Create Policy

POST {{apiPath}}/v2/policy-manager/policies?branch={{branchId}}

The POST /v2/policy-manager/policies operation creates a new policy. The request must provide either a branch ID or a snapshot ID in the request URL to specify where the policy should be added.

Prerequisites

Create a branch to get a branch ID.
Create a snapshot to get a snapshot ID.

Query parameters

Query parameter Description

Query parameter	Description
`branch`	Branch ID or name
`snapshot`	Snapshot ID

branch

Branch ID or name

snapshot

Snapshot ID

Request Model

For property descriptions, refer to Authorization policy data model.

Property Type Required?

Property	Type	Required?
`version`	String	Optional
`name`	String	Required
`description`	String	Required
`shared`	Boolean	Optional
`disabled`	Boolean	Optional
`combiningAlgorithm`	CombiningAlgorithm	Required
`children`	Collection of RuleNodeRepresentation	Optional
`repetitionSettings`	RepetitionSettings	Required
`condition`	Condition object	Required
`statements`	Collection of StatementNodeRepresentation	Optional
`targets`	Collection of TargetNodeRepresentation	Optional

version

String

Optional

name

String

Required

description

String

Required

shared

Boolean

Optional

disabled

Boolean

Optional

combiningAlgorithm

CombiningAlgorithm

Required

children

Collection of RuleNodeRepresentation

Optional

repetitionSettings

RepetitionSettings

Required

condition

Condition object

Required

statements

Collection of StatementNodeRepresentation

Optional

targets

Collection of TargetNodeRepresentation

Optional

Headers

Content-Type application/json

x-user-id {{userId}}

Body

raw ( application/json )

{
  "type": "Policy",
  "name": "Test Token Authorization",
  "description": "Token authorization policy.",
  "shared": false,
  "disabled": false,
  "combiningAlgorithm": {
    "algorithm": "DenyOverrides"
  }
}

Example Request

curl --location --globoff '{{apiPath}}/v2/policy-manager/policies?branch={{branchId}}' \
--header 'x-user-id: {{userId}}' \
--header 'Content-Type: application/json' \
--data '{
  "type": "Policy",
  "name": "Test Token Authorization",
  "description": "Token authorization policy.",
  "shared": false,
  "disabled": false,
  "combiningAlgorithm": {
    "algorithm": "DenyOverrides"
  }
}'

var options = new RestClientOptions("{{apiPath}}/v2/policy-manager/policies?branch={{branchId}}")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("x-user-id", "{{userId}}");
request.AddHeader("Content-Type", "application/json");
var body = @"{" + "\n" +
@"  ""type"": ""Policy""," + "\n" +
@"  ""name"": ""Test Token Authorization""," + "\n" +
@"  ""description"": ""Token authorization policy.""," + "\n" +
@"  ""shared"": false," + "\n" +
@"  ""disabled"": false," + "\n" +
@"  ""combiningAlgorithm"": {" + "\n" +
@"    ""algorithm"": ""DenyOverrides""" + "\n" +
@"  }" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);

package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/v2/policy-manager/policies?branch={{branchId}}"
  method := "POST"

  payload := strings.NewReader(`{
  "type": "Policy",
  "name": "Test Token Authorization",
  "description": "Token authorization policy.",
  "shared": false,
  "disabled": false,
  "combiningAlgorithm": {
    "algorithm": "DenyOverrides"
  }
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("x-user-id", "{{userId}}")
  req.Header.Add("Content-Type", "application/json")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

POST /v2/policy-manager/policies?branch={{branchId}} HTTP/1.1
Host: {{apiPath}}
x-user-id: {{userId}}
Content-Type: application/json

{
  "type": "Policy",
  "name": "Test Token Authorization",
  "description": "Token authorization policy.",
  "shared": false,
  "disabled": false,
  "combiningAlgorithm": {
    "algorithm": "DenyOverrides"
  }
}

OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n  \"type\": \"Policy\",\n  \"name\": \"Test Token Authorization\",\n  \"description\": \"Token authorization policy.\",\n  \"shared\": false,\n  \"disabled\": false,\n  \"combiningAlgorithm\": {\n    \"algorithm\": \"DenyOverrides\"\n  }\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/v2/policy-manager/policies?branch={{branchId}}")
  .method("POST", body)
  .addHeader("x-user-id", "{{userId}}")
  .addHeader("Content-Type", "application/json")
  .build();
Response response = client.newCall(request).execute();

var settings = {
  "url": "{{apiPath}}/v2/policy-manager/policies?branch={{branchId}}",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "x-user-id": "{{userId}}",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify({
    "type": "Policy",
    "name": "Test Token Authorization",
    "description": "Token authorization policy.",
    "shared": false,
    "disabled": false,
    "combiningAlgorithm": {
      "algorithm": "DenyOverrides"
    }
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});

var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/v2/policy-manager/policies?branch={{branchId}}',
  'headers': {
    'x-user-id': '{{userId}}',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    "type": "Policy",
    "name": "Test Token Authorization",
    "description": "Token authorization policy.",
    "shared": false,
    "disabled": false,
    "combiningAlgorithm": {
      "algorithm": "DenyOverrides"
    }
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});

import requests
import json

url = "{{apiPath}}/v2/policy-manager/policies?branch={{branchId}}"

payload = json.dumps({
  "type": "Policy",
  "name": "Test Token Authorization",
  "description": "Token authorization policy.",
  "shared": False,
  "disabled": False,
  "combiningAlgorithm": {
    "algorithm": "DenyOverrides"
  }
})
headers = {
  'x-user-id': '{{userId}}',
  'Content-Type': 'application/json'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/v2/policy-manager/policies?branch={{branchId}}');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'x-user-id' => '{{userId}}',
  'Content-Type' => 'application/json'
));
$request->setBody('{\n  "type": "Policy",\n  "name": "Test Token Authorization",\n  "description": "Token authorization policy.",\n  "shared": false,\n  "disabled": false,\n  "combiningAlgorithm": {\n    "algorithm": "DenyOverrides"\n  }\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}

require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/v2/policy-manager/policies?branch={{branchId}}")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["x-user-id"] = "{{userId}}"
request["Content-Type"] = "application/json"
request.body = JSON.dump({
  "type": "Policy",
  "name": "Test Token Authorization",
  "description": "Token authorization policy.",
  "shared": false,
  "disabled": false,
  "combiningAlgorithm": {
    "algorithm": "DenyOverrides"
  }
})

response = http.request(request)
puts response.read_body

let parameters = "{\n  \"type\": \"Policy\",\n  \"name\": \"Test Token Authorization\",\n  \"description\": \"Token authorization policy.\",\n  \"shared\": false,\n  \"disabled\": false,\n  \"combiningAlgorithm\": {\n    \"algorithm\": \"DenyOverrides\"\n  }\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/v2/policy-manager/policies?branch={{branchId}}")!,timeoutInterval: Double.infinity)
request.addValue("{{userId}}", forHTTPHeaderField: "x-user-id")
request.addValue("application/json", forHTTPHeaderField: "Content-Type")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "id": "ddd13d3f-7a52-4c6c-8d36-d4dad6c8616f",
    "version": "a704ed93-f121-4fc1-adec-149cf9ee1b53",
    "type": "Policy",
    "name": "Test Token Authorization",
    "description": "Token authorization policy.",
    "shared": false,
    "disabled": false,
    "combiningAlgorithm": {
        "algorithm": "DenyOverrides",
        "evaluateAll": false
    },
    "children": [],
    "repetitionSettings": null,
    "permissions": {
        "inherit": true,
        "rolePermissions": []
    },
    "targets": [],
    "statements": [],
    "properties": [],
    "condition": null
}

PingAuthorize API Reference

Create Policy

Prerequisites

Headers

Body

Example Request

Example Response