Validate Policy

Updated on Oct 5, 2025
Published on Apr 7, 2024

5 minute(s) read

Post

/api/2.0/policies/{envId}/validation

Validate Policy.
In the Try It section, view examples and code samples based on Response format, Content Type (next to the Body title), and Body dropdowns.

Notice

Accessing the Policy Management APIs is through a dedicated domain/URL, according to your PlainID Tenant Location

United States (US) - https://api.us1.plainid.io

Canada (CA) - https://api.ca1.plainid.io

Europe (EU) - https://api.eu1.plainid.io

Using HTML Encoded Special Characters

Use HTML encoded patterns when working with values that contain special characters like spaces, dashes, etc. Refer to this HTML URL Encoding Reference for a full list.

Important note about headers

Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample, if not, ensure you add it to your cURL sample before pasting into your API tool.

Headers

*Required

Header	Value	cURL Line
Content-Type	`text/plain;language=rego` or `application/json`	`-H "Content-Type:text/plain;language=rego"` or `-H "Content-Type:application/json"`

Note: Use text/plain;language=rego when writing Rego in the body.
Use application/json when writing either Structured or Native code. See the examples below for more information.

cURL Sample Guidelines

In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right in the Try It or Code Sample tabs. You can then copy the cURL sample from the Code Sample tab in the correct format.

Security

HTTP

Type bearer

For more details about Administration API Authentication, check out the Authentication APIs documentation
Provide your bearer token in the Authorization header when making requests to protected resources.
Example: Authorization: Bearer 123

Path parameters

envId

string (uuid) Required

The Environment ID can be found under the Details tab in the Environment Settings.

Query parameters

filter[authWsId]

string (uuid) Required

Authorization Workspace ID. This can be found in your Authorization Workspace Settings under Workspace ID.

extendedSchema

boolean

Toggle to either enable or disable additional metadata in the response, like the Policy id and description.

Defaulttrue

Body parameters

Structured Policy

# METADATA
# custom:
#   plainid:
#     policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825
#     name: Manage personal account and Credit cards
#     description: Customer can view and manage their own accounts an credit cards only with MFA
#     accessType: Allow
package policy
import rego.v1

# METADATA
# custom:
#   plainid:
#     kind: DynamicGroup
#     name: dg1
#     description: "test DG"
dynamic_group(identity) if {
  identity.template == "idWs1"
  identity["idAttr1"] == "test"
  identity["idAttr1"] != "prod"
}

string

Policy as Rego code

Structured Policy

{
  "format": "rego",
  "policy": "# METADATA\n# custom:\n#   plainid:\n#     policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825\n#     name: Manage personal account and Credit cards\n#     description: Customer can view and manage their own accounts an credit cards only with MFA\n#     accessType: Allow\npackage policy\nimport rego.v1\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: dg1\n#     description: \"test DG\"\ndynamic_group(identity) if {\n  identity.template == \"idWs1\"\n  identity[\"idAttr1\"] == \"test\"\n  identity[\"idAttr1\"] != \"prod\"\n}"
}

Native Policy

{
  "format": "json",
  "policy": {
    "policyId": "OCP1UUYIIV2DU87",
    "name": "Bank Account Access Policy",
    "description": "Policy for accessing bank accounts",
    "accessType": "Allow",
    "policyUse": "SAAS_APPLICATIONS",
    "applications": [
      {
        "applicationId": "POP1V3WFXZ4PRIO",
        "attributes": {
          "vendorPolicyKind": "Row Access Policy",
          "vendorPolicyName": "POL1",
          "vendorPolicyOrder": 1,
          "database": "DB",
          "schema": "SCHEMA",
          "owner": "ROLE"
        },
        "nativeCode": {
          "language": "sql",
          "code": "{\"policy\":\"CREATE OR REPLACE ROW ACCESS POLICY \"POL1\"\"}"
        }
      }
    ]
  }
}

Expand All

object

Request body for validating policies by format

format

string Required

Policy format type

Valid values[ "rego", "json" ]

Examplerego

policy

object Required

Policy content as JSON object

Responses

200

successful operation

Headers

x-request-id

string

Valid_TextPlain

Valid response for text/plain;language=rego requests

{
  "data": {
    "code": "# METADATA\n# custom:\n#   plainid:\n#     policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825\n#     name: Manage personal account and Credit cards\n#     description: Customer can view and manage their own accounts an credit cards only with MFA\n#     accessType: Allow\npackage policy\nimport rego.v1\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: dg1\n#     description: \"test DG\"\ndynamic_group(identity) if {\n  identity.template == \"idWs1\"\n  identity[\"idAttr1\"] == \"test\"\n  identity[\"idAttr1\"] != \"prod\"\n}\n",
    "action": "CREATE",
    "validationErrors": []
  }
}

Invalid_TextPlain

Invalid response for 'text/plain;language=rego' requests

{
  "data": {
    "validationErrors": [
      {
        "code": "PACV-001",
        "id": "ERHCQC",
        "name": "TemplateNotFound",
        "message": "Template: [at1] not found in Environment: [ceef5853-1491-4d1c-ae52-2f2a1729b3a4], Hint: did yo  mean [Claims]?",
        "args": {
          "0": "at1",
          "1": "ceef5853-1491-4d1c-ae52-2f2a1729b3a4",
          "2": "Claims"
        },
        "line": 1
      }
    ]
  }
}

StructuredPolicy_ApplicationJson

Valid Structured policy response for 'application/json' requests

{
  "data": {
    "format": "rego",
    "Structured Policy": "# METADATA\n# custom:\n#   plainid:\n#     policyId: 08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825\n#     name: Manage personal account and Credit cards\n#     description: Customer can view and manage their own accounts an credit cards only with MFA\n#     accessType: Allow\npackage policy\nimport rego.v1\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: dg1\n#     description: \"test DG\"\ndynamic_group(identity) if {\n  identity.template == \"idWs1\"\n  identity[\"idAttr1\"] == \"test\"\n  identity[\"idAttr1\"] != \"prod\"\n}",
    "policyId": "08ae32e4-fbf3-4cc8-b3b9-3b4061d1c825",
    "action": "CREATE",
    "isPolicyCompleted": true,
    "validationErrors": []
  }
}

NativePolicy_ApplicationJson

Valid Native policy response for application/json requests

{
  "data": {
    "format": "json",
    "policy": {
      "policyId": "OCP1UUYIIV2DU87",
      "name": "Bank Account Access Policy",
      "description": "Policy for accessing bank accounts",
      "accessType": "Allow",
      "policyUse": "SAAS_APPLICATIONS",
      "applications": [
        {
          "applicationId": "POP1V3WFXZ4PRIO",
          "attributes": {
            "vendorPolicyKind": "Row Access Policy",
            "vendorPolicyName": "POL1",
            "vendorPolicyOrder": 1,
            "database": "DB",
            "schema": "SCHEMA",
            "owner": "ROLE"
          },
          "nativeCode": {
            "language": "sql",
            "code": "{\"policy\":\"CREATE OR REPLACE ROW ACCESS POLICY \"POL1\"\"}"
          }
        }
      ]
    },
    "policyId": "OCP1UUYIIV2DU87",
    "action": "CREATE",
    "isPolicyCompleted": true,
    "validationErrors": []
  }
}

Expand All

OneOf

validationResponseV2

object (validationResponseV2)

data

object

code

string

Code

action

string

Action

Valid values[ "UPDATE", "CREATE" ]

validationErrors

Array of object | null

object

code

string

name

string

message

string

line

integer

ValidatePolicyByFormatResponse

object (ValidatePolicyByFormatResponse)

data

object

Validate policy response data

format

string

Policy format type

Valid values[ "rego", "json" ]

Examplerego

policy

object

Policy content based on format

policyId

string

Policy ID

action

string

CREATE if policy is new, UPDATE if policy already exists

Valid values[ "CREATE", "UPDATE" ]

ExampleCREATE

isPolicyCompleted

boolean

Whether the policy is completed

validationErrors

Array of object (ImportValidationError)

object

Validation error details for policy import/validation

code

string

Error code

ExamplePACV-001

string

Unique error identifier

ExampleERHCQC

name

string

Error name

ExampleTemplateNotFound

message

string

Human-readable error message

ExampleTemplate: [at1] not found in Environment: [ceef5853-1491-4d1c-ae52-2f2a1729b3a4], Hint: did you mean [Claims]?

args

object

Error arguments with key-value pairs

Example{ "0": "at1", "1": "ceef5853-1491-4d1c-ae52-2f2a1729b3a4", "2": "Claims" }

property*

string additionalProperties

line

integer

Line number where the error occurred (if applicable)

Example1