Policies API

Policy lifecycle endpoints for drafting, review, approval, deployment, and rollback.

intermediate2 min readimplemented

Policies API#

Intended policy management is lifecycle-based. You work with drafts, run review/approval, deploy versions, and roll back when required.

Read Endpoints#

GET /policy/packs?tenantId=<tenant>
GET /policy/packs/:pack/versions?tenantId=<tenant>
GET /policy/drafts?tenantId=<tenant>
GET /policy/drafts/:id?tenantId=<tenant>
GET /policy/drafts/:id/impact-summary?tenantId=<tenant>

Create Draft#

POST/policy/draftsRequires auth

tenantIdstring*Tenant identifier.

policyPackNamestring*Logical policy pack name.

titlestring*Draft title.

createdBystring*Actor creating the draft.

policySetobject*Policy set payload.

bash

curl -X POST https://api.intended.so/policy/drafts \
  -H "Authorization: Bearer mrt_live_abc123" \
  -H "x-tenant-id: tenant_acme_prod" \
  -H "Content-Type: application/json" \
  -d '{
    "tenantId": "tenant_acme_prod",
    "policyPackName": "prod-release-controls",
    "title": "Require approval for prod deploy",
    "createdBy": "user_admin",
    "policySet": {
      "version": "1.0.0",
      "rules": []
    }
  }'

Update Draft#

PUT /policy/drafts/:id

Submit Review#

POST /policy/drafts/:id/review
- body: { tenantId, submittedBy, comments?, simulationRunId? }

Approve or Reject#

POST /policy/drafts/:id/approve
- body: { tenantId, reviewerId, comments? }
POST /policy/drafts/:id/reject
- body: { tenantId, reviewerId, comments? }

Deploy Draft#

POST /policy/deploy/:draftId
- body: { tenantId, deployedBy, comments? }

Roll Back Deployed Version#

POST /policy/rollback/:versionId
- body: { tenantId, rolledBackBy, comments? }

Warning

Policy APIs are fail-closed and tenant-scoped. Always send authenticated tenant context (x-tenant-id) that matches request body tenantId.