Skip to main content
Version: 26.1

Manage policy packages using the API

In addition to the Policy editor in the Authorization Hub user interface, you can manage ALFA policy packages programmatically using the ADM API. This is useful when integrating policy management into CI/CD pipelines or external tooling.

Key parameters

When handling policy packages through the API, use the following values:

ParameterValueNotes
namespaceYour project IDYou can retrieve the namespace through:
- the GET /projects endpoint
- the Authorization Hub interface after opening the project and extracting it from the URL. For example, in https://sample.hub.domain/projects/e00f12c8-8f3a-40ac-81a7-5a762abc7288/dashboard, the namespace is e00f12c8-8f3a-40ac-81a7-5a762abc7288.
policyPackageNamepolicypackageHardcoded in Authorization Hub, there is exactly one policy package per project.

Updating a policy package

When updating a policy package using the API (PATCH), only the alfaSpecifications object can be modified. When you submit a request:

  • Unspecified files remain intact. Only the files you include in the request are affected.
  • To delete a file, explicitly set its contents to null.

Attribute requirements

There is an important difference in how attributes are handled depending on whether you use the UI or the API.

UI:

  • The attribute-dictionary.alfa file is auto-generated from the Dictionary and stored automatically with every save.
  • A jsonAttributes file (a JSON representation of the attributes actively referenced in the policy) is also generated and stored automatically.

API:

  • You do not need to provide an attribute-dictionary.alfa file.
  • However, the ALFA definitions of all attributes used in the policy must be present within one or more of the files included in the policy package. If attribute definitions are missing, the domain compose step will fail.
note

Attributes defined only in ALFA files (and not added to the Dictionary) cannot be used in attribute connector configurations as provided or key attributes, and no caching configuration can be applied to them.

API reference

The full schema and endpoint definitions for the ADM service are available in the Swagger UI:

http(s)://<authorization-hub-url>/api/adm-service/swagger-ui/index.html