Skip to main content
POST
/
api
/
v1
/
policies
Create
package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.Policies.Create(ctx, nil)
    if err != nil {
        log.Fatal(err)
    }
    if res.CreatePolicyResponse != nil {
        // handle response
    }
}
{
  "policy": {
    "createdAt": "2023-11-07T05:31:56Z",
    "deletedAt": "2023-11-07T05:31:56Z",
    "description": "<string>",
    "displayName": "<string>",
    "id": "<string>",
    "policySteps": {},
    "policyType": "POLICY_TYPE_UNSPECIFIED",
    "postActions": [
      {
        "certifyRemediateImmediately": true
      }
    ],
    "reassignTasksToDelegates": true,
    "rules": [
      {
        "condition": "<string>",
        "policyKey": "<string>"
      }
    ],
    "systemBuiltin": true,
    "updatedAt": "2023-11-07T05:31:56Z"
  }
}

Documentation Index

Fetch the complete documentation index at: https://conductorone-ian-account-to-user-pipeline.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization
string
header
required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Body

application/json

The CreatePolicyRequest message is used to create a new policy.

displayName
string
required

The display name of the new policy.

description
string

The description of the new policy.

policySteps
object

Step sequences for this policy. The map must include a baseline entry keyed by the lowercased policy type (e.g., "grant"). Additional entries with opaque keys can be added for conditional routing via the rules array.

policyType
enum<string>

The type of policy to create (grant, revoke, or certify).

Available options:
POLICY_TYPE_UNSPECIFIED,
POLICY_TYPE_GRANT,
POLICY_TYPE_REVOKE,
POLICY_TYPE_CERTIFY,
POLICY_TYPE_ACCESS_REQUEST,
POLICY_TYPE_PROVISION
postActions
Policy Post Actions · object[] | null

Ordered actions to execute after the policy completes processing.

reassignTasksToDelegates
boolean
deprecated

This field is no longer used. Configure delegate reassignment in the policy step instead.

rules
Rule · object[] | null

Conditional routing rules. See the Policy message for details on evaluation order.

Response

200 - application/json

The CreatePolicyResponse message contains the created policy object.

The CreatePolicyResponse message contains the created policy object.

policy
Policy · object

A policy defines a workflow (sequence of steps) that runs when processing access requests, reviews, or revocations. Policies support conditional routing: different conditions can trigger different step sequences, with a baseline fallback.