GET /api/policies
Returns a list of supported policies, such as Service Level, Management, or Compliance policies, in RSS format.
The list includes policies that are available to all APIs, such as the AtmosphereApplicationSecurityPolicy and the CORSAllowAll policy, and also includes policies that were specifically defined. Unless the optional parameter is included, only policies that have been activated are included in the results.
Authorization Roles/Permissions: Must be logged in.
This topic includes the following sections:
HTTP Method
GET
URL
https://{hostname}/api/policies[?]Type={Type}[&][BusinessID={BusinessID}][&][IncludeInactivePolicies={boolean}]
Sample Request
Sample request URL #1
Returns all policies.
https://{hostname}/api/policies
Sample request URL #2
Returns compliance policies.
https://{hostname}/api/policies?Type=Compliance%20Policy
Sample request URL #3
Returns operational policies for the specified business organization, including policies that have not yet been activated.
https://{hostname}/api/policies?Type=Operational%20Policy&BusinessID=tenantbusiness.acmepaymentscorp&IncludeInactivePolicies=true
Sample request headers
Accept: application/json
Sample request body
Not applicable.
Request Headers
For general information on request header values, refer to HTTP Request Headers.
| Header | Description |
|---|---|
| Accept | application/json, text/xml, application/vnd.soa.v71+json, application/vnd.soa.v71+xml, application/vnd.soa.v72+json, application/vnd.soa.v72+xml, application/vnd.soa.v80+json, application/vnd.soa.v80+xml, application/vnd.soa.v81+json, application/vnd.soa.v81+xml |
| Cookie | AtmoAuthToken_{fedmemberid}={cookie value, which usually starts with TokenID}—The platform cookie. This is the Akana API Platform authorization token, and must be sent with every API request that requires login. For more information and an example, see Session cookies. |
| X-Csrf-Token_{fedmemberID} | The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login. |
Request Parameters
| Parameter | Parm Type | Data Type | Required | Description |
|---|---|---|---|---|
| Type[ ] | Query | string | Optional |
Indicates that only policies of the specified type should be returned. For values, see Policy Types. If this parameter is not specified, all types are returned. To request multiple types, include this parameter multiple times. |
| BusinessID | Query | string | Optional |
The unique ID for a specific business organization on the platform. If this parameter is not specified, policies for all business organizations are returned. |
| IncludeInactivePolicies | Query | Boolean | Optional | If included and set to true, inactive policies are included in the results. Default: false. |
Response
If successful, this operation returns HTTP status code 200, with a list of supported policies in the form of an RSS feed (JSON or XML).
Sample Response
The sample response below shows five policies returned.
Sample response headers: application/json
HTTP/1.1 200 OK Content-Type: application/json Date: Fri, 01 Jun 2018 00:18:49 GMT
Sample response body: application/json
{
"channel": {
"title": "Policies",
"item": [
{
"title": "AtmosphereApplicationSecurityPolicy",
"description": "",
"category": [
{
"value": "policy.apisec",
"domain": "soa.com:policy:subtype"
},
{
"value": "Operational Policy",
"domain": "soa.com:policy:type"
}
],
"guid": {
"value": "acmepaymentscorp-AtmosphereApplicationSecurityPolicy"
}
},
{
"title": "BasicAuditing",
"description": "",
"category": [
{
"value": "policy.auditservice",
"domain": "soa.com:policy:subtype"
},
{
"value": "Operational Policy",
"domain": "soa.com:policy:type"
}
],
"guid": {
"value": "acmepaymentscorp-BasicAuditing"
}
},
{
"title": "CORSAllowAll",
"description": "",
"category": [
{
"value": "policy.cors",
"domain": "soa.com:policy:subtype"
},
{
"value": "Operational Policy",
"domain": "soa.com:policy:type"
}
],
"guid": {
"value": "acmepaymentscorp-CORSAllowAll"
}
},
{
"title": "DetailedAuditing",
"description": "",
"category": [
{
"value": "policy.auditservice",
"domain": "soa.com:policy:subtype"
},
{
"value": "Operational Policy",
"domain": "soa.com:policy:type"
}
],
"guid": {
"value": "acmepaymentscorp-DetailedAuditing"
}
},
{
"title": "OAuthSecurity",
"description": "",
"category": [
{
"value": "policy.oauth",
"domain": "soa.com:policy:subtype"
},
{
"value": "Operational Policy",
"domain": "soa.com:policy:type"
}
],
"guid": {
"value": "acmepaymentscorp-OAuthSecurity"
}
},
{
"title": "API Consumer Application Security Policy for ACME Payments Corp Billing Dept",
"description": "API Consumer Application Security Policy for ACME Payments Corp Billing Dept",
"category": [
{
"value": "policy.apisec",
"domain": "soa.com:policy:subtype"
},
{
"value": "Operational Policy",
"domain": "soa.com:policy:type"
}
],
"guid": {
"value": "uddi:0d60c514-1343-4ac5-bd4f-59b93864bb17"
}
},
{
"title": "JOSE Policy v2",
"description": "JOSE Policy v2",
"category": [
{
"value": "policy.jose.v2",
"domain": "soa.com:policy:subtype"
},
{
"value": "Operational Policy",
"domain": "soa.com:policy:type"
}
],
"guid": {
"value": "uddi:3e8b8f14-e8ba-4818-a89b-7a90d2704fae"
}
}
]
},
"version": "1.0"
}
Response Headers
For general information on response header values, refer to HTTP Response Headers.
| Header | Description |
|---|---|
| Content-Type | application/json, text/xml, application/vnd.soa.v71+json, application/vnd.soa.v71+xml, application/vnd.soa.v72+json, application/vnd.soa.v72+xml, application/vnd.soa.v80+json, application/vnd.soa.v80+xml, application/vnd.soa.v81+json, application/vnd.soa.v81+xml |
Response Body
The response body is in the form of an RSS channel, and includes the items listed below. The RSS version is 1.0. The title of the RSS channel is Policies. Each item in the channel represents a governance policy, and includes the information listed below.
| Name | Description |
|---|---|
| Title | Title of the policy. |
| Description | Description of the policy |
| Category | Information about one or more categories for the policy. Each category is a name/value pair, value and domain. Domain is soa.com.policy.subtype, and the value is the policy subType value, indicating the type of policy. |
| GUID | GUID for the policy |
Error Codes/Messages
If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.
| Item | Value |
|---|---|
| 401 | Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing. |
| 500 | An error occurred processing the call. |
More information about Akana API Platform API error messages.
