GET /api/policies

Returns a list of supported policies, such as Service Level, Management, or Compliance policies.

The list includes policies that are available to all APIs, such as the AtmosphereApplicationSecurityPolicy and the CORSAllowAll policy, and also includes policies that were specifically defined. Unless the optional parameter is included, only policies that have been activated are included in the results.

Authorization Roles/Permissions: Must be logged in.

This topic includes the following sections:

HTTP Method

GET

Back to top

URL

https://{hostname}/api/policies[?]Type={Type}[&][BusinessID={BusinessID}][&][IncludeInactivePolicies={boolean}]

Back to top

Sample Request

Sample request URL #1

Returns all policies.

https://{hostname}/api/policies

Sample request URL #2

Returns compliance policies.

https://{hostname}/api/policies?Type=Compliance%20Policy

Sample request URL #3

Returns operational policies for the specified business organization, including policies that have not yet been activated.

https://{hostname}/api/policies?Type=Operational%20Policy&BusinessID=tenantbusiness.acmepaymentscorp&IncludeInactivePolicies=true

Sample request headers

Accept: application/json

Sample request body

Not applicable.

Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept

application/json, text/xml

application/vnd.soa.v71+json, application/vnd.soa.v71+xml

application/vnd.soa.v72+json, application/vnd.soa.v72+xml

application/vnd.soa.v80+json, application/vnd.soa.v80+xml

application/vnd.soa.v81+json, application/vnd.soa.v81+xml

X-Csrf-Token_{fedmemberID} The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Back to top

Request Parameters

Parameter Parm Type Data Type Required Description
Type[ ] Query string Optional

Indicates that only policies of the specified type should be returned. For values, see Policy Types.

If this parameter is not specified, all types are returned. To request multiple types, include this parameter multiple times.

BusinessID Path string Optional

The unique ID for a specific business organization on the platform.

If this parameter is not specified, policies for all business organizations are returned.

IncludeInactivePolicies Boolean Boolean Optional If included and set to true, inactive policies are included in the results. Default: false.

Back to top

Response

If successful, this operation returns HTTP status code 200, with a list of supported policies in the form of an RSS feed (JSON or XML).

Back to top

Sample Response

The sample response below shows five policies returned.

Sample response headers: application/json

HTTP/1.1 200 OK
Content-Type: application/json
Date: Fri, 01 Jun 2018 00:18:49 GMT

Sample response body: application/json

{
    "channel": {
        "title": "Policies",
        "item": [
            {
                "title": "AtmosphereApplicationSecurityPolicy",
                "description": "",
                "category": [
                    {
                        "value": "policy.apisec",
                        "domain": "soa.com:policy:subtype"
                    },
                    {
                        "value": "Operational Policy",
                        "domain": "soa.com:policy:type"
                    }
                ],
                "guid": {
                    "value": "automation-AtmosphereApplicationSecurityPolicy"
                }
            },
            {
                "title": "BasicAuditing",
                "description": "",
                "category": [
                    {
                        "value": "policy.auditservice",
                        "domain": "soa.com:policy:subtype"
                    },
                    {
                        "value": "Operational Policy",
                        "domain": "soa.com:policy:type"
                    }
                ],
                "guid": {
                    "value": "automation-BasicAuditing"
                }
            },
            {
                "title": "CORSAllowAll",
                "description": "",
                "category": [
                    {
                        "value": "policy.cors",
                        "domain": "soa.com:policy:subtype"
                    },
                    {
                        "value": "Operational Policy",
                        "domain": "soa.com:policy:type"
                    }
                ],
                "guid": {
                    "value": "automation-CORSAllowAll"
                }
            },
            {
                "title": "DetailedAuditing",
                "description": "",
                "category": [
                    {
                        "value": "policy.auditservice",
                        "domain": "soa.com:policy:subtype"
                    },
                    {
                        "value": "Operational Policy",
                        "domain": "soa.com:policy:type"
                    }
                ],
                "guid": {
                    "value": "automation-DetailedAuditing"
                }
            },
            {
                "title": "OAuthSecurity",
                "description": "",
                "category": [
                    {
                        "value": "policy.oauth",
                        "domain": "soa.com:policy:subtype"
                    },
                    {
                        "value": "Operational Policy",
                        "domain": "soa.com:policy:type"
                    }
                ],
                "guid": {
                    "value": "automation-OAuthSecurity"
                }
            },
            {
                "title": "API Consumer Application Security Policy for ACME Payments Corp Billing Dept",
                "description": "API Consumer Application Security Policy for ACME Payments Corp Billing Dept",
                "category": [
                    {
                        "value": "policy.apisec",
                        "domain": "soa.com:policy:subtype"
                    },
                    {
                        "value": "Operational Policy",
                        "domain": "soa.com:policy:type"
                    }
                ],
                "guid": {
                    "value": "uddi:0d60c514-1343-4ac5-bd4f-59b93864bb17"
                }
            },
            {
                "title": "JOSE Policy v2",
                "description": "JOSE Policy v2",
                "category": [
                    {
                        "value": "policy.jose.v2",
                        "domain": "soa.com:policy:subtype"
                    },
                    {
                        "value": "Operational Policy",
                        "domain": "soa.com:policy:type"
                    }
                ],
                "guid": {
                    "value": "uddi:3e8b8f14-e8ba-4818-a89b-7a90d2704fae"
                }
            }
        ]
    },
    "version": "1.0"
}

Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type

application/json, text/xml

application/vnd.soa.v71+json, application/vnd.soa.v71+xml

application/vnd.soa.v72+json, application/vnd.soa.v72+xml

application/vnd.soa.v80+json, application/vnd.soa.v80+xml

application/vnd.soa.v81+json, application/vnd.soa.v81+xml

Back to top

Response Body

The response body is in the form of an RSS channel, and includes the items listed below. The RSS version is 1.0. The title of the RSS channel is Policies. Each item in the channel represents a governance policy, and includes the information listed below.

Name Description
Title Title of the policy.
Description Description of the policy
Category Information about one or more categories for the policy. Each category is a name/value pair, value and domain. Domain is soa.com.policy.subtype, and the value is the policy subType value, indicating the type of policy.
GUID GUID for the policy

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
401 Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.
500 An error occurred processing the call.

More information about Akana API Platform API error messages.

Back to top

Related Topics