Policy Schemas

List policy schemas

GET/zones/{zone_id}/policy-schemas

Get a policy schema by version

GET/zones/{zone_id}/policy-schemas/{version}

Set the default policy schema for a zone

PATCH/zones/{zone_id}/policy-schemas/{version}

ModelsExpand Collapse

SchemaVersion = object { created_at, status, updated_at, 5 more }

A versioned Cedar schema that defines the entity model, actions, and context shape used for policy evaluation. The schema contains the valid entity types (User, Application, Resource), their attributes, and the allowed attribute values. See the Credentials API spec for a full reference of entity attributes and valid values.

created_at: string

formatdate-time

status: "active" or "deprecated" or "archived"

Controls what can be done with this schema version:

"active" - new policy versions can be created and validated against it.
"deprecated" - superseded by a newer version but still accepts new policy versions.
"archived" - closed to new policy versions. Existing policy set versions pinned to this schema still evaluate normally.

Accepts one of the following:

"active"

"deprecated"

"archived"

updated_at: string

formatdate-time

version: string

archived_at: optional string

formatdate-time

cedar_schema: optional string

Cedar schema in human-readable syntax. Populated when format=cedar.

cedar_schema_json: optional unknown

Cedar schema as JSON object. Populated when format=json (default).

deprecated_at: optional string

formatdate-time

SchemaVersionWithZoneInfo = SchemaVersion { created_at, status, updated_at, 5 more }

is_default: boolean

Whether this is the zone's default schema. Clients use this to pre-select which schema to write policies against. Has no effect on evaluation.