Create a Policy
Creates a new access policy within a dock. Policies define who can retrieve which artifacts, under what conditions, using a composable recipe that specifies authentication factors, access methods, and matching rules per stakeholder persona.Path Parameters
| Parameter | Type | Description |
|---|---|---|
dockId | string | The dock ID |
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Required | Display name for the policy |
recipe | string | Required | JSON string defining the access recipe (see examples below) |
Recipe Structure
| Field | Type | Description |
|---|---|---|
stakeholderClass | string | Target persona: mortgagee, agent, policyholder, auditor |
artifactTypes | array | Allowed artifact types (use ["*"] for all) |
auth.factors | array | Required authentication factors |
access.method | string/array | Access channel: bulk_api, portal, bulk_download, or array of multiple |
match.identifiers | array | Identifier keys used to scope artifact visibility |
constraints | object | Optional: time windows, auto-expiration |
Example: Mortgagee Bulk API Access
Shared passphrase + mutual TLS, bulk retrieval of up to 10,000 documents:- Insurance
- Real Estate
- Healthcare
- Financial Services
Example: Agent Portal & Download Access
WebAuthn challenge (FIDO2 security key or platform biometric), portal + bulk download:- Insurance
- Real Estate
- Healthcare
- Financial Services
Example: Policyholder Self-Service
SMS OTP with 5-minute TTL, single document retrieval through the portal:- Insurance
- Real Estate
- Healthcare
- Financial Services
Example: Auditor Time-Boxed Access
Badge ID + NDA hash validation, read-only portal, no downloads, auto-expires:- Insurance
- Real Estate
- Healthcare
- Financial Services
Response
Error Handling
| Status | Condition |
|---|---|
400 | name or recipe is missing or invalid |
400 | recipe contains invalid JSON or unknown fields |
401 | Missing or invalid API key |
404 | Dock not found |
New policies are always created in
DRAFT status. Use the Publish endpoint to promote a policy through the DRAFT -> PILOT -> PRODUCTION lifecycle. The recipe field must be a JSON string — stringify the recipe object before sending.