Policy List

Updated on Mar 30, 2025

5 minute(s) read

Prev Next

Post

/api/runtime/policies/v3

The Policy List API call returns the relevant policies for each input object with their meta data.

Notice

When accessing the Authorization APIs, the URL base/prefix, according to your PlainID PDP Location

United States Cloud PDP - `https://tenant-name.us1.plainid.io`

Canadian Cloud PDP - `https://tenant-name.ca1.plainid.io`

European Cloud PDP - `https://tenant-name.eu1.plainid.io`

Local PAA - `https://your-paa.acme.local`

For more information on which Asset Types to use with your PAA or Cloud PDP, refer to Managing Asset Types.

Important note about headers

Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample, if not, ensure you add it to your cURL sample before pasting into your API tool.

Headers

*Required

Header	Value	cURL Line
content-type	`application/json`	`-H 'Content-Type: application/json' `

cURL Sample Guidelines

In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right. They will then appear in the cURL sample on the bottom of the page in the correct format.

Security

HTTP

Type bearer

For more details about Administration API Authentication, check out the Authentication APIs documentation
Provide your bearer token in the Authorization header when making requests to protected resources.
Example: Authorization: Bearer 123

Body parameters

Expand All

object

clientId

string

Client ID of the Scope
The Client ID is required, ensure that it is defined either in the header as X-Client-Id or in the body as clientId.

clientSecret

string

Client Secret ID of the Scope.
You can also authenticate with an Authorization Token (in your API tool). Note that the X-Client-Id is still required, whether in the header or the body. Refer to Setting up an Authentication Method for more information.

objects

Array of object Required

object

type

string Required

Valid values[ "Identity", "Asset" ]

data

object Required

All Access Token and UserList request parameters

asset

object

resourceType

string

Asset Template ID (required)

path

string

Unique Identifier of the Asset (required)

actions

Array

Name of the Action (optional)

assetAttributes

object

(optional)

attribute_1

Array of string

string

attribute_2

Array of string

string

entityId

string

Unique identifier of the Identity

Min length1

entityTypeId

string

Identity Template ID

Min length1

entityAttributes

object

List of Identity Attributes and their values.

If not defined, Dynamic groups based on virtual attributes will not be considered in the Access Decision.

string

Array

contextData

object

Identity Context data for this request.

When specifying this parameter, you are requesting information based on a specific parameter and its value.

For example, Location where the contextData equals a specific branch.

If not defined, Dynamic groups based on context data will not be considered in the Access Decision.

string

Array

environment

object

Environmental parameters need to be defined in policies as request. (in Asset rules or Conditions) and also sent in the authorization request. Only the Assets that match what will be sent in the request will come back.

If not defined, parametes based on emviromental data will not be considered in the Access Decision.

string

Array

remoteIp

string (ipv4)

IP address to be used when validating a Policy. Ensure that your IP Ranges are correct based on an IP calculator. If not defined, the IP considered in the calculation is taken from the X-Forwarded-For (Request header). If not defined, the IP considered in the calculation is taken from the X-Forwarded-For (Request header).

Min length1

timeZoneOffset

number

To define the offset from UTC time zone. Used in Time Condition.

Default0

Example-12

assetList

Array of object

Contains a list of the Asset's unique identifier and attributes

object

template

string

Asset Template ID

path

string

Asset Unique Identifier

assetAttributes

object

attribute_1

Array of string

string

attribute_2

Array of string

string

useCache

boolean

The Attribute will determines if the response will consider the cache settings or override the cache and preforming full calculation.

Defaulttrue

key

string

An auto-generated key to set the correlation between the requested object and the response object (optional).

failOnCalculatedAttributesErrors

boolean

Fail request when Attribute calculation fails.

Defaulttrue

Responses

200

Each object input gets a list of Policies

Expand All

object

data

Array of object

object

type

string

Valid values[ "Identity", "Asset" ]

data

object

All Access Token and UserList request parameters

AnyOf

object

key

string

An auto-generated key to set the correlation between the requested object and the response object (optional).

object

asset

object

resourceType

string

Asset Template ID (required)

path

string

Unique Identifier of the Asset (required)

actions

Array

Name of the Action (optional)

assetAttributes

object

(optional)

attribute_1

string

attribute_2

string

entityId

string

Unique identifier of the Identity

Min length1

clientId

string

Client ID of the Scope

Min length1

clientSecret

string

Client Secret ID of the Scope.
You can also authenticate with an Authorization Token (in your API tool).

Min length1

entityTypeId

string

Identity Template ID

Min length1

entityAttributes

object

List of Identity Attributes and their values.

If not defined, Dynamic groups based on virtual attributes will not be considered in the Access Decision.

string

Array

contextData

object

Identity Context data for this request.

When specifying this parameter, you are requesting information based on a specific parameter and its value.

For example, Location where the contextData equals a specific branch.

If not defined, Dynamic groups based on context data will not be considered in the Access Decision.

string

Array

environment

object

Environmental parameters need to be defined in policies as request. (in Asset rules or Conditions) and also sent in the authorization request. Only the assets that match what will be sent in the request will come back.

If not defined, parametes based on emviromental data will not be considered in the Access Decision.

string

Array

remoteIp

string (ipv4)

Min length1

timeZoneOffset

number

To define the offset from UTC time zone. Used in Time Condition.

Default0

Example-12

assetList

Array of object

Contains a list of the Asset's unique identifier and attributes

object

template

string

Asset Template ID

path

string

Asset Unique Identifier

assetAttributes

object

attribute_1

Array of string

string

attribute_2

Array of string

string

useCache

boolean

The Attribute will determines if the response will consider the cache settings or override the cache and preforming full calculation.

Defaulttrue

response

object

permissions

Array of object

object

permissionId

string

permission

string

accessType

string

Valid values[ "allow", "restrict" ]

permissionMetadata

object (permissionMetadata)

Additional response metadata. This response is only returned when the includeAccessPolicy is set to true, and when the permissionMetadata object contains one or more properties

error

string

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

500

Internal Server Error

501

Not Implemented

Was this article helpful?