Skip to main content
GET
/
api
/
policies
/
{id}
List Policy Rules
curl --request GET \
  --url https://api.example.com/api/policies/{id}
{
  "id": "<string>",
  "name": "<string>",
  "type": "<string>",
  "prebuilt_type": {},
  "rules_count": 123,
  "rules": [
    {
      "rule_id": "<string>",
      "name": "<string>",
      "type": "<string>",
      "severity": {},
      "threshold": {},
      "time_window": {},
      "conditions": {},
      "policy_excerpt": "<string>",
      "policy_section": {},
      "is_active": true
    }
  ],
  "created_at": "<string>",
  "updated_at": "<string>",
  "dirty": true,
  "error": "<string>",
  "message": "<string>"
}

Overview

This endpoint retrieves a policy by ID along with all associated rules. It also returns a dirty flag indicating whether the policy has been modified since the last completed scan.

Authentication

Requires a valid session token. Returns 401 UNAUTHORIZED if not authenticated.

Path Parameters

id
string
required
UUID of the policy to retrieve

Request

Example Request

curl -X GET https://yourdomain.com/api/policies/550e8400-e29b-41d4-a716-446655440000 \
  -H "Cookie: session=your_session_token"

Response

id
string
UUID of the policy
name
string
Policy name
type
string
Policy type: pdf or prebuilt
prebuilt_type
string | null
Prebuilt pack type if applicable: aml, gdpr, or soc2
rules_count
number
Total number of rules in the policy
rules
array
Array of all rules in the policy
rule_id
string
Unique rule identifier in UPPER_SNAKE_CASE
name
string
Human-readable rule name
type
string
Rule category (e.g., structuring, retention, encryption)
severity
enum
Rule severity: CRITICAL, HIGH, or MEDIUM
threshold
number | null
Numeric threshold for threshold-based rules
time_window
number | null
Time window in hours for temporal rules
conditions
object
Rule evaluation logic with recursive AND/OR conditions
policy_excerpt
string
Reference to the compliance regulation or policy text
policy_section
string | null
Section reference from the policy document
is_active
boolean
Whether the rule is currently active and will be evaluated in scans
created_at
string
ISO 8601 timestamp of policy creation
updated_at
string
ISO 8601 timestamp of last policy update
dirty
boolean
Whether the policy has been modified since the last completed scan.
  • true: Policy has been updated (rules added/removed/modified) since last scan
  • false: Policy unchanged since last scan, or no scans exist yet

Success Response

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "name": "AML Compliance Policy",
  "type": "prebuilt",
  "prebuilt_type": "aml",
  "rules_count": 2,
  "rules": [
    {
      "rule_id": "STRUCTURING_PATTERN",
      "name": "Transaction Structuring Detection",
      "type": "structuring",
      "severity": "CRITICAL",
      "threshold": 10000,
      "time_window": 24,
      "conditions": {
        "AND": [
          {
            "field": "amount",
            "operator": "greater_than",
            "value": 9000
          },
          {
            "field": "amount",
            "operator": "less_than",
            "value": 10000
          }
        ]
      },
      "policy_excerpt": "31 CFR § 1010.314 - Structured transactions to evade BSA reporting",
      "policy_section": "31 CFR § 1010.314",
      "is_active": true
    },
    {
      "rule_id": "RAPID_MOVEMENT",
      "name": "Rapid Fund Movement",
      "type": "velocity",
      "severity": "HIGH",
      "threshold": null,
      "time_window": 48,
      "conditions": {
        "AND": [
          {
            "field": "deposit_timestamp",
            "operator": "exists",
            "value": true
          },
          {
            "field": "withdrawal_timestamp",
            "operator": "exists",
            "value": true
          }
        ]
      },
      "policy_excerpt": "FinCEN Advisory FIN-2012-A001 - Rapid movement patterns",
      "policy_section": "FinCEN Advisory FIN-2012-A001",
      "is_active": false
    }
  ],
  "created_at": "2026-02-28T10:00:00Z",
  "updated_at": "2026-02-28T10:30:00Z",
  "dirty": true
}

Error Responses

error
string
Error code identifier
message
string
Human-readable error message

404 Not Found

{
  "error": "NOT_FOUND",
  "message": "Policy not found"
}

500 Internal Server Error

{
  "error": "INTERNAL_ERROR",
  "message": "An unexpected error occurred"
}

Dirty State Detection

The dirty flag helps track whether a policy needs to be rescanned:
  1. Compares policy.updated_at against the latest completed scan’s completed_at timestamp
  2. Returns true if the policy was modified after the last scan
  3. Returns false if unchanged or if no scans exist yet
This is useful for triggering rescans when rules have been modified.

Use Cases

  • Displaying policy details in the UI
  • Showing all rules with their current active/inactive state
  • Detecting if a policy needs to be rescanned after modifications
  • Exporting policy configuration for review

Notes

  • Rules are ordered by created_at in ascending order (oldest first)
  • The threshold field is parsed as a float for numeric compatibility
  • Empty rule arrays return [] if no rules exist for the policy

Build docs developers (and LLMs) love

Get started for freeTalk to us