Skip to content
Docs

Policies

API Reference
Zones

Policies

List policies in a zone
GET/zones/{zone_id}/policies
Create a new policy
POST/zones/{zone_id}/policies
Get a policy by ID
GET/zones/{zone_id}/policies/{policy_id}
Update a policy
PATCH/zones/{zone_id}/policies/{policy_id}
Archive a policy
DELETE/zones/{zone_id}/policies/{policy_id}
ModelsExpand Collapse
Policy = object { id, created_at, created_by, 10 more }
id: string
created_at: string
formatdate-time
created_by: string
name: string
owner_type: "platform" or "customer"

Who manages this policy:

  • "platform" — managed by the Keycard platform (system policies).
  • "customer" — managed by the tenant (custom policies).
Accepts one of the following:
"platform"
"customer"
updated_at: string
formatdate-time
zone_id: string
archived_at: optional string
formatdate-time
description: optional string
latest_schema_version: optional string

Schema version the latest version was validated against (e.g., "2026-02-24"). Null when the policy has no published versions. Denormalized from PolicyVersion.schema_version for the policy referenced by latest_version_id.

latest_version: optional number

Human-readable version number of the latest version (e.g., 1, 2, 3)

latest_version_id: optional string
updated_by: optional string
PolicyDraft = object { created_at, policy_id, schema_version, 5 more }
created_at: string
formatdate-time
policy_id: string
schema_version: string
updated_at: string
formatdate-time
updated_by: string
base_version_id: optional string

ID of the policy version this draft was hydrated from. Null when the draft was created without an existing version.

cedar_json: optional unknown

Cedar policy in JSON representation. Populated by default and when format=json is passed; null when format=cedar narrows the response to the text representation only.

cedar_raw: optional string

Cedar policy in human-readable syntax. Populated by default and when format=cedar is passed; null when format=json narrows the response to the JSON representation only.

PoliciesVersions

List versions of a policy
GET/zones/{zone_id}/policies/{policy_id}/versions
Create a new immutable policy version
POST/zones/{zone_id}/policies/{policy_id}/versions
Get a specific policy version
GET/zones/{zone_id}/policies/{policy_id}/versions/{version_id}
Archive a policy version
DELETE/zones/{zone_id}/policies/{policy_id}/versions/{version_id}
ModelsExpand Collapse
PolicyVersion = object { id, created_at, created_by, 10 more }
id: string
created_at: string
formatdate-time
created_by: string
owner_type: "platform" or "customer"

Who manages this policy version:

  • "platform" — managed by the Keycard platform (system policy versions).
  • "customer" — managed by the tenant (custom policy versions).
Accepts one of the following:
"platform"
"customer"
policy_id: string
schema_version: string

Schema version this policy was validated against when created.

sha: string

Hex-encoded content hash

version: number
zone_id: string
archived_at: optional string
formatdate-time
archived_by: optional string
cedar_json: optional unknown

Cedar policy in JSON representation. Populated by default and when format=json is passed; null when format=cedar narrows the response to the text representation only.

cedar_raw: optional string

Cedar policy in human-readable syntax. Populated by default and when format=cedar is passed; null when format=json narrows the response to the JSON representation only.