List policies

GET

/v1/admin/policies

AUTHORIZATION: - ApiKeyAuth: Tenant can list their own policies only (scoped by authenticated tenant) - AdminKeyAuth: Accepted as alternative for read access (dual-auth).
When using AdminKeyAuth, tenant_id query parameter is REQUIRED for scoping.

Authorizations

ApiKeyAuth

Tenant-scoped API key for runtime operations (consistent with Cycles Protocol)

Type

API Key (header: X-Cycles-API-Key)

or

AdminKeyAuth

Administrative API key with full system access. Also accepted as an alternative to ApiKeyAuth on an explicit per-operation allowlist — the authoritative list is the union of operations whose security: block declares AdminKeyAuth (consult per-operation security blocks rather than this prose, which has historically drifted as the dual-auth surface expanded). When using AdminKeyAuth on list or fund endpoints, a tenant scoping parameter (typically tenant or tenant_id) is required for scoping (400 if missing) — the per-operation description specifies which. Lookup-style endpoints that uniquely identify a resource by non-tenant key (e.g. GET /v1/admin/budgets/lookup, where the (scope, unit) pair is unique) do NOT require a tenant parameter. Allowlisting is per-operation (exact method:path matching — no prefix matching, no wildcards) so new endpoints do not accidentally inherit admin-accessible status.

Type

API Key (header: X-Admin-API-Key)

Parameters

Query Parameters

tenant_id

When using ApiKeyAuth: ignored — the authenticated tenant from the API key is always used for scoping. When using AdminKeyAuth: REQUIRED — specifies which tenant's policies to list. Returns 400 if missing when using AdminKeyAuth.

Type

string

scope_pattern

Type

string

status

Type

string

Valid values

"ACTIVE""DISABLED"

has_action_quotas

Optional. Filter to policies that have at least one action quota configured. Only meaningful on servers implementing the v0.1.26 action-quotas extension. Servers that don't recognize this parameter MUST ignore it without error (additive-parameter guarantee).

Type

boolean

references_action_kind

Optional. Filter to policies that mention the given action_kind in any quota rule or access control list. Enables incident investigation ("which policies block payment.charge?"). Only meaningful on servers implementing the v0.1.26 action-kinds extension. Servers that don't recognize this parameter MUST ignore it without error (additive-parameter guarantee).

Type

string

Max Length

64

cursor

Type

string

limit

Type

integer

Default

50

Responses

Policy list

Content-Type

application/json

{

  

"policies": [

  

  

{

  

  

  

"policy_id": "string",

  

  

  

"name": "string",

  

  

  

"description": "string",

  

  

  

"scope_pattern": "string",

  

  

  

"priority": 0,

  

  

  

"caps": {

  

  

  

  

"max_tokens": 0,

  

  

  

  

"max_steps_remaining": 0,

  

  

  

  

"tool_allowlist": [

  

  

  

  

  

"string"

  

  

  

  

],

  

  

  

  

"tool_denylist": [

  

  

  

  

  

"string"

  

  

  

  

],

  

  

  

  

"cooldown_ms": 0

  

  

  

},

  

  

  

"commit_overage_policy": "string",

  

  

  

"reservation_ttl_override": {

  

  

  

  

"default_ttl_ms": 0,

  

  

  

  

"max_ttl_ms": 0,

  

  

  

  

"max_extensions": 0

  

  

  

},

  

  

  

"rate_limits": {

  

  

  

  

"max_reservations_per_minute": 0,

  

  

  

  

"max_commits_per_minute": 0

  

  

  

},

  

  

  

"status": "string",

  

  

  

"effective_from": "string",

  

  

  

"effective_until": "string",

  

  

  

"created_at": "string",

  

  

  

"updated_at": "string"

  

  

}

  

],

  

"next_cursor": "string",

  

"has_more": true

}

GET

/v1/admin/policies

Playground

Authorization

ApiKeyAuth

Variables

Key

Value

tenant_id

scope_pattern

status

has_action_quotas

references_action_kind

cursor

limit

Samples

Powered by VitePress OpenAPI