Policy CRUD Create, list, update, and delete conditional-access policies.
Method Path ListPolicies GET /v1/policiesGetPolicy GET /v1/policies/{id}CreatePolicy POST /v1/policiesUpdatePolicy PATCH /v1/policies/{id}DeletePolicy DELETE /v1/policies/{id}
Base URL: https://<Domain id="api"/>
Authentication: Bearer token with policy:write for mutations.
curl -X POST "https://api-id.avnology.net/v1/policies" \
-H "Authorization: Bearer $AVNOLOGY_API_KEY" \
await fetch("https://api-id.avnology.net/v1/policies", {
method: "POST",
headers: {
Authorization: `Bearer ${process.env.AVNOLOGY_API_KEY}`,
"Content-Type": "application/json",
},
body := strings.NewReader(`{
"name":"Admins must MFA off VPN",
"priority":100,
"conditions":[
{"type":"user_group","value":"admins"},
{"type":"network","op":"not_in","value":"cidr:10.0.0.0/8"}
],
"effect":"REQUIRE_MFA"
}`)
import httpx, os
httpx.post(
"https://api-id.avnology.net/v1/policies",
json={
"name": "Admins must MFA off VPN",
"priority": 100,
"conditions": [
curl -X POST "https://api-id.avnology.net/v1/policies" \
-H "Authorization: Bearer $AVNOLOGY_API_KEY" \
await fetch("https://api-id.avnology.net/v1/policies", {
method: "POST",
headers: {
Authorization: `Bearer ${process.env.AVNOLOGY_API_KEY}`,
"Content-Type": "application/json",
},
body := strings.NewReader(`{
"name":"Admins must MFA off VPN",
"priority":100,
"conditions":[
{"type":"user_group","value":"admins"},
{"type":"network","op":"not_in","value":"cidr:10.0.0.0/8"}
],
"effect":"REQUIRE_MFA"
}`)
import httpx, os
httpx.post(
"https://api-id.avnology.net/v1/policies",
json={
"name": "Admins must MFA off VPN",
"priority": 100,
"conditions": [
curl -X POST "https://api-id.avnology.net/v1/policies" \
-H "Authorization: Bearer $AVNOLOGY_API_KEY" \
await fetch("https://api-id.avnology.net/v1/policies", {
method: "POST",
headers: {
Authorization: `Bearer ${process.env.AVNOLOGY_API_KEY}`,
"Content-Type": "application/json",
},
body := strings.NewReader(`{
"name":"Admins must MFA off VPN",
"priority":100,
"conditions":[
{"type":"user_group","value":"admins"},
{"type":"network","op":"not_in","value":"cidr:10.0.0.0/8"}
],
"effect":"REQUIRE_MFA"
}`)
import httpx, os
httpx.post(
"https://api-id.avnology.net/v1/policies",
json={
"name": "Admins must MFA off VPN",
"priority": 100,
"conditions": [
curl -X POST "https://api-id.avnology.net/v1/policies" \
-H "Authorization: Bearer $AVNOLOGY_API_KEY" \
await fetch("https://api-id.avnology.net/v1/policies", {
method: "POST",
headers: {
Authorization: `Bearer ${process.env.AVNOLOGY_API_KEY}`,
"Content-Type": "application/json",
},
body := strings.NewReader(`{
"name":"Admins must MFA off VPN",
"priority":100,
"conditions":[
{"type":"user_group","value":"admins"},
{"type":"network","op":"not_in","value":"cidr:10.0.0.0/8"}
],
"effect":"REQUIRE_MFA"
}`)
import httpx, os
httpx.post(
"https://api-id.avnology.net/v1/policies",
json={
"name": "Admins must MFA off VPN",
"priority": 100,
"conditions": [
Policies evaluate in ascending priority order until the first match. Lower priority wins -- design your policies so that BLOCK policies sit above REQUIRE_MFA above ALLOW.