Skip to main content
POST
/
resource-policies
curl -X POST 'https://api.example.com/resource-policies' \
  -H 'Authorization: Bearer YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "scopeId": "scope_org",
    "name": "Finance Team Access",
    "description": "Allow finance team to read finance documents",
    "target": {
      "kind": "collection",
      "collectionId": "collection_finance_docs"
    },
    "actions": ["read", "update"],
    "effect": "allow",
    "priority": 50,
    "subjectCondition": {
      "==": [{"var": "subject.meta.department"}, "finance"]
    }
  }'

{
  "id": "policy_0190a1b2-c3d4-7e5f-8a9b-0c1d2e3f4a5b",
  "scopeId": "scope_org",
  "name": "Finance Team Access",
  "description": "Allow finance team to read finance documents",
  "target": {
    "kind": "collection",
    "collectionId": "collection_finance_docs"
  },
  "actions": ["read", "update"],
  "effect": "allow",
  "priority": 50,
  "subjectCondition": {
    "==": [{"var": "subject.meta.department"}, "finance"]
  },
  "createdAt": "2024-01-15T10:30:00Z"
}

Request Body

id
string
Optional client-provided ID. Format: policy_{uuidv7}
scopeId
string
required
ID of the scope where policy is defined
name
string
required
Display name for the policy
description
string
Description of what this policy does
target
object
required
Resource or collection to target
target.kind
string
required
Target type: resource or collection
target.resourceId
string
Resource ID (when kind is resource)
target.collectionId
string
Collection ID (when kind is collection)
actions
array
required
Actions this policy applies to. Use ["*"] for all actions.
effect
string
required
Policy effect: allow or deny
priority
number
default:"0"
Higher priority policies are evaluated first
subjectCondition
object
JSON Logic condition to match the actor
contextCondition
object
JSON Logic condition to match request context

Response

Returns the created resource policy object. 
curl -X POST 'https://api.example.com/resource-policies' \
  -H 'Authorization: Bearer YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "scopeId": "scope_org",
    "name": "Finance Team Access",
    "description": "Allow finance team to read finance documents",
    "target": {
      "kind": "collection",
      "collectionId": "collection_finance_docs"
    },
    "actions": ["read", "update"],
    "effect": "allow",
    "priority": 50,
    "subjectCondition": {
      "==": [{"var": "subject.meta.department"}, "finance"]
    }
  }'

{
  "id": "policy_0190a1b2-c3d4-7e5f-8a9b-0c1d2e3f4a5b",
  "scopeId": "scope_org",
  "name": "Finance Team Access",
  "description": "Allow finance team to read finance documents",
  "target": {
    "kind": "collection",
    "collectionId": "collection_finance_docs"
  },
  "actions": ["read", "update"],
  "effect": "allow",
  "priority": 50,
  "subjectCondition": {
    "==": [{"var": "subject.meta.department"}, "finance"]
  },
  "createdAt": "2024-01-15T10:30:00Z"
}