Skip to main content


You can use the Policy API to create, update, delete, and read policies. You can also use this API to evaluate an application or a development sandbox against any policy.

This API allows you to assess an application or sandbox against any policy, even one not currently assigned to the application. The response from the policy evaluation shows you why the application is passing or failing policy, including scan frequency requirements and findings that are past their grace period due date.

Permissions and authentication

Before you can use this API to create or update a policy, you must have one of these accounts with the required roles:

  • An API service account with the Policy Administrator role.
  • A user account with the Policy Administrator role.

This API uses API ID/key credentials and HMAC authentication to provide improved security. Before you can send requests, you must complete these configurations:

Ensure you access the APIs with the domain for your region.

Policy API specification

The Policy API specification is available from SwaggerHub.