GET /api/policies

Returns a list of supported policies, such as Service Level, Management, or Compliance policies, in the form of a JSON object.

Authorization Roles/Permissions: Must be logged in.

This topic includes the following sections:

HTTP Method

GET

URL

https://{hostname}/api/policies

Sample Request

The example below shows a request for the list of supported policies.

Sample Request URL

https://{hostname}/api/policies

Sample request headers

Accept: Application/vnd.akana.v2020+json
X-Csrf-Token_acmepaymentscorp: TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...

Sample request body

Not applicable.

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header	Description
Accept	application/vnd.akana.v2020+json
Cookie	AtmoAuthToken_{fedmemberid}={cookie value, which usually starts with TokenID}—The platform cookie. This is the Akana API Platform authorization token, and must be sent with every API request that requires login. For more information and an example, see Session cookies.
X-Csrf-Token_{fedmemberID}	The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Request Parameters

Parameter	Parm Type	Data Type	Required	Description
Type[ ]	Query	string	Optional	Indicates that only policies of the specified type should be returned. For values, see Policy Types. If this parameter is not specified, all types are returned. To request multiple types, include this parameter multiple times.
BusinessID	Query	string	Optional	The unique ID for a specific business organization on the platform. If this parameter is not specified, policies for all business organizations are returned.
IncludeInactivePolicies	Query	Boolean	Optional	If included and set to true, inactive policies are included in the results. Default: false.

Response

If successful, this operation returns HTTP status code 200, with information about policies currently available.

Sample Response

The sample response below shows successful completion of this operation.

Sample response headers

Content-Type: application/vnd.akana.v2020+json
Date: Wed, 14 Oct 2020 19:46:05 GMT

Sample response body

{
  "Policy":[
    {
      "PolicyKey":"acmepaymentscorp-AtmosphereApplicationSecurityPolicy",
      "Name":"AtmosphereApplicationSecurityPolicy",
      "Description":"",
      "PolicyType":"Operational Policy",
      "PolicySubType":"policy.apisec"
    },
    {
      "PolicyKey":"acmepaymentscorp-BasicAuditing",
      "Name":"BasicAuditing",
      "Description":"",
      "PolicyType":"Operational Policy",
      "PolicySubType":"policy.auditservice"
    },
    {
      "PolicyKey":"acmepaymentscorp-CORSAllowAll",
      "Name":"CORSAllowAll",
      "Description":"",
      "PolicyType":"Operational Policy",
      "PolicySubType":"policy.cors"
    },
    {
      "PolicyKey":"acmepaymentscorp-DetailedAuditing",
      "Name":"DetailedAuditing",
      "Description":"",
      "PolicyType":"Operational Policy",
      "PolicySubType":"policy.auditservice"
    },
    {
      "PolicyKey":"acmepaymentscorp-OAuthSecurity",
      "Name":"OAuthSecurity",
      "Description":"",
      "PolicyType":"Operational Policy",
      "PolicySubType":"policy.oauth"
    }
  ]
}

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header	Description
Content-Type	application/vnd.akana.v2020+json

Response Body

Name	Type	Description
Policies	Policies	Contains information about one or more policies that are enforced for the API version, if applicable.

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item	Value
401	Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.
500	An error occurred processing the call.

More information about Akana API Platform API error messages.

Related Topics