post__policy
⚠️ TEST ENVIRONMENT ONLY
POST /policy
Create AI Policy
Create a new AI governance policy to control and monitor AI usage within your organization. Policies can be applied at the organization, workspace, or repository level to enforce compliance and security standards.
Policy Scope Levels:
Organization-Level: Applies to all workspaces and repositories in the organization
Workspace-Level: Applies to all repositories within a specific workspace
Repository-Level: Applies only to a specific repository
Key Features:
Flexible policy content definition using natural language
Risk-based classification (LOW, MEDIUM, HIGH)
Configurable action types for violation responses
Hierarchical policy inheritance
Audit trail with creator and updater tracking
Important Notes:
Users must belong to the organization to create policies
Appropriate permissions are required based on policy scope level
If creating a repository-level policy, the repository must belong to the specified workspace
Policies are evaluated in real-time during AI operations
Policy content should clearly define what is allowed or prohibited
Security:
Policies respect organizational and workspace boundaries
Permission checks ensure users can only create policies at appropriate levels
All policy creation operations are logged for audit purposes
TypeScript Client Library
public createPolicy = async (data: CreatePolicyRequest): Promise<{ success: boolean; policy: PolicyDTO }> => {
return this.makeRequest<{ success: boolean; policy: PolicyDTO }>('policy', 'POST', data);
};Code Samples
# You can also use wget
curl -X POST https://backend.flashback.tech/policy \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'POST https://backend.flashback.tech/policy HTTP/1.1
Host: backend.flashback.tech
Content-Type: application/json
Accept: application/jsonconst inputBody = '{
"name": "PII Protection Policy",
"content": "Do not allow sharing of personally identifiable information (PII) such as social security numbers, credit card numbers, or personal addresses in AI interactions.",
"riskType": "HIGH",
"actionType": 2,
"orgId": "org-123",
"workspaceId": "workspace-456",
"repoId": null
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Authorization':'Bearer {access-token}'
};
fetch('https://backend.flashback.tech/policy',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.post 'https://backend.flashback.tech/policy',
params: {
}, headers: headers
p JSON.parse(result)import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
r = requests.post('https://backend.flashback.tech/policy', headers = headers)
print(r.json())<?php
require 'vendor/autoload.php';
$headers = array(
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('POST','https://backend.flashback.tech/policy', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...URL obj = new URL("https://backend.flashback.tech/policy");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://backend.flashback.tech/policy", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}Body parameter
{
"name": "PII Protection Policy",
"content": "Do not allow sharing of personally identifiable information (PII) such as social security numbers, credit card numbers, or personal addresses in AI interactions.",
"riskType": "HIGH",
"actionType": 2,
"orgId": "org-123",
"workspaceId": "workspace-456",
"repoId": null
}Parameters
body
body
object
true
none
» name
body
string
true
Human-readable name for the policy
» content
body
string
true
Policy rules and description (natural language)
» riskType
body
string
true
Risk classification level
» actionType
body
integer
true
Action to take when policy is violated (0=log, 1=alert, 2=block)
» orgId
body
string
true
Organization ID
» workspaceId
body
string
false
Workspace ID (null for org-level policy)
» repoId
body
string
false
Repository ID (null for workspace or org-level policy)
Enumerated Values
» riskType
LOW
» riskType
MEDIUM
» riskType
HIGH
» actionType
0
Log only (record violation)
» actionType
1
Alert (log and notify)
» actionType
2
Block (prevent action and alert)
Example responses
201 Response
{
"success": true,
"policy": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"orgId": "org-123",
"name": "PII Protection Policy",
"content": "Do not allow sharing of personally identifiable information...",
"riskType": "HIGH",
"actionType": 2,
"createdBy": {
"id": "user-789",
"name": "John",
"lastName": "Doe",
"email": "[email protected]"
},
"createdAt": "2024-01-15T10:30:00.000Z",
"lastUpdatedBy": {
"id": "user-789",
"name": "John",
"lastName": "Doe",
"email": "[email protected]"
},
"lastUpdatedAt": "2024-01-15T10:30:00.000Z",
"workspaceId": "workspace-456",
"repoId": null,
"workspace": {
"id": "workspace-456",
"name": "Production Workspace"
},
"repo": null
}
}Responses
Response Schema
Status Code 201
» success
boolean
false
none
Operation success status
» policy
object
false
none
Created policy object
»» id
string
false
none
Unique identifier for the policy
»» orgId
string
false
none
Organization ID
»» name
string
false
none
Policy name
»» content
string
false
none
Policy content/rules
»» riskType
string
false
none
Risk classification (LOW, MEDIUM, HIGH)
»» actionType
integer
false
none
Action type (0=log, 1=alert, 2=block)
»» createdBy
object
false
none
User who created the policy
»»» id
string
false
none
User ID
»»» name
string
false
none
User first name
»»» lastName
string
false
none
User last name
string
false
none
User email
»» createdAt
string
false
none
ISO 8601 timestamp
»» lastUpdatedBy
object
false
none
User who last updated the policy
»»» id
string
false
none
User ID
»»» name
string
false
none
User first name
»»» lastName
string
false
none
User last name
string
false
none
User email
»» lastUpdatedAt
string
false
none
ISO 8601 timestamp
»» workspaceId
string
false
none
Workspace ID (null for org-level)
»» repoId
string
false
none
Repository ID (null for workspace/org-level)
»» workspace
object
false
none
Workspace details (if applicable)
»»» id
string
false
none
Workspace ID
»»» name
string
false
none
Workspace name
»» repo
object
false
none
Repository details (if applicable)
»»» id
string
false
none
Repository ID
»»» name
string
false
none
Repository name
Status Code 400
» success
boolean
false
none
none
» message
string
false
none
Error message
Status Code 403
» success
boolean
false
none
none
» message
string
false
none
Error message
Status Code 500
» success
boolean
false
none
none
» message
string
false
none
Error message
To perform this operation, you must be authenticated by means of one of the following methods: BearerAuth
Last updated
Was this helpful?