Policy Templates API
Browse and apply pre-built policy templates for common governance scenarios through the Orchestrator API.
Overview
Policy templates provide ready-to-use policy configurations for:
- Security: SQL injection, XSS, command injection prevention
- Compliance: GDPR, HIPAA, PCI-DSS, SOC2
- Regional: EU AI Act, RBI, SEBI (India), DPDP Act
- Industry: Healthcare, Financial Services, E-commerce
Base URL: http://localhost:8081 (Orchestrator)
Authentication
All endpoints require:
Authorization: Basic base64(clientId:clientSecret)headerContent-Type: application/jsonheader (for POST requests)
Optional:
X-Org-IDheader — Scopes template usage stats to a specific tenant
Endpoints
GET /api/v1/templates
List available policy templates with optional filtering.
Request:
curl "http://localhost:8081/api/v1/templates?category=compliance&search=gdpr"
Query Parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
category | string | (all) | Filter by category (see Template Categories) |
search | string | (none) | Search template names and descriptions |
tags | string | (none) | Comma-separated tags to filter by |
active | boolean | (all) | Filter by active status |
builtin | boolean | (all) | Filter by built-in templates |
page | integer | 1 | Page number |
page_size | integer | 20 (max: 100) | Items per page |
Response (200 OK):
{
"templates": [
{
"id": "tpl_gdpr_pii",
"name": "gdpr-pii-protection",
"display_name": "GDPR PII Protection",
"description": "Comprehensive PII detection and blocking for GDPR compliance",
"category": "compliance",
"subcategory": "privacy",
"template": {},
"variables": [
{
"name": "action",
"type": "string",
"default": "block",
"description": "Action to take when PII is detected",
"required": false
}
],
"is_builtin": true,
"is_active": true,
"version": "2.1.0",
"tags": ["gdpr", "pii", "privacy", "eu"],
"created_at": "2024-06-01T00:00:00Z",
"updated_at": "2025-01-01T00:00:00Z"
}
],
"pagination": {
"page": 1,
"page_size": 20,
"total_items": 45,
"total_pages": 3
}
}
GET /api/v1/templates/{id}
Get detailed information about a specific template.
Request:
curl http://localhost:8081/api/v1/templates/tpl_gdpr_pii
Response (200 OK):
{
"id": "tpl_gdpr_pii",
"name": "gdpr-pii-protection",
"display_name": "GDPR PII Protection",
"description": "Comprehensive PII detection and blocking for GDPR compliance. Includes detection patterns for EU-specific identifiers like IBAN, VAT numbers, and national IDs.",
"category": "compliance",
"subcategory": "privacy",
"template": {
"type": "content",
"conditions": [
{
"field": "query",
"operator": "regex",
"value": "{{pattern}}"
}
],
"actions": [
{
"type": "{{action}}",
"config": {}
}
]
},
"variables": [
{
"name": "pattern",
"type": "string",
"default": "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}",
"description": "Regex pattern for PII detection",
"required": true,
"validation": "^[^\\s]+$"
},
{
"name": "action",
"type": "string",
"default": "block",
"description": "Action to take: block, redact, alert, log",
"required": false
}
],
"is_builtin": true,
"is_active": true,
"version": "2.1.0",
"tags": ["gdpr", "pii", "privacy", "eu"],
"created_at": "2024-06-01T00:00:00Z",
"updated_at": "2025-01-01T00:00:00Z"
}
POST /api/v1/templates/{id}/apply
Apply a template to create policies for a tenant.
Request:
curl -X POST http://localhost:8081/api/v1/templates/tpl_gdpr_pii/apply \
-H "Content-Type: application/json" \
-H "X-Org-ID: my-tenant" \
-d '{
"variables": {
"pattern": "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}",
"action": "block"
},
"policy_name": "gdpr-email-detection",
"description": "Block emails in prompts for GDPR compliance",
"enabled": true,
"priority": 100
}'
Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
variables | object | No | Variable values to substitute into the template |
policy_name | string | Yes | Name for the created policy |
description | string | No | Description for the created policy |
enabled | boolean | Yes | Whether to enable the policy immediately |
priority | integer | No | Policy evaluation priority |
Response (200 OK):
{
"success": true,
"policy": {
"id": "pol_abc123",
"name": "gdpr-email-detection",
"description": "Block emails in prompts for GDPR compliance",
"type": "content",
"category": "compliance",
"tier": "tenant",
"conditions": [
{
"field": "query",
"operator": "regex",
"value": "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}"
}
],
"actions": [
{
"type": "block",
"config": {}
}
],
"priority": 100,
"enabled": true,
"version": 1,
"tenant_id": "my-tenant",
"created_at": "2025-01-02T10:00:00Z",
"updated_at": "2025-01-02T10:00:00Z"
},
"usage_id": "usage_xyz789",
"message": "Policy created from template tpl_gdpr_pii"
}
GET /api/v1/templates/categories
List all template categories with counts.
Request:
curl http://localhost:8081/api/v1/templates/categories
Response (200 OK):
Returns the list of valid template categories:
[
"general",
"security",
"compliance",
"content_safety",
"rate_limiting",
"access_control",
"data_protection",
"custom"
]
POST /api/v1/templates/{id}/apply - Error Responses
| HTTP Status | Scenario | Example Body |
|---|---|---|
| 400 | Missing required variable | {"error": {"code": "INVALID_CUSTOMIZATION", "message": "Required variable 'pattern' is missing"}} |
| 404 | Template not found | {"error": {"code": "TEMPLATE_NOT_FOUND", "message": "Template tpl_xyz not found"}} |
| 409 | Policy name conflict | {"error": {"code": "POLICIES_ALREADY_EXIST", "message": "Policy 'gdpr-email-detection' already exists"}} |
GET /api/v1/templates/stats
Get template usage statistics.
Request:
curl http://localhost:8081/api/v1/templates/stats
Response (200 OK):
Returns usage statistics per template:
[
{
"template_id": "tpl_gdpr_pii",
"template_name": "gdpr-pii-protection",
"usage_count": 4523,
"last_used_at": "2025-01-02T10:00:00Z"
},
{
"template_id": "tpl_sqli_prevention",
"template_name": "sql-injection-prevention",
"usage_count": 3892,
"last_used_at": "2025-01-01T15:30:00Z"
}
]
Template Categories
| Category | Description |
|---|---|
general | General-purpose policy templates |
security | Core security patterns (SQLi, XSS, command injection) |
compliance | Regulatory compliance (GDPR, HIPAA, PCI-DSS) |
content_safety | Content moderation and safety filters |
rate_limiting | Rate limiting and usage controls |
access_control | Role-based and attribute-based access policies |
data_protection | Data masking, redaction, and encryption policies |
custom | User-defined custom templates |
Variable Types
| Type | Description |
|---|---|
string | Free-form text value |
integer | Whole number |
boolean | true or false |
enum | One of a predefined set of values |
array | List of values |
Error Responses
| HTTP Status | Error Code | Description |
|---|---|---|
| 400 | INVALID_CUSTOMIZATION | Invalid customization parameters or variable values |
| 400 | VALIDATION_ERROR | Template variable validation failed |
| 404 | TEMPLATE_NOT_FOUND | Template does not exist |
| 409 | POLICIES_ALREADY_EXIST | Policies with same names already exist |
| 500 | INTERNAL_ERROR | Internal server error |
Example (404):
{
"error": {
"code": "TEMPLATE_NOT_FOUND",
"message": "Template 'tpl_invalid' does not exist"
}
}
Next Steps
- Static Policy API - Manage static policies
- Agent Endpoints - Policy enforcement API
- Security - PII Detection - PII patterns