Policies API
Manage data loss prevention (DLP) policies programmatically. Policies define rules that determine what action (Block, Coach, or Log) to take on AI interactions.
Create Policy
Define a new policy with conditions and actions.
Endpoint: POST /api/v1/policies
Request:
curl -X POST https://api.noxys.cloud/api/v1/policies \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Block PII on ChatGPT",
"description": "Prevent users from submitting sensitive data to ChatGPT",
"rules": {
"action": "block",
"conditions": [
{
"field": "platform_id",
"operator": "eq",
"value": "chatgpt"
},
{
"field": "classification_count",
"operator": "gte",
"value": "1"
}
]
},
"enabled": true,
"priority": 10
}'
Required Fields:
| Field | Type | Description |
|---|---|---|
name | String | Policy name (unique within tenant) |
rules | Object | Action + conditions (see Rules Schema below) |
Optional Fields:
| Field | Type | Default | Description |
|---|---|---|---|
description | String | "" | Human-readable description |
enabled | Boolean | false | Policy is active if true |
priority | Integer | 100 | Evaluation order (lower = higher priority) |
Rules Schema:
{
"action": "block",
"conditions": [
{
"field": "platform_id",
"operator": "eq",
"value": "chatgpt"
},
{
"field": "risk_score",
"operator": "gte",
"value": "0.8"
},
{
"field": "classifications",
"operator": "contains",
"value": "EMAIL"
}
]
}
Action (required):
block— Prevent interaction from reaching AI servicecoach— Warn user (non-blocking, yellow banner)log— Record silently (no user notification)
Conditions (required, all conditions must match for policy to trigger):
| Field | Operator | Value | Example |
|---|---|---|---|
platform_id | eq, ne, in | String or array | chatgpt, ["chatgpt", "claude"] |
risk_score | eq, lt, lte, gt, gte | Float | 0.8, 0.5 |
classification_count | eq, lt, lte, gt, gte | Integer | 1, 5 |
classifications | contains, not_contains | String | EMAIL, PHONE, CREDIT_CARD |
source | eq, ne, in | String | browser_extension, proxy, api |
direction | eq | String | outbound, inbound |
user_id | eq, ne | UUID | User UUID |
Response (201 Created):
{
"id": "c8d4e2f1-aaaa-bbbb-cccc-000000000001",
"tenant_id": "00000000-0000-0000-0000-000000000001",
"name": "Block PII on ChatGPT",
"description": "Prevent users from submitting sensitive data to ChatGPT",
"rules": {
"action": "block",
"conditions": [...]
},
"enabled": true,
"priority": 10,
"created_at": "2026-03-20T10:00:00Z",
"updated_at": "2026-03-20T10:00:00Z",
"created_by": "alice@acme.fr"
}
List Policies
Query all policies in your organization.
Endpoint: GET /api/v1/policies
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
page | Integer | Page number (default: 1) |
limit | Integer | Items per page (default: 50, max: 500) |
enabled | Boolean | Filter by enabled status (true/false) |
sort | String | Sort field: name, priority, created_at, with optional - prefix for descending |
Example — List Enabled Policies:
curl "https://api.noxys.cloud/api/v1/policies?enabled=true&sort=priority" \
-H "Authorization: Bearer $TOKEN"
Response (200 OK):
{
"policies": [
{
"id": "c8d4e2f1-aaaa-bbbb-cccc-000000000001",
"name": "Block PII on ChatGPT",
"enabled": true,
"priority": 10,
"action": "block",
"created_at": "2026-03-20T10:00:00Z",
"created_by": "alice@acme.fr"
},
{
"id": "d9e5f3g2-bbbb-cccc-dddd-000000000002",
"name": "Coach on Gemini",
"enabled": true,
"priority": 20,
"action": "coach",
"created_at": "2026-03-19T14:00:00Z",
"created_by": "bob@acme.fr"
}
],
"total": 5
}
Get Policy
Retrieve a single policy by ID.
Endpoint: GET /api/v1/policies/:id
Example:
curl https://api.noxys.cloud/api/v1/policies/c8d4e2f1-aaaa-bbbb-cccc-000000000001 \
-H "Authorization: Bearer $TOKEN"
Response (200 OK): Full policy object.
If not found (404):
{
"error": "Policy not found"
}
Update Policy
Modify an existing policy.
Endpoint: PUT /api/v1/policies/:id
Request:
curl -X PUT https://api.noxys.cloud/api/v1/policies/c8d4e2f1-aaaa-bbbb-cccc-000000000001 \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Block PII on ChatGPT (Updated)",
"description": "Updated description",
"priority": 5,
"rules": {
"action": "block",
"conditions": [
{
"field": "platform_id",
"operator": "eq",
"value": "chatgpt"
},
{
"field": "risk_score",
"operator": "gte",
"value": "0.9"
}
]
},
"enabled": true
}'
Fields: All fields from create are optional for update (partial updates supported).
Response (200 OK): Updated policy object.
Enable/Disable Policy
Toggle a policy without modifying its rules.
Endpoint: PATCH /api/v1/policies/:id/toggle
Request:
curl -X PATCH https://api.noxys.cloud/api/v1/policies/c8d4e2f1-aaaa-bbbb-cccc-000000000001/toggle \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"enabled": false}'
Response (200 OK): Updated policy object with new enabled status.
Delete Policy
Remove a policy permanently.
Endpoint: DELETE /api/v1/policies/:id
Example:
curl -X DELETE https://api.noxys.cloud/api/v1/policies/c8d4e2f1-aaaa-bbbb-cccc-000000000001 \
-H "Authorization: Bearer $TOKEN"
Response (204 No Content) — No response body.
Notes:
- Deletion is immutable
- Audit log records the deletion
- Cannot restore deleted policies; create a new one if needed
Policy Examples
Example 1: Block All High-Risk Interactions
{
"name": "Block high-risk content",
"rules": {
"action": "block",
"conditions": [
{
"field": "risk_score",
"operator": "gte",
"value": "0.9"
}
]
},
"enabled": true,
"priority": 5
}
Example 2: Coach on Email/Phone PII
{
"name": "Coach on sensitive PII",
"rules": {
"action": "coach",
"conditions": [
{
"field": "classifications",
"operator": "contains",
"value": "EMAIL"
},
{
"field": "classification_count",
"operator": "gte",
"value": "1"
}
]
},
"enabled": true,
"priority": 20
}
Example 3: Block PII on Specific Platforms
{
"name": "Block PII on non-enterprise AI",
"rules": {
"action": "block",
"conditions": [
{
"field": "platform_id",
"operator": "in",
"value": ["chatgpt", "gemini", "perplexity"]
},
{
"field": "classifications",
"operator": "contains",
"value": "CREDIT_CARD"
}
]
},
"enabled": true,
"priority": 1
}
Example 4: Log All Interactions from Proxy
{
"name": "Audit proxy interactions",
"rules": {
"action": "log",
"conditions": [
{
"field": "source",
"operator": "eq",
"value": "proxy"
}
]
},
"enabled": true,
"priority": 100
}
Code Examples
Python: Create and Manage Policies
import requests
BASE_URL = "https://api.noxys.cloud/api/v1"
TOKEN = "eyJhbGc..."
headers = {"Authorization": f"Bearer {TOKEN}"}
# 1. Create policy
policy_data = {
"name": "Block financial data",
"description": "Prevent credit card and IBAN exposure",
"rules": {
"action": "block",
"conditions": [
{
"field": "classifications",
"operator": "contains",
"value": "CREDIT_CARD"
},
{
"field": "classifications",
"operator": "contains",
"value": "IBAN"
}
]
},
"enabled": True,
"priority": 5
}
response = requests.post(f"{BASE_URL}/policies", headers=headers, json=policy_data)
policy_id = response.json()["id"]
print(f"Created policy: {policy_id}")
# 2. List all policies
response = requests.get(f"{BASE_URL}/policies?enabled=true", headers=headers)
policies = response.json()["policies"]
for policy in policies:
print(f" {policy['name']} (priority: {policy['priority']}, action: {policy['action']})")
# 3. Update policy
update_data = {
"priority": 1,
"description": "High-priority financial protection"
}
response = requests.put(
f"{BASE_URL}/policies/{policy_id}",
headers=headers,
json=update_data
)
print(f"Updated policy: {response.json()['priority']}")
# 4. Disable policy
response = requests.patch(
f"{BASE_URL}/policies/{policy_id}/toggle",
headers=headers,
json={"enabled": False}
)
print(f"Disabled: {response.json()['enabled']}")
# 5. Delete policy
requests.delete(f"{BASE_URL}/policies/{policy_id}", headers=headers)
print("Policy deleted")
Go: Create Policy with Conditions
package main
import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http"
)
const BaseURL = "https://api.noxys.cloud/api/v1"
type Condition struct {
Field string `json:"field"`
Operator string `json:"operator"`
Value interface{} `json:"value"`
}
type Rule struct {
Action string `json:"action"`
Conditions []Condition `json:"conditions"`
}
type PolicyRequest struct {
Name string `json:"name"`
Description string `json:"description"`
Rules Rule `json:"rules"`
Enabled bool `json:"enabled"`
Priority int `json:"priority"`
}
func createPolicy(token string) error {
policy := PolicyRequest{
Name: "Block PII on Claude",
Description: "Prevent sensitive data on Claude platform",
Rules: Rule{
Action: "block",
Conditions: []Condition{
{
Field: "platform_id",
Operator: "eq",
Value: "claude",
},
{
Field: "classification_count",
Operator: "gte",
Value: 1,
},
},
},
Enabled: true,
Priority: 10,
}
payload, _ := json.Marshal(policy)
req, _ := http.NewRequest("POST", BaseURL+"/policies", bytes.NewReader(payload))
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
return err
}
defer resp.Body.Close()
if resp.StatusCode != 201 {
body, _ := io.ReadAll(resp.Body)
return fmt.Errorf("API error: %s", string(body))
}
var result map[string]interface{}
json.NewDecoder(resp.Body).Decode(&result)
fmt.Printf("Created policy: %v\n", result["id"])
return nil
}
func main() {
token := "eyJhbGc..."
createPolicy(token)
}
Best Practices
- Use descriptive names — "Block PII on ChatGPT" is better than "Policy 1"
- Set meaningful priorities — Lower priority numbers execute first
- Test before enabling — Create disabled, verify conditions work, then enable
- Document conditions — Use description field to explain the business logic
- Monitor effectiveness — Check alerts and audit logs for policy impact
- Review regularly — Update as your AI usage patterns change
- Use specific conditions — Avoid overly broad rules that create false positives
What's Next?
- Events API — Create and query interactions
- Webhooks — Get notified of policy violations
- Users API — Manage team members