# post\_\_policy
{% hint style="info" %}
This API endpoint is currently available only in the TEST environment. It is not yet available in production.
{% endhint %}
`POST /policy`
*Create AI Policy*
Create a new AI governance policy to control and monitor AI usage within your organization. Policies can be applied at the organization, workspace, or repository level to enforce compliance and security standards.
**Policy Scope Levels:**
* **Organization-Level**: Applies to all workspaces and repositories in the organization
* **Workspace-Level**: Applies to all repositories within a specific workspace
* **Repository-Level**: Applies only to a specific repository
**Key Features:**
* Flexible policy content definition using natural language
* Risk-based classification (LOW, MEDIUM, HIGH)
* Configurable action types for violation responses
* Hierarchical policy inheritance
* Audit trail with creator and updater tracking
**Important Notes:**
* Users must belong to the organization to create policies
* Appropriate permissions are required based on policy scope level
* If creating a repository-level policy, the repository must belong to the specified workspace
* Policies are evaluated in real-time during AI operations
* Policy content should clearly define what is allowed or prohibited
**Security:**
* Policies respect organizational and workspace boundaries
* Permission checks ensure users can only create policies at appropriate levels
* All policy creation operations are logged for audit purposes
#### TypeScript Client Library
```typescript
public createPolicy = async (data: CreatePolicyRequest): Promise<{ success: boolean; policy: PolicyDTO }> => {
return this.makeRequest<{ success: boolean; policy: PolicyDTO }>('policy', 'POST', data);
};
```
#### Code Samples
{% tabs %}
{% tab title="Shell" %}
```shell
# You can also use wget
curl -X POST https://backend.flashback.tech/policy \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
```
{% endtab %}
{% tab title="HTTP" %}
```http
POST https://backend.flashback.tech/policy HTTP/1.1
Host: backend.flashback.tech
Content-Type: application/json
Accept: application/json
```
{% endtab %}
{% tab title="JavaScript" %}
```javascript
const inputBody = '{
"name": "PII Protection Policy",
"content": "Do not allow sharing of personally identifiable information (PII) such as social security numbers, credit card numbers, or personal addresses in AI interactions.",
"riskType": "HIGH",
"actionType": 2,
"orgId": "org-123",
"workspaceId": "workspace-456",
"repoId": null
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Authorization':'Bearer {access-token}'
};
fetch('https://backend.flashback.tech/policy',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
```
{% endtab %}
{% tab title="Ruby" %}
```ruby
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.post 'https://backend.flashback.tech/policy',
params: {
}, headers: headers
p JSON.parse(result)
```
{% endtab %}
{% tab title="Python" %}
```python
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
r = requests.post('https://backend.flashback.tech/policy', headers = headers)
print(r.json())
```
{% endtab %}
{% tab title="PHP" %}
```php
'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('POST','https://backend.flashback.tech/policy', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
```
{% endtab %}
{% tab title="Java" %}
```java
URL obj = new URL("https://backend.flashback.tech/policy");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
```
{% endtab %}
{% tab title="Go" %}
```go
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://backend.flashback.tech/policy", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
```
{% endtab %}
{% endtabs %}
> Body parameter
```json
{
"name": "PII Protection Policy",
"content": "Do not allow sharing of personally identifiable information (PII) such as social security numbers, credit card numbers, or personal addresses in AI interactions.",
"riskType": "HIGH",
"actionType": 2,
"orgId": "org-123",
"workspaceId": "workspace-456",
"repoId": null
}
```
#### Parameters
| Name | In | Type | Required | Description |
| ------------- | ---- | ------- | -------- | ---------------------------------------------------------------- |
| body | body | object | true | none |
| » name | body | string | true | Human-readable name for the policy |
| » content | body | string | true | Policy rules and description (natural language) |
| » riskType | body | string | true | Risk classification level |
| » actionType | body | integer | true | Action to take when policy is violated (0=log, 1=alert, 2=block) |
| » orgId | body | string | true | Organization ID |
| » workspaceId | body | string | false | Workspace ID (null for org-level policy) |
| » repoId | body | string | false | Repository ID (null for workspace or org-level policy) |
**Enumerated Values**
| Parameter | Value |
| ---------- | ------ |
| » riskType | LOW |
| » riskType | MEDIUM |
| » riskType | HIGH |
| Parameter | Value | Description |
| ------------ | ----- | -------------------------------- |
| » actionType | 0 | Log only (record violation) |
| » actionType | 1 | Alert (log and notify) |
| » actionType | 2 | Block (prevent action and alert) |
> Example responses
> 201 Response
```json
{
"success": true,
"policy": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"orgId": "org-123",
"name": "PII Protection Policy",
"content": "Do not allow sharing of personally identifiable information...",
"riskType": "HIGH",
"actionType": 2,
"createdBy": {
"id": "user-789",
"name": "John",
"lastName": "Doe",
"email": "john.doe@example.com"
},
"createdAt": "2024-01-15T10:30:00.000Z",
"lastUpdatedBy": {
"id": "user-789",
"name": "John",
"lastName": "Doe",
"email": "john.doe@example.com"
},
"lastUpdatedAt": "2024-01-15T10:30:00.000Z",
"workspaceId": "workspace-456",
"repoId": null,
"workspace": {
"id": "workspace-456",
"name": "Production Workspace"
},
"repo": null
}
}
```
#### Responses
| Status | Meaning | Description | Schema |
| ------ | -------------------------------------------------------------------------- | --------------------------------- | ------ |
| 201 | [Created](https://tools.ietf.org/html/rfc7231#section-6.3.2) | Policy created successfully | Inline |
| 400 | [Bad Request](https://tools.ietf.org/html/rfc7231#section-6.5.1) | Validation error or invalid input | Inline |
| 403 | [Forbidden](https://tools.ietf.org/html/rfc7231#section-6.5.3) | Insufficient permissions | Inline |
| 500 | [Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1) | Failed to create policy | Inline |
#### Response Schema
Status Code **201**
| Name | Type | Required | Restrictions | Description |
| ---------------- | ------- | -------- | ------------ | -------------------------------------------- |
| » success | boolean | false | none | Operation success status |
| » policy | object | false | none | Created policy object |
| »» id | string | false | none | Unique identifier for the policy |
| »» orgId | string | false | none | Organization ID |
| »» name | string | false | none | Policy name |
| »» content | string | false | none | Policy content/rules |
| »» riskType | string | false | none | Risk classification (LOW, MEDIUM, HIGH) |
| »» actionType | integer | false | none | Action type (0=log, 1=alert, 2=block) |
| »» createdBy | object | false | none | User who created the policy |
| »»» id | string | false | none | User ID |
| »»» name | string | false | none | User first name |
| »»» lastName | string | false | none | User last name |
| »»» email | string | false | none | User email |
| »» createdAt | string | false | none | ISO 8601 timestamp |
| »» lastUpdatedBy | object | false | none | User who last updated the policy |
| »»» id | string | false | none | User ID |
| »»» name | string | false | none | User first name |
| »»» lastName | string | false | none | User last name |
| »»» email | string | false | none | User email |
| »» lastUpdatedAt | string | false | none | ISO 8601 timestamp |
| »» workspaceId | string | false | none | Workspace ID (null for org-level) |
| »» repoId | string | false | none | Repository ID (null for workspace/org-level) |
| »» workspace | object | false | none | Workspace details (if applicable) |
| »»» id | string | false | none | Workspace ID |
| »»» name | string | false | none | Workspace name |
| »» repo | object | false | none | Repository details (if applicable) |
| »»» id | string | false | none | Repository ID |
| »»» name | string | false | none | Repository name |
Status Code **400**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
Status Code **403**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
Status Code **500**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
To perform this operation, you must be authenticated by means of one of the following methods: BearerAuth
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.flashback.tech/support-reference/platform-api-reference/ai-apis/ai-policy/post__policy.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.