--- title: Create Rule description: The POST /v2/policy-manager/rules operation creates a new rule. The request must provide either a branch ID or a snapshot ID in the request URL to specify where the rule should be added. component: pingauthorize page_id: pingauthorize:pingauthorize:policy-editor/policy-manager/rules/create-rule canonical_url: https://developer.pingidentity.com/pingauthorize/pingauthorize/policy-editor/policy-manager/rules/create-rule.html section_ids: prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Create Rule ## ```none POST {{apiPath}}/v2/policy-manager/rules?branch={{branchId}} ``` The `POST /v2/policy-manager/rules` operation creates a new rule. The request must provide either a branch ID or a snapshot ID in the request URL to specify where the rule should be added. ### Prerequisites * [Create a branch](../../version-control/snapshot-management/create-child-branch-from-snapshot.html) to get a branch ID. * [Create a snapshot](../../version-control/branch-manager/create-snapshot.html) to get a snapshot ID. > **Collapse: Query parameters** > > | Query parameter | Description | > | --------------- | -------------------------------- | > | `branch` | Branch ID or name | > | `snapshot` | Snapshot ID | > | `page` | Page number of returned policies | > | `page-size` | Number of policies per page | > **Collapse: Request Model** > > For property descriptions, refer to [Authorization rules data model](../rules.html#authorization-rules-data-model). > > | Property | Type | Required? | > | ---------------- | ----------------------------------------------- | --------- | > | `condition` | Condition object | Required | > | `description` | String | Required | > | `disabled` | Boolean | Required | > | `effectSettings` | [EffectSettings](../rules.html#effect-settings) | Required | > | `name` | String | Required | > | `shared` | Boolean | Required | > | `statements` | Collection of StatementNodeRepresentation | Required | > | `targets` | Collection of TargetNodeRepresentation | Required | ### Headers Content-Type      application/json x-user-id      {{userId}} ### Body raw ( application/json ) ```json { "type": "Rule", "name": "Permitted OAuth client 2", "description": "Rule for matching an access token's client_id value with a permitted OAuth client. Clone this rule to a policy and then replace CHANGEME with a permitted client ID.", "shared": true, "disabled": false, "effectSettings": { "type": "unconditionalPermit" } } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v2/policy-manager/rules?branch={{branchId}}' \ --header 'x-user-id: {{userId}}' \ --header 'Content-Type: application/json' \ --data '{ "type": "Rule", "name": "Permitted OAuth client 2", "description": "Rule for matching an access token'\''s client_id value with a permitted OAuth client. Clone this rule to a policy and then replace CHANGEME with a permitted client ID.", "shared": true, "disabled": false, "effectSettings": { "type": "unconditionalPermit" } }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v2/policy-manager/rules?branch={{branchId}}") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("x-user-id", "{{userId}}"); request.AddHeader("Content-Type", "application/json"); var body = @"{" + "\n" + @" ""type"": ""Rule""," + "\n" + @" ""name"": ""Permitted OAuth client 2""," + "\n" + @" ""description"": ""Rule for matching an access token's client_id value with a permitted OAuth client. Clone this rule to a policy and then replace CHANGEME with a permitted client ID.""," + "\n" + @" ""shared"": true," + "\n" + @" ""disabled"": false," + "\n" + @" ""effectSettings"": {" + "\n" + @" ""type"": ""unconditionalPermit""" + "\n" + @" }" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v2/policy-manager/rules?branch={{branchId}}" method := "POST" payload := strings.NewReader(`{ "type": "Rule", "name": "Permitted OAuth client 2", "description": "Rule for matching an access token's client_id value with a permitted OAuth client. Clone this rule to a policy and then replace CHANGEME with a permitted client ID.", "shared": true, "disabled": false, "effectSettings": { "type": "unconditionalPermit" } }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("x-user-id", "{{userId}}") req.Header.Add("Content-Type", "application/json") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v2/policy-manager/rules?branch={{branchId}} HTTP/1.1 Host: {{apiPath}} x-user-id: {{userId}} Content-Type: application/json { "type": "Rule", "name": "Permitted OAuth client 2", "description": "Rule for matching an access token's client_id value with a permitted OAuth client. Clone this rule to a policy and then replace CHANGEME with a permitted client ID.", "shared": true, "disabled": false, "effectSettings": { "type": "unconditionalPermit" } } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"type\": \"Rule\",\n \"name\": \"Permitted OAuth client 2\",\n \"description\": \"Rule for matching an access token's client_id value with a permitted OAuth client. Clone this rule to a policy and then replace CHANGEME with a permitted client ID.\",\n \"shared\": true,\n \"disabled\": false,\n \"effectSettings\": {\n \"type\": \"unconditionalPermit\"\n }\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v2/policy-manager/rules?branch={{branchId}}") .method("POST", body) .addHeader("x-user-id", "{{userId}}") .addHeader("Content-Type", "application/json") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v2/policy-manager/rules?branch={{branchId}}", "method": "POST", "timeout": 0, "headers": { "x-user-id": "{{userId}}", "Content-Type": "application/json" }, "data": JSON.stringify({ "type": "Rule", "name": "Permitted OAuth client 2", "description": "Rule for matching an access token's client_id value with a permitted OAuth client. Clone this rule to a policy and then replace CHANGEME with a permitted client ID.", "shared": true, "disabled": false, "effectSettings": { "type": "unconditionalPermit" } }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v2/policy-manager/rules?branch={{branchId}}', 'headers': { 'x-user-id': '{{userId}}', 'Content-Type': 'application/json' }, body: JSON.stringify({ "type": "Rule", "name": "Permitted OAuth client 2", "description": "Rule for matching an access token's client_id value with a permitted OAuth client. Clone this rule to a policy and then replace CHANGEME with a permitted client ID.", "shared": true, "disabled": false, "effectSettings": { "type": "unconditionalPermit" } }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v2/policy-manager/rules?branch={{branchId}}" payload = json.dumps({ "type": "Rule", "name": "Permitted OAuth client 2", "description": "Rule for matching an access token's client_id value with a permitted OAuth client. Clone this rule to a policy and then replace CHANGEME with a permitted client ID.", "shared": True, "disabled": False, "effectSettings": { "type": "unconditionalPermit" } }) headers = { 'x-user-id': '{{userId}}', 'Content-Type': 'application/json' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v2/policy-manager/rules?branch={{branchId}}'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'x-user-id' => '{{userId}}', 'Content-Type' => 'application/json' )); $request->setBody('{\n "type": "Rule",\n "name": "Permitted OAuth client 2",\n "description": "Rule for matching an access token\'s client_id value with a permitted OAuth client. Clone this rule to a policy and then replace CHANGEME with a permitted client ID.",\n "shared": true,\n "disabled": false,\n "effectSettings": {\n "type": "unconditionalPermit"\n }\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v2/policy-manager/rules?branch={{branchId}}") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["x-user-id"] = "{{userId}}" request["Content-Type"] = "application/json" request.body = JSON.dump({ "type": "Rule", "name": "Permitted OAuth client 2", "description": "Rule for matching an access token's client_id value with a permitted OAuth client. Clone this rule to a policy and then replace CHANGEME with a permitted client ID.", "shared": true, "disabled": false, "effectSettings": { "type": "unconditionalPermit" } }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"type\": \"Rule\",\n \"name\": \"Permitted OAuth client 2\",\n \"description\": \"Rule for matching an access token's client_id value with a permitted OAuth client. Clone this rule to a policy and then replace CHANGEME with a permitted client ID.\",\n \"shared\": true,\n \"disabled\": false,\n \"effectSettings\": {\n \"type\": \"unconditionalPermit\"\n }\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v2/policy-manager/rules?branch={{branchId}}")!,timeoutInterval: Double.infinity) request.addValue("{{userId}}", forHTTPHeaderField: "x-user-id") request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "id": "f39b0dab-9500-4f91-906c-7235066add55", "version": "fb07c95d-ace1-4b3b-9033-789fb4dea5b2", "type": "Rule", "name": "Permitted OAuth client 2", "description": "Rule for matching an access token's client_id value with a permitted OAuth client. Clone this rule to a policy and then replace CHANGEME with a permitted client ID.", "shared": true, "disabled": false, "permissions": { "inherit": true, "rolePermissions": [] }, "condition": { "empty": {} }, "properties": [], "targets": [], "effectSettings": { "type": "unconditionalPermit" }, "statements": [] } ```