Policy Templates API

Browse and apply pre-built policy templates for common governance scenarios through the Orchestrator API.

Overview

Policy templates provide ready-to-use policy configurations for:

• Security: SQL injection, XSS, command injection prevention
• Compliance: GDPR, HIPAA, PCI-DSS, SOC2
• Regional: EU AI Act, RBI, SEBI (India), DPDP Act
• Industry: Healthcare, Financial Services, E-commerce

Base URL: http://localhost:8081 (Orchestrator)

---

Endpoints

GET /api/v1/templates

List available policy templates with optional filtering.

Request:

curl "http://localhost:8081/api/v1/templates?category=compliance&region=eu"

Query Parameters:

Parameter	Type	Description
category	string	Filter by category (security, compliance, industry)
region	string	Filter by region (global, us, eu, india)
search	string	Search template names and descriptions

Response (200 OK):

{
  "templates": [
    {
      "id": "tpl_gdpr_pii",
      "name": "GDPR PII Protection",
      "description": "Comprehensive PII detection and blocking for GDPR compliance",
      "category": "compliance",
      "region": "eu",
      "policies_count": 12,
      "tags": ["gdpr", "pii", "privacy", "eu"],
      "popularity": 4523,
      "created_at": "2024-06-01T00:00:00Z"
    },
    {
      "id": "tpl_eu_ai_act",
      "name": "EU AI Act Compliance",
      "description": "Policies aligned with EU AI Act requirements for high-risk AI systems",
      "category": "compliance",
      "region": "eu",
      "policies_count": 18,
      "tags": ["eu-ai-act", "transparency", "human-oversight"],
      "popularity": 2156,
      "created_at": "2024-09-01T00:00:00Z"
    }
  ],
  "count": 2,
  "total_available": 45
}

---

GET /api/v1/templates/{id}

Get detailed information about a specific template.

Request:

curl http://localhost:8081/api/v1/templates/tpl_gdpr_pii

Response (200 OK):

{
  "id": "tpl_gdpr_pii",
  "name": "GDPR PII Protection",
  "description": "Comprehensive PII detection and blocking for GDPR compliance. Includes detection patterns for EU-specific identifiers like IBAN, VAT numbers, and national IDs.",
  "category": "compliance",
  "region": "eu",
  "version": "2.1.0",
  "policies": [
    {
      "name": "GDPR - Email Detection",
      "pattern": "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}",
      "action": "warn",
      "severity": "medium",
      "description": "Detects email addresses in prompts and responses"
    },
    {
      "name": "GDPR - Phone Number (EU)",
      "pattern": "\\+?[0-9]{1,4}[\\s.-]?\\(?[0-9]{1,4}\\)?[\\s.-]?[0-9]{1,4}[\\s.-]?[0-9]{1,9}",
      "action": "warn",
      "severity": "medium",
      "description": "Detects European phone number formats"
    },
    {
      "name": "GDPR - IBAN",
      "pattern": "[A-Z]{2}[0-9]{2}[A-Z0-9]{4}[0-9]{7}([A-Z0-9]?){0,16}",
      "action": "block",
      "severity": "high",
      "description": "Detects IBAN bank account numbers"
    },
    {
      "name": "GDPR - EU VAT Number",
      "pattern": "[A-Z]{2}[0-9A-Z]{2,12}",
      "action": "warn",
      "severity": "medium",
      "description": "Detects EU VAT identification numbers"
    }
  ],
  "policies_count": 12,
  "tags": ["gdpr", "pii", "privacy", "eu"],
  "prerequisites": [],
  "conflicts_with": [],
  "popularity": 4523,
  "rating": 4.8,
  "reviews_count": 234,
  "last_updated": "2025-01-01T00:00:00Z",
  "changelog": [
    {
      "version": "2.1.0",
      "date": "2025-01-01",
      "changes": ["Added IBAN detection", "Improved phone number patterns"]
    },
    {
      "version": "2.0.0",
      "date": "2024-09-01",
      "changes": ["Complete rewrite for GDPR 2024 guidance"]
    }
  ]
}

---

POST /api/v1/templates/{id}/apply

Apply a template to create policies for a tenant.

Request:

curl -X POST http://localhost:8081/api/v1/templates/tpl_gdpr_pii/apply \
  -H "Content-Type: application/json" \
  -H "X-Tenant-ID: my-tenant" \
  -d '{
    "customizations": {
      "action_overrides": {
        "GDPR - Email Detection": "log",
        "GDPR - Phone Number (EU)": "log"
      },
      "exclude_policies": ["GDPR - EU VAT Number"],
      "prefix": "custom_gdpr"
    }
  }'

Request Body:

Field	Type	Required	Description
customizations.action_overrides	object	No	Override default actions for specific policies
customizations.exclude_policies	array	No	Policy names to skip
customizations.prefix	string	No	Prefix for created policy names

Response (201 Created):

{
  "success": true,
  "template_id": "tpl_gdpr_pii",
  "tenant_id": "my-tenant",
  "policies_created": 11,
  "policies_skipped": 1,
  "created_policies": [
    {
      "id": "pol_abc123",
      "name": "custom_gdpr_email_detection",
      "action": "log"
    },
    {
      "id": "pol_def456",
      "name": "custom_gdpr_phone_eu",
      "action": "log"
    },
    {
      "id": "pol_ghi789",
      "name": "custom_gdpr_iban",
      "action": "block"
    }
  ],
  "skipped_policies": ["GDPR - EU VAT Number"],
  "applied_at": "2025-01-02T10:00:00Z"
}

---

GET /api/v1/templates/categories

List all template categories with counts.

Request:

curl http://localhost:8081/api/v1/templates/categories

Response (200 OK):

{
  "categories": [
    {
      "id": "security",
      "name": "Security",
      "description": "SQL injection, XSS, command injection prevention",
      "templates_count": 8,
      "icon": "shield"
    },
    {
      "id": "compliance",
      "name": "Compliance",
      "description": "GDPR, HIPAA, PCI-DSS, SOC2 compliance policies",
      "templates_count": 15,
      "icon": "clipboard-check"
    },
    {
      "id": "regional",
      "name": "Regional Regulations",
      "description": "Region-specific regulatory compliance",
      "templates_count": 12,
      "icon": "globe",
      "subcategories": [
        {"id": "eu", "name": "European Union", "count": 5},
        {"id": "us", "name": "United States", "count": 3},
        {"id": "india", "name": "India", "count": 4}
      ]
    },
    {
      "id": "industry",
      "name": "Industry-Specific",
      "description": "Healthcare, Financial Services, E-commerce policies",
      "templates_count": 10,
      "icon": "briefcase",
      "subcategories": [
        {"id": "healthcare", "name": "Healthcare", "count": 4},
        {"id": "finserv", "name": "Financial Services", "count": 4},
        {"id": "ecommerce", "name": "E-commerce", "count": 2}
      ]
    }
  ],
  "total_templates": 45
}

---

GET /api/v1/templates/stats

Get template usage statistics.

Request:

curl http://localhost:8081/api/v1/templates/stats

Response (200 OK):

{
  "total_templates": 45,
  "total_applications": 12456,
  "top_templates": [
    {
      "id": "tpl_gdpr_pii",
      "name": "GDPR PII Protection",
      "applications": 4523,
      "rating": 4.8
    },
    {
      "id": "tpl_sqli_prevention",
      "name": "SQL Injection Prevention",
      "applications": 3892,
      "rating": 4.9
    },
    {
      "id": "tpl_hipaa_phi",
      "name": "HIPAA PHI Protection",
      "applications": 2145,
      "rating": 4.7
    }
  ],
  "by_category": {
    "security": 5234,
    "compliance": 4567,
    "regional": 1823,
    "industry": 832
  },
  "by_region": {
    "global": 6789,
    "eu": 3456,
    "us": 1567,
    "india": 644
  },
  "period": "all_time"
}

---

Template Categories

Category	Description
security	Core security patterns (SQLi, XSS, command injection)
compliance	Regulatory compliance (GDPR, HIPAA, PCI-DSS)
regional	Region-specific regulations
industry	Industry-specific requirements

Template Regions

Region	Description
global	Universally applicable policies
eu	European Union regulations
us	United States regulations
india	India regulations (RBI, SEBI, DPDP)

---

Error Responses

HTTP Status	Error Code	Description
404	TEMPLATE_NOT_FOUND	Template does not exist
409	POLICIES_ALREADY_EXIST	Policies with same names already exist
400	INVALID_CUSTOMIZATION	Invalid customization parameters

---

Next Steps

• Static Policy API - Manage static policies
• Agent Endpoints - Policy enforcement API
• Security - PII Detection - PII patterns