# put\_\_policy\_{policyId}
{% hint style="info" %}
This API endpoint is currently available only in the TEST environment. It is not yet available in production.
{% endhint %}
`PUT /policy/{policyId}`
*Update AI Policy*
Update an existing AI governance policy. This endpoint allows modification of policy properties while maintaining audit trail information about who made the changes.
**Updatable Fields:**
* `name` - Policy name
* `content` - Policy rules and description
* `riskType` - Risk classification (LOW, MEDIUM, HIGH)
* `actionType` - Action to take on violation (0=log, 1=alert, 2=block)
**Important Notes:**
* All fields in the request body are optional - only provide fields you want to update
* At least one field must be provided for the update to proceed
* Users must have write permissions for the policy based on its scope level
* The policy's scope (org/workspace/repo) cannot be changed after creation
* Updates automatically track the user who made the change and the timestamp
**Security:**
* Organization boundaries are enforced
* Permission checks ensure users can only update policies they have access to
* Workspace-level and repository-level policies require appropriate write access
* Audit trail is automatically updated
**Use Cases:**
* Refine policy content based on feedback
* Adjust risk levels or action types
* Update policy names for better organization
* Modify policies as requirements change
#### TypeScript Client Library
```typescript
public updatePolicy = async (
policyId: string,
data: UpdatePolicyRequest
): Promise<{ success: boolean; policy: PolicyDTO }> => {
return this.makeRequest<{ success: boolean; policy: PolicyDTO }>(`policy/${policyId}`, 'PUT', data);
};
```
#### Code Samples
{% tabs %}
{% tab title="Shell" %}
```shell
# You can also use wget
curl -X PUT https://backend.flashback.tech/policy/{policyId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
```
{% endtab %}
{% tab title="HTTP" %}
```http
PUT https://backend.flashback.tech/policy/{policyId} HTTP/1.1
Host: backend.flashback.tech
Content-Type: application/json
Accept: application/json
```
{% endtab %}
{% tab title="JavaScript" %}
```javascript
const inputBody = '{
"name": "Updated PII Protection Policy",
"riskType": "HIGH",
"actionType": 2
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Authorization':'Bearer {access-token}'
};
fetch('https://backend.flashback.tech/policy/{policyId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
```
{% endtab %}
{% tab title="Ruby" %}
```ruby
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.put 'https://backend.flashback.tech/policy/{policyId}',
params: {
}, headers: headers
p JSON.parse(result)
```
{% endtab %}
{% tab title="Python" %}
```python
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
r = requests.put('https://backend.flashback.tech/policy/{policyId}', headers = headers)
print(r.json())
```
{% endtab %}
{% tab title="PHP" %}
```php
'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}',
);
```
{% endtab %}
{% tab title="Java" %}
```java
URL obj = new URL("https://backend.flashback.tech/policy/{policyId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
```
{% endtab %}
{% tab title="Go" %}
```go
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("PUT", "https://backend.flashback.tech/policy/{policyId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
```
{% endtab %}
{% endtabs %}
> Body parameter
```json
{
"name": "Updated PII Protection Policy",
"content": "Enhanced policy: Do not allow sharing of personally identifiable information including SSN, credit cards, addresses, phone numbers, or email addresses.",
"riskType": "HIGH",
"actionType": 2
}
```
#### Parameters
| Name | In | Type | Required | Description |
| ------------ | ---- | ------- | -------- | ----------------------------------------------- |
| policyId | path | string | true | Unique identifier of the policy |
| body | body | object | true | Updated policy properties |
| » name | body | string | false | Human-readable name for the policy |
| » content | body | string | false | Policy rules and description (natural language) |
| » riskType | body | string | false | Risk classification level |
| » actionType | body | integer | false | Action to take when policy is violated |
**Enumerated Values**
| Parameter | Value |
| ---------- | ------ |
| » riskType | LOW |
| » riskType | MEDIUM |
| » riskType | HIGH |
| Parameter | Value | Description |
| ------------ | ----- | -------------------------------- |
| » actionType | 0 | Log only (record violation) |
| » actionType | 1 | Alert (log and notify) |
| » actionType | 2 | Block (prevent action and alert) |
> Example responses
> 200 Response
```json
{
"success": true,
"policy": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"orgId": "org-123",
"name": "Updated PII Protection Policy",
"content": "Enhanced policy: Do not allow sharing of personally identifiable information...",
"riskType": "HIGH",
"actionType": 2,
"createdBy": {
"id": "user-789",
"name": "John",
"lastName": "Doe",
"email": "john.doe@example.com"
},
"createdAt": "2024-01-15T10:30:00.000Z",
"lastUpdatedBy": {
"id": "user-890",
"name": "Jane",
"lastName": "Smith",
"email": "jane.smith@example.com"
},
"lastUpdatedAt": "2024-01-20T14:15:00.000Z",
"workspaceId": "workspace-456",
"repoId": null,
"workspace": {
"id": "workspace-456",
"name": "Production Workspace"
},
"repo": null
}
}
```
#### Responses
| Status | Meaning | Description | Schema |
| ------ | -------------------------------------------------------------------------- | --------------------------- | ------ |
| 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | Policy updated successfully | Inline |
| 400 | [Bad Request](https://tools.ietf.org/html/rfc7231#section-6.5.1) | Validation error | Inline |
| 403 | [Forbidden](https://tools.ietf.org/html/rfc7231#section-6.5.3) | Insufficient permissions | Inline |
| 404 | [Not Found](https://tools.ietf.org/html/rfc7231#section-6.5.4) | Policy not found | Inline |
| 500 | [Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1) | Failed to update policy | Inline |
#### Response Schema
Status Code **200**
| Name | Type | Required | Restrictions | Description |
| ---------------- | ------- | -------- | ------------ | -------------------------------------------- |
| » success | boolean | false | none | Operation success status |
| » policy | object | false | none | Updated policy object |
| »» id | string | false | none | Unique identifier for the policy |
| »» orgId | string | false | none | Organization ID |
| »» name | string | false | none | Policy name |
| »» content | string | false | none | Policy content/rules |
| »» riskType | string | false | none | Risk classification (LOW, MEDIUM, HIGH) |
| »» actionType | integer | false | none | Action type (0=log, 1=alert, 2=block) |
| »» createdBy | object | false | none | User who created the policy |
| »»» id | string | false | none | User ID |
| »»» name | string | false | none | User first name |
| »»» lastName | string | false | none | User last name |
| »»» email | string | false | none | User email |
| »» createdAt | string | false | none | ISO 8601 timestamp |
| »» lastUpdatedBy | object | false | none | User who last updated the policy |
| »»» id | string | false | none | User ID |
| »»» name | string | false | none | User first name |
| »»» lastName | string | false | none | User last name |
| »»» email | string | false | none | User email |
| »» lastUpdatedAt | string | false | none | ISO 8601 timestamp |
| »» workspaceId | string | false | none | Workspace ID (null for org-level) |
| »» repoId | string | false | none | Repository ID (null for workspace/org-level) |
| »» workspace | object | false | none | Workspace details (if applicable) |
| »»» id | string | false | none | Workspace ID |
| »»» name | string | false | none | Workspace name |
| »» repo | object | false | none | Repository details (if applicable) |
| »»» id | string | false | none | Repository ID |
| »»» name | string | false | none | Repository name |
Status Code **400**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
Status Code **403**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
Status Code **404**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
Status Code **500**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
To perform this operation, you must be authenticated by means of one of the following methods: BearerAuth
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.flashback.tech/support-reference/platform-api-reference/ai-apis/ai-policy/put__policy_-policyid.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.