Create policy rule | API Reference | Descope Documentation

POST

/v1/mgmt/policies/rule/create

Authorization

Descope Project ID and Management Key

AuthorizationBearer <token>

Project ID:Management Key as bearer token.

In: header

Request Body

application/json

policyRule?object

Create a new policy rule row using a valid management key. The id is server-generated.

curl -X POST "https://api.descope.com/v1/mgmt/policies/rule/create" \
  -H "Content-Type: application/json" \
  -d '{}'

curl -X POST "https://api.descope.com/v1/mgmt/policies/rule/create" \  -H "Content-Type: application/json" \  -d '{}'

ResponseOK

{
  "policyRule": {
    "id": "string",
    "version": "string",
    "name": "string",
    "description": "string",
    "enabled": true,
    "ruleFamily": "string",
    "actionKinds": [
      "string"
    ],
    "effect": "string",
    "principalType": "string",
    "principalSelector": [
      "string"
    ],
    "resourceTargets": [
      {
        "type": "string",
        "allOfType": true,
        "ids": [
          "string"
        ]
      }
    ],
    "grants": [
      {
        "scopes": [
          "string"
        ],
        "allowedAudiences": [
          "string"
        ]
      }
    ],
    "conditions": "string",
    "cedarText": "string",
    "createdTime": 0,
    "modifiedTime": 0
  }
}

{  "policyRule": {    "id": "string",    "version": "string",    "name": "string",    "description": "string",    "enabled": true,    "ruleFamily": "string",    "actionKinds": [      "string"    ],    "effect": "string",    "principalType": "string",    "principalSelector": [      "string"    ],    "resourceTargets": [      {        "type": "string",        "allOfType": true,        "ids": [          "string"        ]      }    ],    "grants": [      {        "scopes": [          "string"        ],        "allowedAudiences": [          "string"        ]      }    ],    "conditions": "string",    "cedarText": "string",    "createdTime": 0,    "modifiedTime": 0  }}

TypeScript

export interface Response {
policyRule?: {
id?: string
version?: string
name?: string
description?: string
enabled?: boolean
ruleFamily?: string
actionKinds?: string[]
effect?: string
principalType?: string
principalSelector?: string[]
resourceTargets?: RuleResourceTarget[]
grants?: PolicyRuleGrant[]
conditions?: string
cedarText?: string
/**
 * int32 epoch seconds: proto3 emits int64 as JSON string. See .claude/rules/proto-files.md.
 */
createdTime?: number
modifiedTime?: number
}
}
/**
 * RuleResourceTarget identifies a Resource subset for an PolicyRule. A
 *  target with AllOfType=true matches every resource of Type; otherwise the
 *  IDs list enumerates the specific resources.
 */
export interface RuleResourceTarget {
type?: string
allOfType?: boolean
ids?: string[]
}
export interface PolicyRuleGrant {
scopes?: string[]
allowedAudiences?: string[]
}

export interface Response {policyRule?: {id?: stringversion?: stringname?: stringdescription?: stringenabled?: booleanruleFamily?: stringactionKinds?: string[]effect?: stringprincipalType?: stringprincipalSelector?: string[]resourceTargets?: RuleResourceTarget[]grants?: PolicyRuleGrant[]conditions?: stringcedarText?: string/** * int32 epoch seconds: proto3 emits int64 as JSON string. See .claude/rules/proto-files.md. */createdTime?: numbermodifiedTime?: number}}/** * RuleResourceTarget identifies a Resource subset for an PolicyRule. A *  target with AllOfType=true matches every resource of Type; otherwise the *  IDs list enumerates the specific resources. */export interface RuleResourceTarget {type?: stringallOfType?: booleanids?: string[]}export interface PolicyRuleGrant {scopes?: string[]allowedAudiences?: string[]}

Was this helpful?