Skip to content
API Reference

Policy Schemas

API Reference
Zones

Policy Schemas

List policy schemas
client.zones.policySchemas.list(stringzoneID, PolicySchemaListParams { after, before, expand, 8 more } params?, RequestOptionsoptions?): PolicySchemaListResponse { items, pagination }
GET/zones/{zone_id}/policy-schemas
Get a policy schema by version
client.zones.policySchemas.retrieve(stringversion, PolicySchemaRetrieveParams { zone_id, format, xAPIVersion, xClientRequestID } params, RequestOptionsoptions?): SchemaVersionWithZoneInfo { is_default }
GET/zones/{zone_id}/policy-schemas/{version}
Set the default policy schema for a zone
client.zones.policySchemas.setDefault(stringversion, PolicySchemaSetDefaultParams { zone_id, body, xAPIVersion, xClientRequestID } params, RequestOptionsoptions?): SchemaVersionWithZoneInfo { is_default }
PATCH/zones/{zone_id}/policy-schemas/{version}
ModelsExpand Collapse
SchemaVersion { created_at, status, updated_at, 5 more }

A versioned Cedar schema that defines the entity model, actions, and context shape used for policy evaluation. The schema contains the valid entity types (User, Application, Resource), their attributes, and the allowed attribute values. See the Credentials API spec for a full reference of entity attributes and valid values.

created_at: string
formatdate-time
status: "active" | "deprecated" | "archived"

Controls what can be done with this schema version:

  • "active" - new policy versions can be created and validated against it.
  • "deprecated" - superseded by a newer version but still accepts new policy versions.
  • "archived" - closed to new policy versions. Existing policy set versions pinned to this schema still evaluate normally.
Accepts one of the following:
"active"
"deprecated"
"archived"
updated_at: string
formatdate-time
version: string
archived_at?: string | null
formatdate-time
cedar_schema?: string | null

Cedar schema in human-readable syntax. Populated when format=cedar.

cedar_schema_json?: unknown

Cedar schema as JSON object. Populated when format=json (default).

deprecated_at?: string | null
formatdate-time
SchemaVersionWithZoneInfo extends SchemaVersion { created_at, status, updated_at, 5 more } { is_default }

A versioned Cedar schema that defines the entity model, actions, and context shape used for policy evaluation. The schema contains the valid entity types (User, Application, Resource), their attributes, and the allowed attribute values. See the Credentials API spec for a full reference of entity attributes and valid values.

is_default: boolean

Whether this is the zone's default schema. Clients use this to pre-select which schema to write policies against. Has no effect on evaluation.