API Reference
Policies API
Create, manage, and simulate access policies. Define fine-grained authorization rules with context-aware conditions, time-based constraints, and risk-adaptive controls.
Base URL: https://api.tigeridentity.com/v1
Endpoints
GET
/policiesList all policiesPOST
/policiesCreate new policyGET
/policies/{id}Get policy by IDPUT
/policies/{id}Update policyDELETE
/policies/{id}Delete policyPOST
/policies/{id}/simulateSimulate policy evaluationGET
/policiesList all policies with optional filtering
Query Parameters
pagenumber
Page number (default: 1)
limitnumber
Results per page (default: 50, max: 100)
filterstring
Filter by name or description
statusstring
Filter by status (active, draft, archived)
cURL Example
curl -X GET \ "https://api.tigeridentity.com/v1/policies?page=1&limit=20&status=active" \ -H "Authorization: Bearer YOUR_TOKEN"
Response
{
"data": [
{
"id": "policy_abc123",
"name": "Production Database Access",
"description": "Access to prod databases",
"status": "active",
"version": 3,
"created_at": "2026-01-15T10:00:00Z",
"updated_at": "2026-02-01T14:30:00Z",
"created_by": "user_xyz789"
}
],
"pagination": {
"total": 45,
"page": 1,
"per_page": 20,
"pages": 3
}
}Create Policy
POST
/policiesCreate a new access policy
Request Body
{
"name": "Database Admin Access",
"description": "Allows database admin operations during business hours",
"status": "draft",
"rules": [
{
"effect": "allow",
"principals": {
"type": "USER",
"attributes": {
"department": ["engineering"],
"role": ["senior-engineer", "lead"]
}
},
"resources": {
"type": "database",
"identifiers": ["prod-db-*"]
},
"actions": [
"read",
"write",
"admin"
],
"conditions": [
{
"type": "time",
"operator": "between",
"value": {
"start": "09:00",
"end": "17:00",
"timezone": "America/New_York"
}
},
{
"type": "risk_score",
"operator": "less_than",
"value": 70
}
]
}
],
"metadata": {
"owner": "security-team",
"compliance": ["SOC2", "HIPAA"]
}
}Response
{
"id": "policy_xyz789",
"name": "Database Admin Access",
"description": "Allows database admin operations during business hours",
"status": "draft",
"version": 1,
"rules": [ /* full rules array */ ],
"metadata": {
"owner": "security-team",
"compliance": ["SOC2", "HIPAA"]
},
"created_at": "2026-02-05T10:30:00Z",
"updated_at": "2026-02-05T10:30:00Z",
"created_by": "user_abc123"
}Policy Status
draft
Policy is being edited, not enforced
active
Policy is live and enforced
archived
Policy is archived, not enforced
GET
/policies/{id}Retrieve a specific policy by ID
cURL Example
curl -X GET \ "https://api.tigeridentity.com/v1/policies/policy_xyz789" \ -H "Authorization: Bearer YOUR_TOKEN"
Path Parameters
idstring (required)
The policy ID
Response
{
"id": "policy_xyz789",
"name": "Database Admin Access",
"description": "Allows database admin operations",
"status": "active",
"version": 2,
"rules": [
{
"effect": "allow",
"principals": { /* ... */ },
"resources": { /* ... */ },
"actions": ["read", "write", "admin"],
"conditions": [ /* ... */ ]
}
],
"metadata": {
"owner": "security-team",
"compliance": ["SOC2", "HIPAA"]
},
"created_at": "2026-02-05T10:30:00Z",
"updated_at": "2026-02-05T14:20:00Z"
}PUT
/policies/{id}Update an existing policy (creates new version)
Request Body
{
"name": "Database Admin Access - Updated",
"description": "Updated access policy",
"status": "active",
"rules": [
{
"effect": "allow",
"principals": {
"type": "USER",
"attributes": {
"department": ["engineering"]
}
},
"resources": {
"type": "database",
"identifiers": ["prod-db-*"]
},
"actions": ["read", "write"],
"conditions": [
{
"type": "mfa_verified",
"operator": "equals",
"value": true
}
]
}
]
}Response
{
"id": "policy_xyz789",
"name": "Database Admin Access - Updated",
"description": "Updated access policy",
"status": "active",
"version": 3,
"rules": [ /* updated rules */ ],
"updated_at": "2026-02-05T15:45:00Z",
"updated_by": "user_abc123"
}Policy updates create new versions. Previous versions are retained for audit and rollback.
DELETE
/policies/{id}Delete a policy (soft delete, can be recovered)
cURL Example
curl -X DELETE \ "https://api.tigeridentity.com/v1/policies/policy_xyz789" \ -H "Authorization: Bearer YOUR_TOKEN"
Response
{
"id": "policy_xyz789",
"status": "deleted",
"deleted_at": "2026-02-05T16:00:00Z",
"deleted_by": "user_abc123"
}Simulate Policy
POST
/policies/{id}/simulateTest policy evaluation without enforcing it. Useful for validation and debugging.
Request Body
{
"principal": {
"id": "user_abc123",
"type": "USER",
"attributes": {
"department": "engineering",
"role": "senior-engineer",
"mfa_verified": true
}
},
"resource": {
"type": "database",
"identifier": "prod-db-main"
},
"action": "write",
"context": {
"ip_address": "192.168.1.100",
"timestamp": "2026-02-05T15:30:00Z",
"risk_score": 45,
"device_trusted": true
}
}Response
{
"decision": "allow",
"matched_rules": [
{
"rule_index": 0,
"effect": "allow",
"conditions_met": [
"time: within business hours",
"risk_score: 45 < 70",
"mfa_verified: true"
]
}
],
"evaluation_time_ms": 12,
"timestamp": "2026-02-05T15:30:00Z",
"explanation": "Access granted: all conditions satisfied"
}Simulation shows how the policy would evaluate without actually granting access. Perfect for testing before activation.
Policy Versioning
Every policy update creates a new version. Access historical versions for audit trails and rollback capability.
Get Policy Version
GET /policies/policy_xyz789/versions/2
# Response
{
"id": "policy_xyz789",
"version": 2,
"name": "Database Admin Access",
"rules": [ /* version 2 rules */ ],
"created_at": "2026-02-01T14:20:00Z"
}List All Versions
GET /policies/policy_xyz789/versions
# Response
{
"data": [
{
"version": 3,
"created_at": "2026-02-05T15:45:00Z",
"created_by": "user_abc123"
},
{
"version": 2,
"created_at": "2026-02-01T14:20:00Z",
"created_by": "user_xyz789"
},
{
"version": 1,
"created_at": "2026-01-15T10:00:00Z",
"created_by": "user_abc123"
}
]
}Ready to create policies?
Start defining fine-grained access controls with context-aware policies.