# get\_\_policy
{% hint style="info" %}
This API endpoint is currently available only in the TEST environment. It is not yet available in production.
{% endhint %}
`GET /policy`
*List AI Policies*
Retrieve a list of AI governance policies based on filtering criteria. This endpoint returns policies at various scope levels (organization, workspace, or repository) that the user has permission to view.
**Query Filtering:**
* Required: `orgId` - Organization identifier
* Optional: `workspaceId` - Filter by workspace
* Optional: `repoId` - Filter by repository
**Policy Hierarchy:**
The endpoint returns policies based on the specified scope:
* Organization-level policies (when only `orgId` is provided)
* Workspace-level policies (when `orgId` and `workspaceId` are provided)
* Repository-level policies (when `orgId`, `workspaceId`, and `repoId` are provided)
**Important Notes:**
* Only returns policies the user has permission to view
* Results are automatically filtered based on user's workspace access
* Organization admin users see all organization policies
* Non-admin users only see policies for workspaces they can access
* Deleted policies are excluded from results
**Use Cases:**
* Display policies in admin dashboards
* Audit and compliance reporting
* Policy management interfaces
* Understanding which policies apply to specific resources
#### TypeScript Client Library
```typescript
public getPolicies = async (query: GetPoliciesQuery): Promise<{ success: boolean; policies: PolicyDTO[] }> => {
const queryParams = new URLSearchParams();
queryParams.append('orgId', query.orgId);
if (query.workspaceId) {
queryParams.append('workspaceId', query.workspaceId);
}
if (query.repoId) {
queryParams.append('repoId', query.repoId);
}
return this.makeRequest<{ success: boolean; policies: PolicyDTO[] }>(
`policy?${queryParams.toString()}`,
'GET',
null
);
};
```
#### Code Samples
{% tabs %}
{% tab title="Shell" %}
```shell
# You can also use wget
curl -X GET https://backend.flashback.tech/policy?orgId=org-123&workspaceId=workspace-456 \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
```
{% endtab %}
{% tab title="HTTP" %}
```http
GET https://backend.flashback.tech/policy?orgId=org-123&workspaceId=workspace-456 HTTP/1.1
Host: backend.flashback.tech
Accept: application/json
```
{% endtab %}
{% tab title="JavaScript" %}
```javascript
const headers = {
'Accept':'application/json',
'Authorization':'Bearer {access-token}'
};
fetch('https://backend.flashback.tech/policy?orgId=org-123&workspaceId=workspace-456',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
```
{% endtab %}
{% tab title="Ruby" %}
```ruby
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.get 'https://backend.flashback.tech/policy',
params: {
'orgId' => 'string',
'workspaceId' => 'string'
}, headers: headers
p JSON.parse(result)
```
{% endtab %}
{% tab title="Python" %}
```python
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
r = requests.get('https://backend.flashback.tech/policy', params={
'orgId': 'org-123',
'workspaceId': 'workspace-456'
}, headers = headers)
print(r.json())
```
{% endtab %}
{% tab title="PHP" %}
```php
'application/json',
'Authorization' => 'Bearer {access-token}',
);
$client = new \GuzzleHttp\Client();
try {
$response = $client->request('GET','https://backend.flashback.tech/policy', array(
'headers' => $headers,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
```
{% endtab %}
{% tab title="Java" %}
```java
URL obj = new URL("https://backend.flashback.tech/policy?orgId=org-123&workspaceId=workspace-456");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
```
{% endtab %}
{% tab title="Go" %}
```go
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://backend.flashback.tech/policy", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
```
{% endtab %}
{% endtabs %}
#### Parameters
| Name | In | Type | Required | Description |
| ----------- | ----- | ------ | -------- | ------------------------------------------- |
| orgId | query | string | true | Organization ID to filter policies |
| workspaceId | query | string | false | Workspace ID to filter policies (optional) |
| repoId | query | string | false | Repository ID to filter policies (optional) |
> Example responses
> 200 Response
```json
{
"success": true,
"policies": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"orgId": "org-123",
"name": "PII Protection Policy",
"content": "Do not allow sharing of personally identifiable information...",
"riskType": "HIGH",
"actionType": 2,
"createdBy": {
"id": "user-789",
"name": "John",
"lastName": "Doe",
"email": "john.doe@example.com"
},
"createdAt": "2024-01-15T10:30:00.000Z",
"lastUpdatedBy": {
"id": "user-789",
"name": "John",
"lastName": "Doe",
"email": "john.doe@example.com"
},
"lastUpdatedAt": "2024-01-15T10:30:00.000Z",
"workspaceId": "workspace-456",
"repoId": null,
"workspace": {
"id": "workspace-456",
"name": "Production Workspace"
},
"repo": null
},
{
"id": "660f9511-f3ac-52e5-b827-557766551111",
"orgId": "org-123",
"name": "Code Security Policy",
"content": "Do not allow sharing of API keys, passwords, or secrets...",
"riskType": "HIGH",
"actionType": 2,
"createdBy": {
"id": "user-456",
"name": "Jane",
"lastName": "Smith",
"email": "jane.smith@example.com"
},
"createdAt": "2024-01-10T08:00:00.000Z",
"lastUpdatedBy": {
"id": "user-456",
"name": "Jane",
"lastName": "Smith",
"email": "jane.smith@example.com"
},
"lastUpdatedAt": "2024-01-12T14:20:00.000Z",
"workspaceId": null,
"repoId": null,
"workspace": null,
"repo": null
}
]
}
```
#### Responses
| Status | Meaning | Description | Schema |
| ------ | -------------------------------------------------------------------------- | ------------------------------- | ------ |
| 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | Successfully retrieved policies | Inline |
| 400 | [Bad Request](https://tools.ietf.org/html/rfc7231#section-6.5.1) | Missing required parameters | Inline |
| 403 | [Forbidden](https://tools.ietf.org/html/rfc7231#section-6.5.3) | Insufficient permissions | Inline |
| 500 | [Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1) | Failed to retrieve policies | Inline |
#### Response Schema
Status Code **200**
| Name | Type | Required | Restrictions | Description |
| ---------------- | --------- | -------- | ------------ | -------------------------------------------- |
| » success | boolean | false | none | Operation success status |
| » policies | \[object] | false | none | Array of policy objects |
| »» id | string | false | none | Unique identifier for the policy |
| »» orgId | string | false | none | Organization ID |
| »» name | string | false | none | Policy name |
| »» content | string | false | none | Policy content/rules |
| »» riskType | string | false | none | Risk classification (LOW, MEDIUM, HIGH) |
| »» actionType | integer | false | none | Action type (0=log, 1=alert, 2=block) |
| »» createdBy | object | false | none | User who created the policy |
| »»» id | string | false | none | User ID |
| »»» name | string | false | none | User first name |
| »»» lastName | string | false | none | User last name |
| »»» email | string | false | none | User email |
| »» createdAt | string | false | none | ISO 8601 timestamp |
| »» lastUpdatedBy | object | false | none | User who last updated the policy |
| »»» id | string | false | none | User ID |
| »»» name | string | false | none | User first name |
| »»» lastName | string | false | none | User last name |
| »»» email | string | false | none | User email |
| »» lastUpdatedAt | string | false | none | ISO 8601 timestamp |
| »» workspaceId | string | false | none | Workspace ID (null for org-level) |
| »» repoId | string | false | none | Repository ID (null for workspace/org-level) |
| »» workspace | object | false | none | Workspace details (if applicable) |
| »»» id | string | false | none | Workspace ID |
| »»» name | string | false | none | Workspace name |
| »» repo | object | false | none | Repository details (if applicable) |
| »»» id | string | false | none | Repository ID |
| »»» name | string | false | none | Repository name |
Status Code **400**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
Status Code **403**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
Status Code **500**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
To perform this operation, you must be authenticated by means of one of the following methods: BearerAuth
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.flashback.tech/support-reference/platform-api-reference/ai-apis/ai-policy/get__policy.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.