Validate Policy.
In the Try It section, view examples and code samples based on Response format, Content Type (next to the Body title), and Body dropdowns.
Notice
Accessing the Policy Management APIs is through a dedicated domain/URL, according to your PlainID Tenant Locationhttps://api.us1.plainid.io
https://api.ca1.plainid.io
https://api.eu1.plainid.io
Using HTML Encoded Special Characters
Use HTML encoded patterns when working with values that contain special characters like spaces, dashes, etc. Refer to this HTML URL Encoding Reference for a full list.
Important note about headers
Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample, if not, ensure you add it to your cURL sample before pasting into your API tool.
Headers
*RequiredHeader | Value | cURL Line |
---|---|---|
Content-Type | `text/plain;language=rego` or `application/json` | `-H "Content-Type:text/plain;language=rego"` or `-H "Content-Type:application/json"` |
text/plain;language=rego
when writing Rego in the body.Use
application/json
when writing either Structured or Native code.
See the examples below for more information.
cURL Sample Guidelines
In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right in the Try It or Code Sample tabs. You can then copy the cURL sample from the Code Sample tab in the correct format.
For more details about Administration API Authentication, check out the Authentication APIs documentation
Provide your bearer token in the Authorization header when making requests to protected resources.
Example: Authorization: Bearer 123
The Environment ID can be found under the Details tab in the Environment Settings.
Authorization Workspace ID. This can be found in your Authorization Workspace Settings under Workspace ID.
Toggle to either enable or disable additional metadata in the response, like the Policy id
and description
.
# METADATA
# custom:
# plainid:
# policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825
# name: Manage personal account and Credit cards
# description: Customer can view and manage their own accounts an credit cards only with MFA
# accessType: Allow
package policy
import rego.v1
# METADATA
# custom:
# plainid:
# kind: DynamicGroup
# name: dg1
# description: "test DG"
dynamic_group(identity) if {
identity.template == "idWs1"
identity["idAttr1"] == "test"
identity["idAttr1"] != "prod"
}
Policy as Rego code
{
"format": "rego",
"policy": "# METADATA\n# custom:\n# plainid:\n# policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825\n# name: Manage personal account and Credit cards\n# description: Customer can view and manage their own accounts an credit cards only with MFA\n# accessType: Allow\npackage policy\nimport rego.v1\n\n# METADATA\n# custom:\n# plainid:\n# kind: DynamicGroup\n# name: dg1\n# description: \"test DG\"\ndynamic_group(identity) if {\n identity.template == \"idWs1\"\n identity[\"idAttr1\"] == \"test\"\n identity[\"idAttr1\"] != \"prod\"\n}"
}
{
"format": "json",
"policy": {
"policyId": "OCP1UUYIIV2DU87",
"name": "Bank Account Access Policy",
"description": "Policy for accessing bank accounts",
"accessType": "Allow",
"policyUse": "SAAS_APPLICATIONS",
"applications": [
{
"applicationId": "POP1V3WFXZ4PRIO",
"attributes": {
"vendorPolicyKind": "Row Access Policy",
"vendorPolicyName": "POL1",
"vendorPolicyOrder": 1,
"database": "DB",
"schema": "SCHEMA",
"owner": "ROLE"
},
"nativeCode": {
"language": "sql",
"code": "{\"policy\":\"CREATE OR REPLACE ROW ACCESS POLICY \"POL1\"\"}"
}
}
]
}
}
Request body for validating policies by format
Policy format type
Policy content as JSON object
successful operation
Valid response for text/plain;language=rego requests
{
"data": {
"code": "# METADATA\n# custom:\n# plainid:\n# policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825\n# name: Manage personal account and Credit cards\n# description: Customer can view and manage their own accounts an credit cards only with MFA\n# accessType: Allow\npackage policy\nimport rego.v1\n\n# METADATA\n# custom:\n# plainid:\n# kind: DynamicGroup\n# name: dg1\n# description: \"test DG\"\ndynamic_group(identity) if {\n identity.template == \"idWs1\"\n identity[\"idAttr1\"] == \"test\"\n identity[\"idAttr1\"] != \"prod\"\n}\n",
"action": "CREATE",
"validationErrors": []
}
}
Invalid response for 'text/plain;language=rego' requests
{
"data": {
"validationErrors": [
{
"code": "PACV-001",
"id": "ERHCQC",
"name": "TemplateNotFound",
"message": "Template: [at1] not found in Environment: [ceef5853-1491-4d1c-ae52-2f2a1729b3a4], Hint: did yo mean [Claims]?",
"args": {
"0": "at1",
"1": "ceef5853-1491-4d1c-ae52-2f2a1729b3a4",
"2": "Claims"
},
"line": 1
}
]
}
}
Valid Structured policy response for 'application/json' requests
{
"data": {
"format": "rego",
"Structured Policy": "# METADATA\n# custom:\n# plainid:\n# policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825\n# name: Manage personal account and Credit cards\n# description: Customer can view and manage their own accounts an credit cards only with MFA\n# accessType: Allow\npackage policy\nimport rego.v1\n\n# METADATA\n# custom:\n# plainid:\n# kind: DynamicGroup\n# name: dg1\n# description: \"test DG\"\ndynamic_group(identity) if {\n identity.template == \"idWs1\"\n identity[\"idAttr1\"] == \"test\"\n identity[\"idAttr1\"] != \"prod\"\n}",
"policyId": "08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825",
"action": "CREATE",
"isPolicyCompleted": true,
"validationErrors": []
}
}
Valid Native policy response for application/json requests
{
"data": {
"format": "json",
"policy": {
"policyId": "OCP1UUYIIV2DU87",
"name": "Bank Account Access Policy",
"description": "Policy for accessing bank accounts",
"accessType": "Allow",
"policyUse": "SAAS_APPLICATIONS",
"applications": [
{
"applicationId": "POP1V3WFXZ4PRIO",
"attributes": {
"vendorPolicyKind": "Row Access Policy",
"vendorPolicyName": "POL1",
"vendorPolicyOrder": 1,
"database": "DB",
"schema": "SCHEMA",
"owner": "ROLE"
},
"nativeCode": {
"language": "sql",
"code": "{\"policy\":\"CREATE OR REPLACE ROW ACCESS POLICY \"POL1\"\"}"
}
}
]
},
"policyId": "OCP1UUYIIV2DU87",
"action": "CREATE",
"isPolicyCompleted": true,
"validationErrors": []
}
}
Code
Action
Validate policy response data
Policy format type
Policy content based on format
Policy ID
CREATE if policy is new, UPDATE if policy already exists
Whether the policy is completed
Validation error details for policy import/validation
Error code
Unique error identifier
Error name
Human-readable error message
Error arguments with key-value pairs
Line number where the error occurred (if applicable)
Response Meta
Total number of records
Limit the number of records returned
The starting point for return of records
Unauthorized
Validation Failed - Invalid UUID
{
"errors": [
{
"code": "V-032",
"args": {
"0": "ed252aa5-9d0c-4193-838-60bf20b13109",
"1": "uuid"
},
"id": "EEJQMA",
"status": 422,
"name": "UnprocessableEntityError",
"message": "$: test is an invalid uuid"
}
]
}