Auto Policy Waiver REST API
The Auto Policy Waiver REST API allows you to manage the configuration of Automated Waivers for an organization or application.
Using this REST API you can create a new Automated Waiver configuration or retrieve, update or delete an existing Automated Waiver configuration.
Permissions Required: Waive Policy Violations
Methods supported:
GET
POST
PUT
DELETE
GET Existing Automated Waivers
GET /api/v2/autoPolicyWaivers/{ownerType: application|organization}/{ownerId}Use this method to retrieve the configuration of all Automated Waivers for the specified ownerType and ownerId.
Input Parameter | Required | Description |
|---|---|---|
ownerType | Yes | Values can be application or organization. |
ownerId | Yes | The identifier for application or organization specified as ownerType. |
autoPolicyWaiverId | No | The identifier for a specific Automated Waiver. |
Example:
To retrieve the Automated Waiver configuration details for an organization, the field ownerType is organization, followed by the organizationId.
curl -X GET -u admin:admin123 http://localhost:8070/api/v2/autoPolicyWaivers/organization/<organizationId>
To retrieve the Automated Waiver configuration details for a specific auto-waiver, you can specify the autoPolicyWaiverId as below:
GET /{ownerType: application|organization}/{ownerId}/{autoPolicyWaiverId}Response:
The response contains a list of Automated Waivers grouped by autoPolicyWaiverId.
{
"autoPolicyWaiverId": "8dae7860ca9d4e26a91371ab156e2080",
"ownerId": "5b6c0dde3b0e415487dd0c92220d105c",
"ownerType": "application",
"ownerName": "waiver-test",
"publicId": "waiver-test",
"threatLevel": 7,
"reachable": null,
"pathForward": true,
"creatorId": "admin",
"creatorName": "Admin BuiltIn",
"createTime": "2024-12-11T03:06:41.985+0000"
}Output Parameters | Description |
|---|---|
autoPolicyWaiverId | The unique identifier for the Automated Waiver. |
ownerId | The identifier for the requested application or organization (depends on the value of ownerType). |
ownerType | The scope of the request i.e. organization or application. |
ownerName | The name of the organization or application (depends on the value of ownerType). |
publicId | The application or organization name (not internal identifier). |
threatLevel | The maximum threat level of policy violation that can be automatically waived. |
reachable | Indicates if the Automated Waiver is applied because the violation is not reachable. |
pathForward | Indicates if the Automated Waiver is applied because there is no path forward. |
creatorId | Indicates the userId for the user who configured the Automated Waiver. |
creatorName | The name associated with the creatorId. |
createTime | The time when the Automated Waiver configuration was created. |
If a security policy violation is configured for Automated Waivers both at the organization level and application level, there response retrieves the details for the automated waiver applied at the application level.
To retrieve the status of an existing Automated Waiver for an organization or application, you can send a request as below:
curl -X GET -u admin:admin123 http://localhost:8070/api/v2/autoPolicyWaivers/organization/<organizationId>/status
Response:
The response contains the status for the specified Automated Waiver.
Ouput Parameters | Description |
|---|---|
isAutoWaiverEnabled | Indicates if the Automated Waiver Configuration is enabled for the organization or application. |
isInherited | Indicates if the Automated Waiver Configuration is inherited from a parent organization in the hierarchy. |
autoPolicyWaiverId | The identifier for the Automated Waiver. |
autoPolicyWaiverOwnerId | Is the identifier of the parent organization or application for which the Automated Waiver is configured. |
autoPolicyWaiverOwnerName | Is the name of the parent organization or application for which the Automated Waiver is configured. |
POST New Automated Waiver
POST /api/v2/autoPolicyWaivers/{ownerType: application|organization}/{ownerId}Use this method to create a new Automated Waiver configuration for a policy violation at the application or organization level.
Input Parameters | Description |
|---|---|
ownerType | The scope of the request i.e. organization or application. |
ownerId | The identifier for the requested application or organization (depends on the value of ownerType). |
threatLevel | The maximum threat level of the policy violation for which Automated Waivers can be created. |
pathForward | Set to true if the Automated Waiver is created for policy violations that have no path forward. |
reachable | Set to true if the Automated Waiver is created for policy violations that are not reachable. (remove reachable) |
Example:
curl -X POST -u admin:admin123 -H "Content-Type: application/json" -d '{"threatLevel": "5", "pathForward": "true", "reachable": "false"}' http://localhost:8070/api/v2/autoPolicyWaivers/organization/9cee7b6754f04d10a168fa8e32a265f0Response:
The response contains the configuration details for the Automated Waiver created.
{
"autoPolicyWaiverId": "bd68235902a448428abb9ee789899f91",
"ownerId": "5b6c0dde3b0e415487dd0c92220d105c",
"threatLevel": 9,
"reachable": false,
"pathForward": true,
"creatorId": "admin",
"creatorName": "Admin BuiltIn",
"createTime": "2024-12-26T16:23:10.073+0000"
}PUT To Update An Existing Automated Waiver
PUT /api/v2/autoPolicyWaivers/{ownerType: application|organization}/{ownerId}/{autoPolicyWaiverId}Use this method to update an existing configuration of an Automated Waiver by providing the applicationId/organizationId and the autoPolicyWaiverId
Input Parameters | Required | Description |
|---|---|---|
ownerType | Yes | The scope of the request i.e. organization or application. |
ownerId | Yes | The identifier for the requested application or organization (depends on the value of ownerType). |
autoPolicyWaiverId | Yes | The identifier for the Automated Waiver to be updated. |
threatLevel | Yes | The threat level of the policy violation for which Automated Waiver is created. |
pathForward | Either pathForward or reachable is required; both cannot be null | Set to true if the Automated Waiver is being created for policy violations that have no path forward. |
reachable | Either pathForward or reachable is required; both cannot be null | Set to true if the Automated Waiver is being created for policy violations that are not reachable. |
Example:
curl -X PUT -u admin:admin123 -H "Content-Type: application/json" -d '{"threatLevel": "1", "pathForward": "true", "reachable": "false", "autoPolicyWaiverId": "ead479f981d94d37958539f56642c365", "ownerId": "9cee7b6754f04d10a168fa8e32a265f0"}'Response:
The response contains details of the updated Automated Waiver.
{
"autoPolicyWaiverId": "bd68235902a448428abb9ee789899f91",
"ownerId": "5b6c0dde3b0e415487dd0c92220d105c",
"threatLevel": 9,
"reachable": false,
"pathForward": true,
"creatorId": "admin",
"creatorName": "Admin BuiltIn",
"createTime": "2024-12-26T16:23:10.073+0000"
}DELETE An Existing Automated Waiver
DELETE /api/v2/autoPolicyWaivers/{ownerType: application|organization}/{ownerId}/{autoPolicyWaiverId}Use this method to delete and an existing configuration for Automated Waiver by providing the autoPolicyWaiverId.
Input Parameter | Required | Description |
|---|---|---|
ownerType | Yes | Values can be application or organization. |
ownerId | Yes | The identifier for application or organization specified as ownerType. |
autoPolicyWaiverId | Yes | The identifier for a specific Automated Waiver. |
Example:
curl -X DELETE -u admin:admin123 http://localhost:8070/api/v2/autoPolicyWaivers/organization/<organizationId>/<autoPolicyWaiverId>
A response code 204 indicates that the Automated Waiver was deleted successfully.