---
title: "Policy List"
slug: "policy-list-1"
updated: 2025-06-29T14:12:38Z
published: 2025-07-08T10:10:03Z
stale: true
---
> ## Documentation Index
> Fetch the complete documentation index at: https://docs.plainid.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Policy List
Post/api/runtime/policies/v3
The Policy List API call returns the relevant policies for each input object with their meta data.
### Notice
When accessing the Authorization APIs, the URL base/prefix, according to your PlainID PDP Location**United States Cloud PDP** - `https://tenant-name.us1.plainid.io`**Canadian Cloud PDP** - `https://tenant-name.ca1.plainid.io`**European Cloud PDP** - `https://tenant-name.eu1.plainid.io`
For more information on which Asset Types to use with your PAA or Cloud PDP, refer to [Managing Asset Types](https://docs.plainid.io/docs/managing-asset-types).
### Important note about headers
Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample, if not, ensure you add it to your cURL sample before pasting into your API tool.
### Headers
*Required
| Header | Value | cURL Line |
| --- | --- | --- |
| Accept | `application/json` | `'accept: application/json'` |
| Content-Type | `application/json` | `'content-type: application/json'` |
### cURL Sample Guidelines
In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right under the Try It\* or the Code Sample tabs. They will then appear in the cURL sample in the correct format to use in your API tool. *\*Try It function coming soon.*
SecurityHTTPType bearer
For more details about Administration API Authentication, check out the Authentication APIs documentation Provide your bearer token in the Authorization header when making requests to protected resources. Example: `Authorization: Bearer 123`
Body parametersPolicies request
```json
{
"clientId": "clientId",
"clientSecret": "clientSecret",
"objects": [
{
"type": "Identity",
"data": {
"asset": {
"resourceType": "assetTemplateId",
"path": "resourcePath",
"actions": [
"access"
],
"assetAttributes": {
"attr1": [
"val1",
"val2"
],
"attr2": [
"val"
]
}
},
"entityId": "uid",
"entityTypeId": "user",
"entityAttributes": {
"entityAttr1": [
"val1"
],
"entityAttr2": [
"val2"
]
},
"contextData": {
"branch_id": [
"512"
]
},
"environment": {
"envKey1": [
"envVal1"
]
},
"remoteIp": "0.0.0.0",
"timeZoneOffset": 0.0,
"assetList": [
{
"template": "Orders",
"path": "/orders",
"assetAttributes": {
"order_type": [
"credit_card"
],
"customer_type": [
"private"
]
}
}
],
"useCache": true,
"key": "dd6841a9-48e5-46e4-8621-628547292518",
"failOnCalculatedAttributesErrors": true
}
},
{
"type": "Asset",
"data": {
"asset": {
"resourceType": "assetTemplateId",
"path": "resourcePath",
"actions": [
"access"
],
"assetAttributes": {
"attr1": [
"val1",
"val2"
],
"attr2": [
"val"
]
}
},
"entityId": "uid",
"entityTypeId": "user",
"entityAttributes": {
"entityAttr1": [
"val1"
],
"entityAttr2": [
"val2"
]
},
"contextData": {
"branch_id": [
"512"
]
},
"environment": {
"envKey1": [
"envVal1"
]
},
"remoteIp": "0.0.0.0",
"timeZoneOffset": 0.0,
"assetList": [
{
"template": "Orders",
"path": "/orders",
"assetAttributes": {
"order_type": [
"credit_card"
],
"customer_type": [
"private"
]
}
}
],
"useCache": true,
"key": "dd6841a9-48e5-46e4-8621-628547292518",
"failOnCalculatedAttributesErrors": true
}
}
]
}
```
Expand Allobject clientIdstring
Client ID of the Scope The Client ID is **required**, ensure that it is defined either in the header as `X-Client-Id` or in the body as `clientId`.
clientSecretstring
Client Secret ID of the Scope. You can also authenticate with an Authorization Token (in your API tool). Note that the X-Client-Id is still required, whether in the header or the body. Refer to [Setting up an Authentication Method](https://docs.plainid.io/v1/docs/managing-scope-authentication#setting-up-an-authentication-method-in-the-scope) for more information.
objects Array of object Requiredobject typestring RequiredValid values[
"Identity",
"Asset"
]
dataobject Required
User Access Token and User List request parameters
assetobject resourceTypestring
Asset Template ID (required)
pathstring
Unique Identifier of the Asset (required)
actions Array of string
Name of the Action (optional)
string
assetAttributesobject
(optional)
attribute_1 Array of string string
attribute_2 Array of string string
entityIdstring
Unique identifier of the Identity
Min length1
entityTypeIdstring
Identity Template ID
Min length1
entityAttributesobject
List of Identity Attributes and their values.
If not defined, Dynamic groups based on virtual attributes will not be considered in the Access Decision.
string Array
contextDataobject
Identity Context data for this request.
When specifying this parameter, you are requesting information based on a specific parameter and its value.
For example, Location where the contextData equals a specific branch.
If not defined, Dynamic groups based on context data will not be considered in the Access Decision.
string Array
environmentobject
Environmental parameters need to be defined in policies as request. (in Asset rules or Conditions) and also sent in the authorization request. Only the Assets that match what will be sent in the request will come back.
If not defined, parametes based on emviromental data will not be considered in the Access Decision.
string Array
remoteIpstring (ipv4)
IP address to be used when validating a Policy. Ensure that your IP Ranges are correct based on an [IP calculator](https://www.ipaddressguide.com/cidr). If not defined, the IP considered in the calculation is taken from the X-Forwarded-For (Request header). If not defined, the IP considered in the calculation is taken from the X-Forwarded-For (Request header).
Min length1
timeZoneOffsetnumber
To define the offset from UTC time zone. Used in Time Condition.
Default0.0Example-12.0
assetList Array of object
Contains a list of the Asset's unique identifier and attributes
object templatestring
Asset Template ID
pathstring
Asset Unique Identifier
assetAttributesobject attribute_1 Array of string string
attribute_2 Array of string string
useCacheboolean
The Attribute will determines if the response will consider the cache settings or override the cache and preforming full calculation.
Defaulttrue
keystring
An auto-generated key to set the correlation between the requested object and the response object (optional).
failOnCalculatedAttributesErrorsboolean
Fail request when Attribute calculation fails.
Defaulttrue
Responses200
Each object input gets a list of Policies
Expand Allobject data Array of object object objectobject typestring Valid values[
"Identity",
"Asset"
]
dataobject
User Access Token and User List Request Parameters
AnyOfobjectobjectkeystring
An auto-generated key to set the correlation between the requested object and the response object (optional).
objectobjectassetobject resourceTypestring
Asset Template ID (required)
pathstring
Unique Identifier of the Asset (required)
actions Array
Name of the Action (optional)
assetAttributesobject
(optional)
attribute_1string
attribute_2string
entityIdstring
Unique identifier of the Identity
Min length1
clientIdstring
Client ID of the Scope
Min length1
clientSecretstring
Client Secret ID of the Scope. You can also authenticate with an Authorization Token (in your API tool).
Min length1
entityTypeIdstring
Identity Template ID
Min length1
entityAttributesobject
List of Identity Attributes and their values.
If not defined, Dynamic groups based on virtual attributes will not be considered in the Access Decision.
string Array
contextDataobject
Identity Context data for this request.
When specifying this parameter, you are requesting information based on a specific parameter and its value.
For example, Location where the contextData equals a specific branch.
If not defined, Dynamic groups based on context data will not be considered in the Access Decision.
string Array
environmentobject
Environmental parameters need to be defined in policies as request. (in Asset rules or Conditions) and also sent in the authorization request. Only the assets that match what will be sent in the request will come back.
If not defined, parametes based on emviromental data will not be considered in the Access Decision.
string Array
remoteIpstring (ipv4)
IP address to be used when validating a Policy. Ensure that your IP Ranges are correct based on an [IP calculator](https://www.ipaddressguide.com/cidr). If not defined, the IP considered in the calculation is taken from the X-Forwarded-For (Request header). If not defined, the IP considered in the calculation is taken from the X-Forwarded-For (Request header).
Min length1
timeZoneOffsetnumber
To define the offset from UTC time zone. Used in Time Condition.
Default0.0Example-12.0
assetList Array of object
Contains a list of the Asset's unique identifier and attributes
object templatestring
Asset Template ID
pathstring
Asset Unique Identifier
assetAttributesobject attribute_1 Array of string string
attribute_2 Array of string string
useCacheboolean
The Attribute will determines if the response will consider the cache settings or override the cache and preforming full calculation.
Defaulttrue
responseobject permissions Array of object object permissionIdstring
permissionstring
accessTypestring Valid values[
"allow",
"restrict"
]
permissionMetadataobject (permissionMetadata)
Additional response metadata. This response is only returned when the `includeAccessPolicy` is set to true, and when the `permissionMetadata` object contains one or more properties.
errorstring
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
500
Internal Server Error
501
Not Implemented