# get\_\_policy
{% hint style="info" %}
This API endpoint is currently available only in the TEST environment. It is not yet available in production.
{% endhint %}
`GET /policy`
*List AI Policies*
Retrieve a list of AI governance policies based on filtering criteria. This endpoint returns policies at various scope levels (organization, workspace, or repository) that the user has permission to view.
**Query Filtering:**
* Required: `orgId` - Organization identifier
* Optional: `workspaceId` - Filter by workspace
* Optional: `repoId` - Filter by repository
**Policy Hierarchy:**
The endpoint returns policies based on the specified scope:
* Organization-level policies (when only `orgId` is provided)
* Workspace-level policies (when `orgId` and `workspaceId` are provided)
* Repository-level policies (when `orgId`, `workspaceId`, and `repoId` are provided)
**Important Notes:**
* Only returns policies the user has permission to view
* Results are automatically filtered based on user's workspace access
* Organization admin users see all organization policies
* Non-admin users only see policies for workspaces they can access
* Deleted policies are excluded from results
**Use Cases:**
* Display policies in admin dashboards
* Audit and compliance reporting
* Policy management interfaces
* Understanding which policies apply to specific resources
#### TypeScript Client Library
```typescript
public getPolicies = async (query: GetPoliciesQuery): Promise<{ success: boolean; policies: PolicyDTO[] }> => {
const queryParams = new URLSearchParams();
queryParams.append('orgId', query.orgId);
if (query.workspaceId) {
queryParams.append('workspaceId', query.workspaceId);
}
if (query.repoId) {
queryParams.append('repoId', query.repoId);
}
return this.makeRequest<{ success: boolean; policies: PolicyDTO[] }>(
`policy?${queryParams.toString()}`,
'GET',
null
);
};
```
#### Code Samples
{% tabs %}
{% tab title="Shell" %}
```shell
# You can also use wget
curl -X GET https://backend.flashback.tech/policy?orgId=org-123&workspaceId=workspace-456 \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
```
{% endtab %}
{% tab title="HTTP" %}
```http
GET https://backend.flashback.tech/policy?orgId=org-123&workspaceId=workspace-456 HTTP/1.1
Host: backend.flashback.tech
Accept: application/json
```
{% endtab %}
{% tab title="JavaScript" %}
```javascript
const headers = {
'Accept':'application/json',
'Authorization':'Bearer {access-token}'
};
fetch('https://backend.flashback.tech/policy?orgId=org-123&workspaceId=workspace-456',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
```
{% endtab %}
{% tab title="Ruby" %}
```ruby
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.get 'https://backend.flashback.tech/policy',
params: {
'orgId' => 'string',
'workspaceId' => 'string'
}, headers: headers
p JSON.parse(result)
```
{% endtab %}
{% tab title="Python" %}
```python
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
r = requests.get('https://backend.flashback.tech/policy', params={
'orgId': 'org-123',
'workspaceId': 'workspace-456'
}, headers = headers)
print(r.json())
```
{% endtab %}
{% tab title="PHP" %}
```php
'application/json',
'Authorization' => 'Bearer {access-token}',
);
$client = new \GuzzleHttp\Client();
try {
$response = $client->request('GET','https://backend.flashback.tech/policy', array(
'headers' => $headers,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
```
{% endtab %}
{% tab title="Java" %}
```java
URL obj = new URL("https://backend.flashback.tech/policy?orgId=org-123&workspaceId=workspace-456");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
```
{% endtab %}
{% tab title="Go" %}
```go
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://backend.flashback.tech/policy", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
```
{% endtab %}
{% endtabs %}
#### Parameters
| Name | In | Type | Required | Description |
| ----------- | ----- | ------ | -------- | ------------------------------------------- |
| orgId | query | string | true | Organization ID to filter policies |
| workspaceId | query | string | false | Workspace ID to filter policies (optional) |
| repoId | query | string | false | Repository ID to filter policies (optional) |
> Example responses
> 200 Response
```json
{
"success": true,
"policies": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"orgId": "org-123",
"name": "PII Protection Policy",
"content": "Do not allow sharing of personally identifiable information...",
"riskType": "HIGH",
"actionType": 2,
"createdBy": {
"id": "user-789",
"name": "John",
"lastName": "Doe",
"email": "john.doe@example.com"
},
"createdAt": "2024-01-15T10:30:00.000Z",
"lastUpdatedBy": {
"id": "user-789",
"name": "John",
"lastName": "Doe",
"email": "john.doe@example.com"
},
"lastUpdatedAt": "2024-01-15T10:30:00.000Z",
"workspaceId": "workspace-456",
"repoId": null,
"workspace": {
"id": "workspace-456",
"name": "Production Workspace"
},
"repo": null
},
{
"id": "660f9511-f3ac-52e5-b827-557766551111",
"orgId": "org-123",
"name": "Code Security Policy",
"content": "Do not allow sharing of API keys, passwords, or secrets...",
"riskType": "HIGH",
"actionType": 2,
"createdBy": {
"id": "user-456",
"name": "Jane",
"lastName": "Smith",
"email": "jane.smith@example.com"
},
"createdAt": "2024-01-10T08:00:00.000Z",
"lastUpdatedBy": {
"id": "user-456",
"name": "Jane",
"lastName": "Smith",
"email": "jane.smith@example.com"
},
"lastUpdatedAt": "2024-01-12T14:20:00.000Z",
"workspaceId": null,
"repoId": null,
"workspace": null,
"repo": null
}
]
}
```
#### Responses
| Status | Meaning | Description | Schema |
| ------ | -------------------------------------------------------------------------- | ------------------------------- | ------ |
| 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | Successfully retrieved policies | Inline |
| 400 | [Bad Request](https://tools.ietf.org/html/rfc7231#section-6.5.1) | Missing required parameters | Inline |
| 403 | [Forbidden](https://tools.ietf.org/html/rfc7231#section-6.5.3) | Insufficient permissions | Inline |
| 500 | [Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1) | Failed to retrieve policies | Inline |
#### Response Schema
Status Code **200**
| Name | Type | Required | Restrictions | Description |
| ---------------- | --------- | -------- | ------------ | -------------------------------------------- |
| » success | boolean | false | none | Operation success status |
| » policies | \[object] | false | none | Array of policy objects |
| »» id | string | false | none | Unique identifier for the policy |
| »» orgId | string | false | none | Organization ID |
| »» name | string | false | none | Policy name |
| »» content | string | false | none | Policy content/rules |
| »» riskType | string | false | none | Risk classification (LOW, MEDIUM, HIGH) |
| »» actionType | integer | false | none | Action type (0=log, 1=alert, 2=block) |
| »» createdBy | object | false | none | User who created the policy |
| »»» id | string | false | none | User ID |
| »»» name | string | false | none | User first name |
| »»» lastName | string | false | none | User last name |
| »»» email | string | false | none | User email |
| »» createdAt | string | false | none | ISO 8601 timestamp |
| »» lastUpdatedBy | object | false | none | User who last updated the policy |
| »»» id | string | false | none | User ID |
| »»» name | string | false | none | User first name |
| »»» lastName | string | false | none | User last name |
| »»» email | string | false | none | User email |
| »» lastUpdatedAt | string | false | none | ISO 8601 timestamp |
| »» workspaceId | string | false | none | Workspace ID (null for org-level) |
| »» repoId | string | false | none | Repository ID (null for workspace/org-level) |
| »» workspace | object | false | none | Workspace details (if applicable) |
| »»» id | string | false | none | Workspace ID |
| »»» name | string | false | none | Workspace name |
| »» repo | object | false | none | Repository details (if applicable) |
| »»» id | string | false | none | Repository ID |
| »»» name | string | false | none | Repository name |
Status Code **400**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
Status Code **403**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
Status Code **500**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
To perform this operation, you must be authenticated by means of one of the following methods: BearerAuth