Create a Policy

Creates a new access policy within a dock. Policies define who can retrieve which artifacts, under what conditions, using a composable recipe that specifies authentication factors, access methods, and matching rules per stakeholder persona.

POST /v1/docks/:dockId/policies

Path Parameters

Parameter	Type	Description
`dockId`	string	The dock ID

Request Body

Parameter	Type	Required	Description
`name`	string	Required	Display name for the policy
`recipe`	string	Required	JSON string defining the access recipe (see examples below)

Recipe Structure

Field	Type	Description
`stakeholderClass`	string	Target persona: `mortgagee`, `agent`, `policyholder`, `auditor`
`artifactTypes`	array	Allowed artifact types (use `["*"]` for all)
`auth.factors`	array	Required authentication factors
`access.method`	string/array	Access channel: `bulk_api`, `portal`, `bulk_download`, or array of multiple
`match.identifiers`	array	Identifier keys used to scope artifact visibility
`constraints`	object	Optional: time windows, auto-expiration

Example: Mortgagee Bulk API Access

Shared passphrase + mutual TLS, bulk retrieval of up to 10,000 documents:

Insurance
Real Estate
Healthcare
Financial Services

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Mortgagee Bulk API Access",
    "recipe": "{\"stakeholderClass\":\"mortgagee\",\"artifactTypes\":[\"declaration-page\",\"certificate-of-insurance\",\"endorsement\"],\"auth\":{\"factors\":[\"shared_passphrase\",\"tls_certificate\"],\"tls\":{\"require_mutual\":true,\"min_version\":\"1.2\"}},\"access\":{\"method\":\"bulk_api\",\"max_batch_size\":10000},\"match\":{\"identifiers\":[\"lender_id\",\"policy_number\"]}}"
  }'

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Lender Bulk API Access",
    "recipe": "{\"stakeholderClass\":\"mortgagee\",\"artifactTypes\":[\"closing-disclosure\",\"deed-of-trust\",\"settlement-statement\",\"title-policy\"],\"auth\":{\"factors\":[\"shared_passphrase\",\"tls_certificate\"],\"tls\":{\"require_mutual\":true,\"min_version\":\"1.2\"}},\"access\":{\"method\":\"bulk_api\",\"max_batch_size\":10000},\"match\":{\"identifiers\":[\"lender_id\",\"file_number\"]}}"
  }'

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Payer Bulk Claims Access",
    "recipe": "{\"stakeholderClass\":\"mortgagee\",\"artifactTypes\":[\"explanation-of-benefits\",\"claim-summary\",\"pre-authorization\"],\"auth\":{\"factors\":[\"shared_passphrase\",\"tls_certificate\"],\"tls\":{\"require_mutual\":true,\"min_version\":\"1.2\"}},\"access\":{\"method\":\"bulk_api\",\"max_batch_size\":5000},\"match\":{\"identifiers\":[\"payer_id\",\"member_id\"]}}"
  }'

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Investor Bulk Loan Doc Access",
    "recipe": "{\"stakeholderClass\":\"mortgagee\",\"artifactTypes\":[\"promissory-note\",\"closing-disclosure\",\"appraisal\",\"underwriting-decision\"],\"auth\":{\"factors\":[\"shared_passphrase\",\"tls_certificate\"],\"tls\":{\"require_mutual\":true,\"min_version\":\"1.2\"}},\"access\":{\"method\":\"bulk_api\",\"max_batch_size\":10000},\"match\":{\"identifiers\":[\"investor_id\",\"loan_number\"]}}"
  }'

Example: Agent Portal & Download Access

WebAuthn challenge (FIDO2 security key or platform biometric), portal + bulk download:

Insurance
Real Estate
Healthcare
Financial Services

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Agent Portal & Download Access",
    "recipe": "{\"stakeholderClass\":\"agent\",\"artifactTypes\":[\"declaration-page\",\"policy-packet\",\"endorsement\",\"renewal-notice\"],\"auth\":{\"factors\":[\"webauthn\"],\"webauthn\":{\"challenge_type\":\"platform_or_cross_platform\"}},\"access\":{\"method\":[\"portal\",\"bulk_download\"]},\"match\":{\"identifiers\":[\"agency_code\",\"policy_number\"]}}"
  }'

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Title Agent Portal & Download",
    "recipe": "{\"stakeholderClass\":\"agent\",\"artifactTypes\":[\"title-commitment\",\"closing-disclosure\",\"deed-of-trust\",\"settlement-statement\",\"escrow-instructions\",\"title-search\"],\"auth\":{\"factors\":[\"webauthn\"],\"webauthn\":{\"challenge_type\":\"platform_or_cross_platform\"}},\"access\":{\"method\":[\"portal\",\"bulk_download\"]},\"match\":{\"identifiers\":[\"agent_license\",\"file_number\"]}}"
  }'

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Provider Portal & Download",
    "recipe": "{\"stakeholderClass\":\"agent\",\"artifactTypes\":[\"lab-results\",\"imaging-report\",\"referral-letter\",\"discharge-summary\",\"visit-summary\"],\"auth\":{\"factors\":[\"webauthn\"],\"webauthn\":{\"challenge_type\":\"platform_or_cross_platform\"}},\"access\":{\"method\":[\"portal\",\"bulk_download\"]},\"match\":{\"identifiers\":[\"npi_number\",\"member_id\"]}}"
  }'

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Loan Officer Portal & Download",
    "recipe": "{\"stakeholderClass\":\"agent\",\"artifactTypes\":[\"loan-estimate\",\"closing-disclosure\",\"application-packet\",\"rate-lock\",\"underwriting-decision\",\"appraisal\"],\"auth\":{\"factors\":[\"webauthn\"],\"webauthn\":{\"challenge_type\":\"platform_or_cross_platform\"}},\"access\":{\"method\":[\"portal\",\"bulk_download\"]},\"match\":{\"identifiers\":[\"nmls_id\",\"loan_number\"]}}"
  }'

Example: Policyholder Self-Service

SMS OTP with 5-minute TTL, single document retrieval through the portal:

Insurance
Real Estate
Healthcare
Financial Services

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Policyholder Self-Service",
    "recipe": "{\"stakeholderClass\":\"policyholder\",\"artifactTypes\":[\"declaration-page\",\"id-card\",\"renewal-notice\"],\"auth\":{\"factors\":[\"sms_otp\"],\"otp\":{\"delivery\":\"sms\",\"code_length\":6,\"ttl_seconds\":300}},\"access\":{\"method\":\"portal\",\"max_concurrent_downloads\":1},\"match\":{\"identifiers\":[\"email\",\"date_of_birth\",\"policy_number\"]}}"
  }'

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Buyer Self-Service Portal",
    "recipe": "{\"stakeholderClass\":\"policyholder\",\"artifactTypes\":[\"closing-disclosure\",\"deed\",\"settlement-statement\",\"title-policy\"],\"auth\":{\"factors\":[\"sms_otp\"],\"otp\":{\"delivery\":\"sms\",\"code_length\":6,\"ttl_seconds\":300}},\"access\":{\"method\":\"portal\",\"max_concurrent_downloads\":1},\"match\":{\"identifiers\":[\"email\",\"date_of_birth\",\"file_number\"]}}"
  }'

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Patient Self-Service Portal",
    "recipe": "{\"stakeholderClass\":\"policyholder\",\"artifactTypes\":[\"explanation-of-benefits\",\"lab-results\",\"visit-summary\",\"immunization-record\",\"discharge-summary\"],\"auth\":{\"factors\":[\"sms_otp\"],\"otp\":{\"delivery\":\"sms\",\"code_length\":6,\"ttl_seconds\":300}},\"access\":{\"method\":\"portal\",\"max_concurrent_downloads\":1},\"match\":{\"identifiers\":[\"email\",\"date_of_birth\",\"member_id\"]}}"
  }'

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Borrower Self-Service Portal",
    "recipe": "{\"stakeholderClass\":\"policyholder\",\"artifactTypes\":[\"loan-estimate\",\"closing-disclosure\",\"promissory-note\",\"payment-schedule\"],\"auth\":{\"factors\":[\"sms_otp\"],\"otp\":{\"delivery\":\"sms\",\"code_length\":6,\"ttl_seconds\":300}},\"access\":{\"method\":\"portal\",\"max_concurrent_downloads\":1},\"match\":{\"identifiers\":[\"email\",\"date_of_birth\",\"loan_number\"]}}"
  }'

Example: Auditor Time-Boxed Access

Badge ID + NDA hash validation, read-only portal, no downloads, auto-expires:

Insurance
Real Estate
Healthcare
Financial Services

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Q1 2025 External Audit — Deloitte",
    "recipe": "{\"stakeholderClass\":\"auditor\",\"artifactTypes\":[\"*\"],\"auth\":{\"factors\":[\"badge_id\",\"nda_hash\"],\"nda\":{\"hash_algorithm\":\"sha256\",\"require_match\":true}},\"access\":{\"method\":\"portal\",\"read_only\":true,\"download_enabled\":false},\"match\":{\"identifiers\":[\"badge_id\",\"nda_hash\"]},\"constraints\":{\"time_window\":{\"start\":\"2025-01-15T00:00:00Z\",\"end\":\"2025-02-15T00:00:00Z\"},\"auto_expire\":true}}"
  }'

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Q1 2025 RESPA/TRID Compliance Audit",
    "recipe": "{\"stakeholderClass\":\"auditor\",\"artifactTypes\":[\"*\"],\"auth\":{\"factors\":[\"badge_id\",\"nda_hash\"],\"nda\":{\"hash_algorithm\":\"sha256\",\"require_match\":true}},\"access\":{\"method\":\"portal\",\"read_only\":true,\"download_enabled\":false},\"match\":{\"identifiers\":[\"badge_id\",\"nda_hash\"]},\"constraints\":{\"time_window\":{\"start\":\"2025-01-15T00:00:00Z\",\"end\":\"2025-02-15T00:00:00Z\"},\"auto_expire\":true}}"
  }'

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "HHS OIG Investigation — 2025",
    "recipe": "{\"stakeholderClass\":\"auditor\",\"artifactTypes\":[\"*\"],\"auth\":{\"factors\":[\"badge_id\",\"nda_hash\"],\"nda\":{\"hash_algorithm\":\"sha256\",\"require_match\":true}},\"access\":{\"method\":\"portal\",\"read_only\":true,\"download_enabled\":false},\"match\":{\"identifiers\":[\"badge_id\",\"nda_hash\"]},\"constraints\":{\"time_window\":{\"start\":\"2025-01-15T00:00:00Z\",\"end\":\"2025-02-15T00:00:00Z\"},\"auto_expire\":true}}"
  }'

curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
  -H "Authorization: Bearer dk_live_a1b2c3d4..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "OCC Regulatory Examination — Q1 2025",
    "recipe": "{\"stakeholderClass\":\"auditor\",\"artifactTypes\":[\"*\"],\"auth\":{\"factors\":[\"badge_id\",\"nda_hash\"],\"nda\":{\"hash_algorithm\":\"sha256\",\"require_match\":true}},\"access\":{\"method\":\"portal\",\"read_only\":true,\"download_enabled\":false},\"match\":{\"identifiers\":[\"badge_id\",\"nda_hash\"]},\"constraints\":{\"time_window\":{\"start\":\"2025-01-15T00:00:00Z\",\"end\":\"2025-02-15T00:00:00Z\"},\"auto_expire\":true}}"
  }'

Response

{
  "id": "pol_01HQ3P...",
  "dockId": "dock_01HQ3K...",
  "name": "Mortgagee Bulk API Access",
  "recipe": "{\"stakeholderClass\":\"mortgagee\",\"artifactTypes\":[\"declaration-page\",\"certificate-of-insurance\",\"endorsement\"],\"auth\":{\"factors\":[\"shared_passphrase\",\"tls_certificate\"],\"tls\":{\"require_mutual\":true,\"min_version\":\"1.2\"}},\"access\":{\"method\":\"bulk_api\",\"max_batch_size\":10000},\"match\":{\"identifiers\":[\"lender_id\",\"policy_number\"]}}",
  "status": "DRAFT",
  "currentVersion": 1,
  "createdAt": "2025-01-15T11:00:00.000Z"
}

Error Handling

Status	Condition
`400`	`name` or `recipe` is missing or invalid
`400`	`recipe` contains invalid JSON or unknown fields
`401`	Missing or invalid API key
`404`	Dock not found

New policies are always created in DRAFT status. Use the Publish endpoint to promote a policy through the DRAFT -> PILOT -> PRODUCTION lifecycle. The recipe field must be a JSON string — stringify the recipe object before sending.

API Reference

Docks

Artifacts

Recipients

Recipient Groups

Policies

Retrieval

Secrets

Audit

Notifications

Identity

Create a Policy

Create a Policy

Path Parameters

Request Body

Recipe Structure

Example: Mortgagee Bulk API Access

Example: Agent Portal & Download Access

Example: Policyholder Self-Service

Example: Auditor Time-Boxed Access

Response

Error Handling

API Reference

Docks

Artifacts

Recipients

Recipient Groups

Policies

Retrieval

Secrets

Audit

Notifications

Identity

​Create a Policy

​Path Parameters

​Request Body

​Recipe Structure

​Example: Mortgagee Bulk API Access

​Example: Agent Portal & Download Access

​Example: Policyholder Self-Service

​Example: Auditor Time-Boxed Access

​Response

​Error Handling

Create a Policy

Path Parameters

Request Body

Recipe Structure

Example: Mortgagee Bulk API Access

Example: Agent Portal & Download Access

Example: Policyholder Self-Service

Example: Auditor Time-Boxed Access

Response

Error Handling