get__policy

⚠️ TEST ENVIRONMENT ONLY

This API endpoint is currently available only in the TEST environment. It is not yet available in production.

GET /policy

List AI Policies

Retrieve a list of AI governance policies based on filtering criteria. This endpoint returns policies at various scope levels (organization, workspace, or repository) that the user has permission to view.

Query Filtering:

Required: orgId - Organization identifier
Optional: workspaceId - Filter by workspace
Optional: repoId - Filter by repository

Policy Hierarchy:

The endpoint returns policies based on the specified scope:

Organization-level policies (when only orgId is provided)
Workspace-level policies (when orgId and workspaceId are provided)
Repository-level policies (when orgId, workspaceId, and repoId are provided)

Important Notes:

Only returns policies the user has permission to view
Results are automatically filtered based on user's workspace access
Organization admin users see all organization policies
Non-admin users only see policies for workspaces they can access
Deleted policies are excluded from results

Use Cases:

Display policies in admin dashboards
Audit and compliance reporting
Policy management interfaces
Understanding which policies apply to specific resources

TypeScript Client Library

public getPolicies = async (query: GetPoliciesQuery): Promise<{ success: boolean; policies: PolicyDTO[] }> => {
  const queryParams = new URLSearchParams();
  queryParams.append('orgId', query.orgId);
  if (query.workspaceId) {
    queryParams.append('workspaceId', query.workspaceId);
  }
  if (query.repoId) {
    queryParams.append('repoId', query.repoId);
  }
  return this.makeRequest<{ success: boolean; policies: PolicyDTO[] }>(
    `policy?${queryParams.toString()}`,
    'GET',
    null
  );
};

Code Samples

# You can also use wget
curl -X GET https://backend.flashback.tech/policy?orgId=org-123&workspaceId=workspace-456 \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'
};

fetch('https://backend.flashback.tech/policy?orgId=org-123&workspaceId=workspace-456',
{
  method: 'GET',
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://backend.flashback.tech/policy',
  params: {
  'orgId' => 'string',
  'workspaceId' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://backend.flashback.tech/policy', params={
  'orgId': 'org-123',
  'workspaceId': 'workspace-456'
}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {access-token}',
);

$client = new \GuzzleHttp\Client();

try {
    $response = $client->request('GET','https://backend.flashback.tech/policy', array(
        'headers' => $headers,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://backend.flashback.tech/policy?orgId=org-123&workspaceId=workspace-456");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://backend.flashback.tech/policy", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Parameters

Name

Type

Required

Description

orgId

query

string

true

Organization ID to filter policies

workspaceId

query

string

false

Workspace ID to filter policies (optional)

repoId

query

string

false

Repository ID to filter policies (optional)

Example responses

200 Response

{
  "success": true,
  "policies": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "orgId": "org-123",
      "name": "PII Protection Policy",
      "content": "Do not allow sharing of personally identifiable information...",
      "riskType": "HIGH",
      "actionType": 2,
      "createdBy": {
        "id": "user-789",
        "name": "John",
        "lastName": "Doe",
        "email": "[email protected]"
      },
      "createdAt": "2024-01-15T10:30:00.000Z",
      "lastUpdatedBy": {
        "id": "user-789",
        "name": "John",
        "lastName": "Doe",
        "email": "[email protected]"
      },
      "lastUpdatedAt": "2024-01-15T10:30:00.000Z",
      "workspaceId": "workspace-456",
      "repoId": null,
      "workspace": {
        "id": "workspace-456",
        "name": "Production Workspace"
      },
      "repo": null
    },
    {
      "id": "660f9511-f3ac-52e5-b827-557766551111",
      "orgId": "org-123",
      "name": "Code Security Policy",
      "content": "Do not allow sharing of API keys, passwords, or secrets...",
      "riskType": "HIGH",
      "actionType": 2,
      "createdBy": {
        "id": "user-456",
        "name": "Jane",
        "lastName": "Smith",
        "email": "[email protected]"
      },
      "createdAt": "2024-01-10T08:00:00.000Z",
      "lastUpdatedBy": {
        "id": "user-456",
        "name": "Jane",
        "lastName": "Smith",
        "email": "[email protected]"
      },
      "lastUpdatedAt": "2024-01-12T14:20:00.000Z",
      "workspaceId": null,
      "repoId": null,
      "workspace": null,
      "repo": null
    }
  ]
}

Responses

Status

Meaning

Description

Schema

200

Successfully retrieved policies

Inline

400

Bad Request

Missing required parameters

Inline

403

Forbidden

Insufficient permissions

Inline

500

Internal Server Error

Failed to retrieve policies

Inline

Response Schema

Status Code 200

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

Operation success status

» policies

[object]

false

none

Array of policy objects

»» id

string

false

none

Unique identifier for the policy

»» orgId

string

false

none

Organization ID

»» name

string

false

none

Policy name

»» content

string

false

none

Policy content/rules

»» riskType

string

false

none

Risk classification (LOW, MEDIUM, HIGH)

»» actionType

integer

false

none

Action type (0=log, 1=alert, 2=block)

»» createdBy

object

false

none

User who created the policy

»»» id

string

false

none

User ID

»»» name

string

false

none

User first name

»»» lastName

string

false

none

User last name

»»» email

string

false

none

User email

»» createdAt

string

false

none

ISO 8601 timestamp

»» lastUpdatedBy

object

false

none

User who last updated the policy

»»» id

string

false

none

User ID

»»» name

string

false

none

User first name

»»» lastName

string

false

none

User last name

»»» email

string

false

none

User email

»» lastUpdatedAt

string

false

none

ISO 8601 timestamp

»» workspaceId

string

false

none

Workspace ID (null for org-level)

»» repoId

string

false

none

Repository ID (null for workspace/org-level)

»» workspace

object

false

none

Workspace details (if applicable)

»»» id

string

false

none

Workspace ID

»»» name

string

false

none

Workspace name

»» repo

object

false

none

Repository details (if applicable)

»»» id

string

false

none

Repository ID

»»» name

string

false

none

Repository name

Status Code 400

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

» message

string

false

none

Error message

Status Code 403

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

» message

string

false

none

Error message

Status Code 500

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

» message

string

false

none

Error message

To perform this operation, you must be authenticated by means of one of the following methods: BearerAuth

Previousput__policy_{policyId}Nextget__policy_{policyId}

Last updated 2 months ago

Was this helpful?

hashtagTypeScript Client Library

hashtagCode Samples

hashtagParameters

hashtagResponses

hashtagResponse Schema

TypeScript Client Library

Code Samples

Parameters

Responses

Response Schema