# put\_\_policy\_{policyId}
{% hint style="info" %}
This API endpoint is currently available only in the TEST environment. It is not yet available in production.
{% endhint %}
`PUT /policy/{policyId}`
*Update AI Policy*
Update an existing AI governance policy. This endpoint allows modification of policy properties while maintaining audit trail information about who made the changes.
**Updatable Fields:**
* `name` - Policy name
* `content` - Policy rules and description
* `riskType` - Risk classification (LOW, MEDIUM, HIGH)
* `actionType` - Action to take on violation (0=log, 1=alert, 2=block)
**Important Notes:**
* All fields in the request body are optional - only provide fields you want to update
* At least one field must be provided for the update to proceed
* Users must have write permissions for the policy based on its scope level
* The policy's scope (org/workspace/repo) cannot be changed after creation
* Updates automatically track the user who made the change and the timestamp
**Security:**
* Organization boundaries are enforced
* Permission checks ensure users can only update policies they have access to
* Workspace-level and repository-level policies require appropriate write access
* Audit trail is automatically updated
**Use Cases:**
* Refine policy content based on feedback
* Adjust risk levels or action types
* Update policy names for better organization
* Modify policies as requirements change
#### TypeScript Client Library
```typescript
public updatePolicy = async (
policyId: string,
data: UpdatePolicyRequest
): Promise<{ success: boolean; policy: PolicyDTO }> => {
return this.makeRequest<{ success: boolean; policy: PolicyDTO }>(`policy/${policyId}`, 'PUT', data);
};
```
#### Code Samples
{% tabs %}
{% tab title="Shell" %}
```shell
# You can also use wget
curl -X PUT https://backend.flashback.tech/policy/{policyId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
```
{% endtab %}
{% tab title="HTTP" %}
```http
PUT https://backend.flashback.tech/policy/{policyId} HTTP/1.1
Host: backend.flashback.tech
Content-Type: application/json
Accept: application/json
```
{% endtab %}
{% tab title="JavaScript" %}
```javascript
const inputBody = '{
"name": "Updated PII Protection Policy",
"riskType": "HIGH",
"actionType": 2
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Authorization':'Bearer {access-token}'
};
fetch('https://backend.flashback.tech/policy/{policyId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
```
{% endtab %}
{% tab title="Ruby" %}
```ruby
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}'
}
result = RestClient.put 'https://backend.flashback.tech/policy/{policyId}',
params: {
}, headers: headers
p JSON.parse(result)
```
{% endtab %}
{% tab title="Python" %}
```python
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
r = requests.put('https://backend.flashback.tech/policy/{policyId}', headers = headers)
print(r.json())
```
{% endtab %}
{% tab title="PHP" %}
```php
'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {access-token}',
);
```
{% endtab %}
{% tab title="Java" %}
```java
URL obj = new URL("https://backend.flashback.tech/policy/{policyId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
```
{% endtab %}
{% tab title="Go" %}
```go
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("PUT", "https://backend.flashback.tech/policy/{policyId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
```
{% endtab %}
{% endtabs %}
> Body parameter
```json
{
"name": "Updated PII Protection Policy",
"content": "Enhanced policy: Do not allow sharing of personally identifiable information including SSN, credit cards, addresses, phone numbers, or email addresses.",
"riskType": "HIGH",
"actionType": 2
}
```
#### Parameters
| Name | In | Type | Required | Description |
| ------------ | ---- | ------- | -------- | ----------------------------------------------- |
| policyId | path | string | true | Unique identifier of the policy |
| body | body | object | true | Updated policy properties |
| » name | body | string | false | Human-readable name for the policy |
| » content | body | string | false | Policy rules and description (natural language) |
| » riskType | body | string | false | Risk classification level |
| » actionType | body | integer | false | Action to take when policy is violated |
**Enumerated Values**
| Parameter | Value |
| ---------- | ------ |
| » riskType | LOW |
| » riskType | MEDIUM |
| » riskType | HIGH |
| Parameter | Value | Description |
| ------------ | ----- | -------------------------------- |
| » actionType | 0 | Log only (record violation) |
| » actionType | 1 | Alert (log and notify) |
| » actionType | 2 | Block (prevent action and alert) |
> Example responses
> 200 Response
```json
{
"success": true,
"policy": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"orgId": "org-123",
"name": "Updated PII Protection Policy",
"content": "Enhanced policy: Do not allow sharing of personally identifiable information...",
"riskType": "HIGH",
"actionType": 2,
"createdBy": {
"id": "user-789",
"name": "John",
"lastName": "Doe",
"email": "john.doe@example.com"
},
"createdAt": "2024-01-15T10:30:00.000Z",
"lastUpdatedBy": {
"id": "user-890",
"name": "Jane",
"lastName": "Smith",
"email": "jane.smith@example.com"
},
"lastUpdatedAt": "2024-01-20T14:15:00.000Z",
"workspaceId": "workspace-456",
"repoId": null,
"workspace": {
"id": "workspace-456",
"name": "Production Workspace"
},
"repo": null
}
}
```
#### Responses
| Status | Meaning | Description | Schema |
| ------ | -------------------------------------------------------------------------- | --------------------------- | ------ |
| 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | Policy updated successfully | Inline |
| 400 | [Bad Request](https://tools.ietf.org/html/rfc7231#section-6.5.1) | Validation error | Inline |
| 403 | [Forbidden](https://tools.ietf.org/html/rfc7231#section-6.5.3) | Insufficient permissions | Inline |
| 404 | [Not Found](https://tools.ietf.org/html/rfc7231#section-6.5.4) | Policy not found | Inline |
| 500 | [Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1) | Failed to update policy | Inline |
#### Response Schema
Status Code **200**
| Name | Type | Required | Restrictions | Description |
| ---------------- | ------- | -------- | ------------ | -------------------------------------------- |
| » success | boolean | false | none | Operation success status |
| » policy | object | false | none | Updated policy object |
| »» id | string | false | none | Unique identifier for the policy |
| »» orgId | string | false | none | Organization ID |
| »» name | string | false | none | Policy name |
| »» content | string | false | none | Policy content/rules |
| »» riskType | string | false | none | Risk classification (LOW, MEDIUM, HIGH) |
| »» actionType | integer | false | none | Action type (0=log, 1=alert, 2=block) |
| »» createdBy | object | false | none | User who created the policy |
| »»» id | string | false | none | User ID |
| »»» name | string | false | none | User first name |
| »»» lastName | string | false | none | User last name |
| »»» email | string | false | none | User email |
| »» createdAt | string | false | none | ISO 8601 timestamp |
| »» lastUpdatedBy | object | false | none | User who last updated the policy |
| »»» id | string | false | none | User ID |
| »»» name | string | false | none | User first name |
| »»» lastName | string | false | none | User last name |
| »»» email | string | false | none | User email |
| »» lastUpdatedAt | string | false | none | ISO 8601 timestamp |
| »» workspaceId | string | false | none | Workspace ID (null for org-level) |
| »» repoId | string | false | none | Repository ID (null for workspace/org-level) |
| »» workspace | object | false | none | Workspace details (if applicable) |
| »»» id | string | false | none | Workspace ID |
| »»» name | string | false | none | Workspace name |
| »» repo | object | false | none | Repository details (if applicable) |
| »»» id | string | false | none | Repository ID |
| »»» name | string | false | none | Repository name |
Status Code **400**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
Status Code **403**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
Status Code **404**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
Status Code **500**
| Name | Type | Required | Restrictions | Description |
| --------- | ------- | -------- | ------------ | ------------- |
| » success | boolean | false | none | none |
| » message | string | false | none | Error message |
To perform this operation, you must be authenticated by means of one of the following methods: BearerAuth