⚙️
API Reference
  • Introduction
  • Features
  • Roadmaps & Requests
  • Frequently Asked Questions
  • Release notes
  • 💡START HERE
    • Terminology
    • Identity and Access Management (IAM)
      • Overview
      • Users in IAM
      • Policies in IAM
      • Roles in IAM
      • Security best practices
    • Dynamic Objects
      • Object Definition
      • Field Definition
      • Data Validation
      • Data Security
        • Encryption
      • Version Control
      • Audit Logs
    • System Architecture Diagram
    • How-To Guides
      • Clinic Project
  • 🔌CORE API Reference
    • Overview
    • Auth
    • Projects
    • Organization
    • Users
    • Roles
    • Policies
    • Objects
    • Item
    • Files
    • Notifications
    • API Request History
    • Auto-Documentation
    • Branches & Merging
    • API Performance
  • ☁️[Coming SOON] YOUR ACCELERATOR PLATFORM ACCOUNT
    • Help and Support
    • Account Page
    • Billing
    • Upgrading an Instance
    • Adjust Server Performance
    • Custom Domain
    • Change Server Region
    • Manage Team
    • API Rate Limit
    • Developer API
  • 🔓SECURITY AND COMPLIANCE
    • Best Practices
    • SOC 2 Type 2 & SOC 3
    • GDPR
    • HIPAA
    • ISO 27001:2013
    • ISO 9001:2015
    • Penetration Testing
  • Accelerator Platform - Core APIs
  • Identity and Access Management
Powered by GitBook
On this page
  1. CORE API Reference

Policies

"Policies" in our accelerator product refers to the predefined rules and guidelines that govern the behavior and access control of users, objects, and resources within the system. These policies define the permissions, restrictions, and conditions that determine how users can interact with the platform and its components.

Policies Data Model

Name
Data Type
Description

_id

ObjectId

System-generated unique identifier assigned to each role.

_createdAt

Date

System-generated timestamp that denotes the date and time when a policy was created.

_createdBy

String

System-generated field that indicates the account who created.

_modifiedAt

Date

System-generated generated timestamp that denotes the date and time when a policy was modified.

_modifiedBy

String

System-generated field that indicates the account who modified.

name

String

Represents the name of the policy in the system.

label

String

Represents the label of the policy in the system.

description

String

Represents the description of the policy in the system.

version

String

Represents the version of the policy in the system.

type

String

Represents the type of the policy in the system. Currently we have a "ObjectControl" type in the system.

org

String

Represents the organization associated with the policy in the system.

object

String

Represents the role/object associated with the policy in the system.

fields

ObjectArray

Represents the definition of all the columns associated with the policy in the system.

fields.read

Array

Represents the list of readable columns associated with the policy in the system.

fields.write

Array

Represents the list of writeable columns associated with the policy in the system.

condition

Object

Represents the list conditions associated with the policy in the system.

condition.stringEquals

Object

Represents the condition which will be applied to the policy in the system.

Example Policies

{
    "_id":
        {
            "$oid":"64392c1d862be321e3598f63"
        },
    "_createdAt":
        {
            "$date":
                {
                    "$numberLong":"1681468445347"
                }
        },
    "_createdBy":"john@email.com",
    "_modifiedAt":
        {
            "$date":
                {
                    "$numberLong":"1681468445347"
                }
        },
    "_modifiedBy":"john@email.com",
    "name":"providerDataAccess",
    "label":"Provider Data Access",
    "description":null,
    "version":"2023-01",
    "type":"ObjectControl",
    "org":"64392b37862be321e3598f58",
    "object":"Providers",
    "fields":
        {
            "read":"*",
            "write":
                [
                    "name",
                    "email"
                ]
        },
    "condition":
        {
            "stringEquals":
                {
                    "email":"{{user.email}}"
                }
        }
}
PreviousRolesNextObjects

Last updated 1 year ago

🔌

Get all Policies

get
Authorizations
Responses
200
Success
401
Unauthorized
403
Forbidden
get
GET //api/v1/GetPolicies HTTP/1.1
Host: api-qa.accelerator-platform.com
Authorization: YOUR_API_KEY
Accept: */*

No content

Get a Policy

get
Authorizations
Path parameters
idstringRequired
Responses
200
Success
401
Unauthorized
403
Forbidden
get
GET //api/v1/GetPolicy/{id} HTTP/1.1
Host: api-qa.accelerator-platform.com
Authorization: YOUR_API_KEY
Accept: */*

No content

  • Policies Data Model
  • Example Policies
  • POSTCreate a Policy
  • GETGet all Policies
  • GETGet a Policy

Create a Policy

post

Sample request:

POST api/v1/CreatePolicy
{        
  "name": "PatientDataAccess",
  "label": "Patient Data Access",
  "description": "Policy to allow access to patient data",
  "version": "2023-01",
  "type": "ObjectControl",
  "object": "Patient",
  "fields": {
    "read": "*",
    "write": ["name", "address", "phone"]
  }, 
  "condition": {
    "stringEquals": {
      "email": "{{user.email}}"
    }
  }
}
Authorizations
Body
namestringRequiredPattern: ^[a-zA-Z0-9_]*$
labelstring | nullableOptional
descriptionstring | nullableOptional
versionstringRequired
typestringRequired
objectstringRequired
Responses
200
Success
401
Unauthorized
403
Forbidden
post
POST //api/v1/CreatePolicy HTTP/1.1
Host: api-qa.accelerator-platform.com
Authorization: YOUR_API_KEY
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 197

{
  "name": "text",
  "label": "text",
  "description": "text",
  "version": "text",
  "type": "text",
  "object": "text",
  "fields": {
    "ANY_ADDITIONAL_PROPERTY": "anything"
  },
  "condition": {
    "ANY_ADDITIONAL_PROPERTY": "anything"
  }
}

No content