Skip to content
Docs

Policies

API Reference
Zones

Policies

List policies in a zone
client.Zones.Policies.List(ctx, zoneID, params) (*ZonePolicyListResponse, error)
GET/zones/{zone_id}/policies
Create a new policy
client.Zones.Policies.New(ctx, zoneID, params) (*Policy, error)
POST/zones/{zone_id}/policies
Get a policy by ID
client.Zones.Policies.Get(ctx, policyID, params) (*Policy, error)
GET/zones/{zone_id}/policies/{policy_id}
Update a policy
client.Zones.Policies.Update(ctx, policyID, params) (*Policy, error)
PATCH/zones/{zone_id}/policies/{policy_id}
Archive a policy
client.Zones.Policies.Archive(ctx, policyID, params) (*Policy, error)
DELETE/zones/{zone_id}/policies/{policy_id}
ModelsExpand Collapse
type Policy struct{…}
ID string
CreatedAt Time
formatdate-time
CreatedBy string
Name string
OwnerType PolicyOwnerType

Who manages this policy:

  • "platform" — managed by the Keycard platform (system policies).
  • "customer" — managed by the tenant (custom policies).
Accepts one of the following:
const PolicyOwnerTypePlatform PolicyOwnerType = "platform"
const PolicyOwnerTypeCustomer PolicyOwnerType = "customer"
UpdatedAt Time
formatdate-time
ZoneID string
ArchivedAt Timeoptional
formatdate-time
Description stringoptional
LatestSchemaVersion stringoptional

Schema version the latest version was validated against (e.g., "2026-02-24"). Null when the policy has no published versions. Denormalized from PolicyVersion.schema_version for the policy referenced by latest_version_id.

LatestVersion int64optional

Human-readable version number of the latest version (e.g., 1, 2, 3)

LatestVersionID stringoptional
UpdatedBy stringoptional
type PolicyDraft struct{…}
CreatedAt Time
formatdate-time
PolicyID string
SchemaVersion string
UpdatedAt Time
formatdate-time
UpdatedBy string
BaseVersionID stringoptional

ID of the policy version this draft was hydrated from. Null when the draft was created without an existing version.

CedarJson anyoptional

Cedar policy in JSON representation. Populated by default and when format=json is passed; null when format=cedar narrows the response to the text representation only.

CedarRaw stringoptional

Cedar policy in human-readable syntax. Populated by default and when format=cedar is passed; null when format=json narrows the response to the JSON representation only.

PoliciesVersions

List versions of a policy
client.Zones.Policies.Versions.List(ctx, policyID, params) (*ZonePolicyVersionListResponse, error)
GET/zones/{zone_id}/policies/{policy_id}/versions
Create a new immutable policy version
client.Zones.Policies.Versions.New(ctx, policyID, params) (*PolicyVersion, error)
POST/zones/{zone_id}/policies/{policy_id}/versions
Get a specific policy version
client.Zones.Policies.Versions.Get(ctx, versionID, params) (*PolicyVersion, error)
GET/zones/{zone_id}/policies/{policy_id}/versions/{version_id}
Archive a policy version
client.Zones.Policies.Versions.Archive(ctx, versionID, params) (*PolicyVersion, error)
DELETE/zones/{zone_id}/policies/{policy_id}/versions/{version_id}
ModelsExpand Collapse
type PolicyVersion struct{…}
ID string
CreatedAt Time
formatdate-time
CreatedBy string
OwnerType PolicyVersionOwnerType

Who manages this policy version:

  • "platform" — managed by the Keycard platform (system policy versions).
  • "customer" — managed by the tenant (custom policy versions).
Accepts one of the following:
const PolicyVersionOwnerTypePlatform PolicyVersionOwnerType = "platform"
const PolicyVersionOwnerTypeCustomer PolicyVersionOwnerType = "customer"
PolicyID string
SchemaVersion string

Schema version this policy was validated against when created.

Sha string

Hex-encoded content hash

Version int64
ZoneID string
ArchivedAt Timeoptional
formatdate-time
ArchivedBy stringoptional
CedarJson anyoptional

Cedar policy in JSON representation. Populated by default and when format=json is passed; null when format=cedar narrows the response to the text representation only.

CedarRaw stringoptional

Cedar policy in human-readable syntax. Populated by default and when format=cedar is passed; null when format=json narrows the response to the JSON representation only.