Create Access Request Policy
Create policies that control access request approval workflows
Overview
Creates an access request policy that defines JIT access, approval workflows, and expiration settings.
post
Authorizations
Body
namestringOptional
descriptionstringOptional
jit_definitionall ofOptional
These are the definitions that make up the policy
Responses
200
OK
application/json
default
Default error response
application/json
post
/api/private/lifecycle_management/access_request_policiesPOST /api/private/lifecycle_management/access_request_policies HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 829
{
"name": "text",
"description": "text",
"jit_definition": {
"allow_unlimited": true,
"min_duration_in_seconds": 1,
"max_duration_in_seconds": 1,
"allow_requestor_to_set": true,
"allow_approver_to_modify": true
},
"approver_definition": {
"auto_approve": true,
"steps": [
{
"categories": [
1
],
"other_approver_user_ids": [
"text"
],
"category_entities": {
"ANY_ADDITIONAL_PROPERTY": {
"category": 1,
"entities": [
{
"table": "text",
"primary_key": [
"text"
],
"constraints": [
{
"type": 1,
"field_names": [
"text"
]
}
]
}
]
}
},
"other_approver_group_ids": [
"text"
],
"skip_inactive_approvers": true
}
]
},
"expiration_definition": {
"time_to_expire_in_seconds": 1,
"action_on_expiration": 1,
"escalate_admin": true,
"escalate_app_owner": true,
"escalate_profile_owner": true,
"escalate_approver_manager_level1": true,
"escalate_approver_manager_level2": true,
"escalate_users": [
"text"
],
"escalate_groups": [
"text"
]
}
}{
"value": {
"id": "text",
"name": "text",
"description": "text",
"current_version_number": 1,
"draft_version_number": 1,
"state": 1,
"require_approval_to_start": true,
"used_by": [
{
"type": 1,
"id": "text"
}
],
"created_by": "text",
"created_at": "2025-11-08T03:43:32.753Z",
"updated_at": "2025-11-08T03:43:32.753Z",
"rbac_id": "text"
},
"version": {
"policy_id": "text",
"version_number": 1,
"state": 1,
"jit_definition": {
"allow_unlimited": true,
"min_duration_in_seconds": 1,
"max_duration_in_seconds": 1,
"allow_requestor_to_set": true,
"allow_approver_to_modify": true
},
"approval_definition": {
"auto_approve": true,
"steps": [
{
"categories": [
1
],
"other_approver_user_ids": [
"text"
],
"category_entities": {
"ANY_ADDITIONAL_PROPERTY": {
"category": 1,
"entities": [
{
"table": "text",
"primary_key": [
"text"
],
"constraints": [
{
"type": 1,
"field_names": [
"text"
]
}
]
}
]
}
},
"other_approver_group_ids": [
"text"
],
"skip_inactive_approvers": true
}
]
},
"expiration_definition": {
"time_to_expire_in_seconds": 1,
"action_on_expiration": 1,
"escalate_admin": true,
"escalate_app_owner": true,
"escalate_profile_owner": true,
"escalate_approver_manager_level1": true,
"escalate_approver_manager_level2": true,
"escalate_users": [
"text"
],
"escalate_groups": [
"text"
]
},
"created_by": "text",
"created_at": "2025-11-08T03:43:32.753Z",
"updated_at": "2025-11-08T03:43:32.753Z",
"published_by": "text",
"published_at": "2025-11-08T03:43:32.753Z",
"rbac_id": "text"
}
}Examples
Policy with Auto-Approval
curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/access_request_policies" \
-H "authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Development Team Auto-Approve",
"description": "Auto-approve access requests for development resources",
"approver_definition": {
"auto_approve": true,
"steps": []
}
}'Policy with Manual Approval Steps
curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/access_request_policies" \
-H "authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Production Access Approval",
"description": "Require security team approval for production access",
"approver_definition": {
"auto_approve": false,
"steps": [
{
"categories": ["ADMIN"],
"other_approver_user_ids": ["user-123", "user-456"],
"other_approver_group_ids": [],
"category_entities": {},
"skip_inactive_approvers": false
}
]
}
}'Policy with JIT Access
curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/access_request_policies" \
-H "authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Temporary Admin Access",
"description": "Allow time-limited admin access",
"jit_definition": {
"allow_unlimited": false,
"min_duration_in_seconds": 3600,
"max_duration_in_seconds": 86400,
"allow_requestor_to_set": true,
"allow_approver_to_modify": true
},
"approver_definition": {
"auto_approve": false,
"steps": [
{
"categories": ["ADMIN"]
}
]
}
}'Policy with Expiration Settings
curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/access_request_policies" \
-H "authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Access with Auto-Reject",
"description": "Reject requests that are not approved within 48 hours",
"expiration_definition": {
"time_to_expire_in_seconds": 172800,
"action_on_expiration": "REJECT"
},
"approver_definition": {
"auto_approve": false,
"steps": [
{
"categories": ["APP_OWNER"]
}
]
}
}'Response
{
"value": {
"id": "policy-123456",
"name": "Production Access Approval",
"description": "Require security team approval for production access",
"current_version_number": 1,
"draft_version_number": 1,
"state": "INITIAL",
"require_approval_to_start": false,
"used_by": [],
"created_by": "user-123",
"created_at": "2025-08-22T10:30:00Z",
"updated_at": "2025-08-22T10:30:00Z",
"rbac_id": "policy-rbac-123456"
},
"version": {
"policy_id": "policy-123456",
"version_number": 1,
"state": "DRAFT",
"approval_definition": {
"auto_approve": false,
"steps": [
{
"categories": ["ADMIN"],
"other_approver_user_ids": ["user-123", "user-456"],
"other_approver_group_ids": [],
"category_entities": {},
"skip_inactive_approvers": false
}
]
},
"created_by": "user-123",
"created_at": "2025-08-22T10:30:00Z",
"updated_at": "2025-08-22T10:30:00Z",
"rbac_id": "version-rbac-123456"
}
}Last updated
Was this helpful?