templates (Types) in the target Environment with associated Asset Attributes and Actions defined in the Asset Type Settings.

For Asset Templates using external sources, configuring PIP settings and views is necessary.

The following objects need to be available in the target Environment for Policies created to be considered in the access decision:

Asset Templates (Types) used in the Policy should be connected to an Application defined in the Applications area of the Authorization Workspace.

The relevant Application should be connected to a Scope defined in the Environment settings.

For Identity Templates using external sources, configuring PIP settings and views is necessary.

These connections can be defined before or after importing the Policy. Without these objects, the Policies can be successfully imported, but will not be considered as part of the Access decisions calculation.

Important note about headers

Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample, if not, ensure you add it to your cURL sample before pasting into your API tool.

Headers

*Required

Header	Value	cURL Line
Accept	`text/plain;language=rego`	`-H "Accept:text/plain;language=rego"`
Content-Type	`text/plain;language=rego`	`-H "Content-Type:text/plain;language=rego"`

cURL Sample Guidelines

In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right. They will then appear in the cURL sample on the bottom of the page in the correct format.

Security

HTTP

Type bearer

For more details about Administration API Authentication, check out the Authentication APIs documentation. Provide your bearer token in the Authorization header when making requests to protected resources. Example: Authorization: Bearer 123

Path parameters

envId

string (uuid) Required

The Environment ID can be found under the Details tab in the Environment Settings.

Query parameters

filter[authWsId]

string (uuid) Required

Authorization Workspace ID

extendedSchema

boolean

Toggle to either enable or disable additional metadata, like the Policy id and description, in the response.

Defaulttrue

Body parameters

Policy

"# METADATA\n# custom:\n#   plainid:\n#     policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825\n#     name: Manage personal account and Credit cards\n#     description: Customer can view and manage their own accounts an credit cards only with MFA\n#     accessType: Allow\npackage policy\nimport future.keywords\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: dg1\n#     description: \"test DG\"\ndynamic_group(identity){\n    identity.template == \"idWs1\"\n    identity[\"idAttr1\"] == \"test\"\n    identity[\"idAttr1\"] != \"prod\"\n}\n"

string

Policy as Rego code

Responses

201

successful operation

Headers

x-request-id

string

Imported Policy

"# METADATA\n# custom:\n#   plainid:\n#     policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825\n#     name: Manage personal account and Credit cards\n#     description: Customer can view and manage their own accounts an credit cards only with MFA\n#     accessType: Allow\npackage policy\nimport future.keywords\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: dg1\n#     id: f28c17c2-caeb-4cf2-a549-02bf03fe4e17\n#     description: \"test DG\"\ndynamic_group(identity){\n  identity.template == \"idWs1\"\n  identity[\"idAttr1\"] == \"test\"\n  identity[\"idAttr1\"] != \"prod\"\n}\n"

string

Policy as Rego code

400

bad request

Headers

x-request-id

string

Authorization WS not found

{
  "errors": [
    {
      "args": {
        "0": "ceef5853-1491-4d1c-ae52-2f2a1729b3a4"
      },
      "code": "PAC-001",
      "id": "EWWOTR",
      "message": "AuthorizationWs: [ceef5853-1491-4d1c-ae52-2f2a1729b3a4] not found",
      "name": "AuthorizationWsNotFound",
      "status": 400
    }
  ]
}

Expand All

object

errors

Array of object (Error)

object

args

object

path

string

code

string

message

string

name

string

status

integer

401

Unauthorized

Headers

x-request-id

string

422

Validation Failed - Invalid UUID

Headers

x-request-id

string

Invalid ID Format

{
  "errors": [
    {
      "args": {
        "0": "ed252aa5-9d0c-4193-838-60bf20b13109",
        "1": "uuid"
      },
      "code": "V-032",
      "id": "EEJQMA",
      "message": "$: test is an invalid uuid",
      "name": "UnprocessableEntityError",
      "status": 422
    }
  ]
}

Expand All

object

errors

Array of object (Error)

object

args

object

path

string

code

string

message

string

name

string

status

integer

Was this article helpful?

What's Next

Validate Policy