Policies

List policies in a zone

client.zones.policies.list(, ?, ?): PolicyListResponse { items, pagination }

GET/zones/{zone_id}/policies

Returns a paginated list of policies in the zone. Supports cursor-based pagination, sorting, full-text search, and composable filters.

The filter[id] parameter restricts results to a known set of policy IDs (up to 100). It composes with other filters (filter[owner_type], query[], etc.) but cannot be combined with cursor pagination (after / before) — the server returns 400 if both are present. When filter[id] is used without an explicit limit, the limit defaults to the number of requested IDs so all results fit in a single page. IDs that don't exist or fall outside the zone are silently omitted.

ParametersExpand Collapse

zoneID: string

params: PolicyListParams { after, before, expand, 10 more }

after?: string

Query param: Cursor for forward pagination. Returned in Pagination.after_cursor. Mutually exclusive with before.

minLength1

maxLength255

before?: string

Query param: Cursor for backward pagination. Returned in Pagination.before_cursor. Mutually exclusive with after.

minLength1

maxLength255

expand?: Array<"total_count">

Query param: Opt-in to additional response fields. Repeatable; matches the expand[] convention used across the Keycard API.

filterID?: Array<string>

Query param: Filter by policy ID. Repeatable; multiple values are OR-ed (e.g. ?filter[id]=p1&filter[id]=p2). Capped at 100 IDs per request — over-cap returns 400.

Cannot be combined with cursor pagination (after or before). The server returns 400 if both are present.

Composes with other filters (filter[owner_type], query[], etc.). When no explicit limit is provided, it defaults to the number of requested IDs so all results fit in a single page.

IDs that don't exist or fall outside the zone scope are silently omitted; callers diff against the request set if they care about missing IDs.

filterOwnerType?: Array<string>

Query param: Filter on owner_type. Repeatable; repeated instances OR across values (e.g. ?filter[owner_type]=platform&filter[owner_type]=customer matches either). See FilterValues in the shared spec for the full wire convention.

Allowed values: platform, customer. Unknown values return 400 with the list of allowed values. Comma-separated single values (e.g. ?filter[owner_type]=platform,customer) are rejected with a 400 pointing at the repeated-parameter OR form.

Note: the allowed-value enum is enforced in the handler (not as an OpenAPI items.enum) so the server can return a targeted error for the comma-AND form instead of a generic "not in allowed values" response.

limit?: number

Query param: Maximum number of items to return per page.

minimum1

maximum100

order?: "asc" | "desc"

Query param: Sort direction. Default is desc (newest first).

Accepts one of the following:

"asc"

"desc"

query?: Array<string>

Query param: Case-insensitive substring search across all searchable fields of the resource. For policies that is name and description; for policy sets that is name. Repeatable; if multiple terms are supplied they are OR-ed.

queryDescription?: Array<string>

Query param: Case-insensitive substring search on description (policies only). Repeatable; if multiple terms are supplied they are OR-ed.

queryName?: Array<string>

Query param: Case-insensitive substring search on name. Repeatable; if multiple terms are supplied they are OR-ed (any matching term returns the row).

sort?: "created_at"

Query param: Field to sort by.

xAPIVersion?: string

Header param: API version header (date-based, e.g. 2026-02-01)

xClientRequestID?: string

Header param: Unique request identifier specified by the originating caller and passed along by proxies.

formatuuid

ReturnsExpand Collapse

PolicyListResponse { items, pagination }

items: Array<Policy { id, created_at, created_by, 10 more } >

id: string

created_at: string

formatdate-time

created_by: string

name: string

owner_type: "platform" | "customer"

Who manages this policy:

"platform" — managed by the Keycard platform (system policies).
"customer" — managed by the tenant (custom policies).

Accepts one of the following:

"platform"

"customer"

updated_at: string

formatdate-time

zone_id: string

archived_at?: string | null

formatdate-time

description?: string | null

latest_schema_version?: string | null

Schema version the latest version was validated against (e.g., "2026-02-24"). Null when the policy has no published versions. Denormalized from PolicyVersion.schema_version for the policy referenced by latest_version_id.

latest_version?: number | null

Human-readable version number of the latest version (e.g., 1, 2, 3)

latest_version_id?: string | null

updated_by?: string | null

pagination: Pagination { after_cursor, before_cursor, total_count }

Cursor-based pagination metadata returned alongside a list of results

after_cursor: string | null

An opaque cursor used for paginating through a list of results

minLength1

maxLength255

before_cursor: string | null

An opaque cursor used for paginating through a list of results

minLength1

maxLength255

total_count?: number

Total number of items across all pages. Only present when the request includes ?expand[]=total_count.

List policies in a zone

import KeycardAPI from '@keycardai/api';

const client = new KeycardAPI();

const policies = await client.zones.policies.list('zone_id');

console.log(policies.items);

{
  "items": [
    {
      "id": "id",
      "created_at": "2019-12-27T18:11:19.117Z",
      "created_by": "created_by",
      "name": "name",
      "owner_type": "platform",
      "updated_at": "2019-12-27T18:11:19.117Z",
      "zone_id": "zone_id",
      "archived_at": "2019-12-27T18:11:19.117Z",
      "description": "description",
      "latest_schema_version": "latest_schema_version",
      "latest_version": 0,
      "latest_version_id": "latest_version_id",
      "updated_by": "updated_by"
    }
  ],
  "pagination": {
    "after_cursor": "x",
    "before_cursor": "x",
    "total_count": 0
  }
}

Returns Examples

{
  "items": [
    {
      "id": "id",
      "created_at": "2019-12-27T18:11:19.117Z",
      "created_by": "created_by",
      "name": "name",
      "owner_type": "platform",
      "updated_at": "2019-12-27T18:11:19.117Z",
      "zone_id": "zone_id",
      "archived_at": "2019-12-27T18:11:19.117Z",
      "description": "description",
      "latest_schema_version": "latest_schema_version",
      "latest_version": 0,
      "latest_version_id": "latest_version_id",
      "updated_by": "updated_by"
    }
  ],
  "pagination": {
    "after_cursor": "x",
    "before_cursor": "x",
    "total_count": 0
  }
}