Policy Templates API
Use policy templates to bootstrap common governance rules instead of hand-authoring every tenant policy from scratch. This is especially useful when teams want to roll out repeatable controls for PII detection, SQL injection prevention, regional compliance, or industry-specific AI safety requirements.
Overview
Verified routes:
| Method | Path | Purpose |
|---|---|---|
GET | /api/v1/templates | List templates |
GET | /api/v1/templates/categories | List categories |
GET | /api/v1/templates/stats | Template usage statistics |
GET | /api/v1/templates/{id} | Get one template |
POST | /api/v1/templates/{id}/apply | Create a policy from a template |
Base URL:
http://localhost:8080
The Agent commonly proxies these routes to the Orchestrator. Direct 8081 access also works when intentionally exposed.
Authentication
All endpoints require:
Authorization: Basic base64(clientId:clientSecret)header- Tenant context (derived from Basic auth credentials) for template usage stats and apply
X-User-IDrecommended for apply requests
Listing Templates
Verified list query parameters:
| Query param | Purpose |
|---|---|
category | Filter by category |
search | Search template names and descriptions |
tags | Comma-separated tags |
active | Filter active templates |
builtin | Filter built-in templates |
page | Page number |
page_size | Page size, max 100 |
Verified response wrapper:
{
"templates": [],
"pagination": {
"page": 1,
"page_size": 20,
"total_items": 0,
"total_pages": 0
}
}
Single Template and Categories
GET /api/v1/templates/{id} returns:
{
"template": {
"id": "tpl_gdpr_pii",
"name": "gdpr-pii-protection"
}
}
GET /api/v1/templates/categories returns:
{
"categories": [
"general",
"security",
"compliance"
]
}
Apply a Template
POST /api/v1/templates/{id}/apply is the fastest way to turn a reusable governance pattern into a tenant-owned policy.
Verified request fields:
| Field | Notes |
|---|---|
variables | Variable substitutions for the template |
policy_name | Required policy name |
description | Optional |
enabled | Boolean |
priority | Optional |
Example:
curl -X POST http://localhost:8080/api/v1/templates/tpl_gdpr_pii/apply \
-H "Content-Type: application/json" \
-H "Authorization: Basic $(echo -n 'client-id:client-secret' | base64)" \
-H "X-User-ID: [email protected]" \
-d '{
"variables": {
"action": "block"
},
"policy_name": "gdpr-email-detection",
"enabled": true
}'
Successful applies return 201 Created with success, policy, usage_id, and message.
Why Teams Use This API
- Security teams use templates to standardize AI guardrails across multiple tenants or applications.
- Platform teams use templates to shorten onboarding for regulated use cases such as finance, healthcare, and regional deployments.
- Engineers evaluating AxonFlow get a practical bridge between community experimentation and more repeatable evaluation or enterprise rollout patterns.
