> ## Documentation Index > Fetch the complete documentation index at: https://gr-docs.aporia.com/llms.txt > Use this file to discover all available pages before exploring further. # Policies API > This REST API documentation outlines methods for managing policies on the Aporia Policies Catalog. It includes detailed descriptions of endpoints for creating, updating, and deleting policies, complete with example requests and responses. ### Get All Policy Templates **Endpoint:** GET `https://guardrails.aporia.com/api/v1/policies` **Headers:** * `Content-Type`: `application/json` * `Authorization`: `Bearer` + Your copied Aporia API key **Response Fields:** The response type is a `list`. each object in the list contains the following fields: The policy type. The policy category. The policy default\_name. Description of the policy. **Response JSON Example:** ```json theme={null} [ { "type": "aporia_guardrails_test", "category": "test", "name": "AGT Test", "description": "Test and verify that Guardrails are activated. Activate the policy by sending the following prompt: X5O!P%@AP[4\\PZX54(P^)7CC)7}$AGT-STANDARD-GUARDRAILS-TEST-MSG!$H+H*" }, { "type": "competition_discussion_on_prompt", "category": "topics", "name": "Competition Discussion - Prompt", "description": "Detects any user attempt to start a discussion including the competition mentioned in the policy." }, { "type": "competition_discussion_on_response", "category": "topics", "name": "Competition Discussion - Response", "description": "Detects any response including reference to the competition mentioned in the policy." }, { "type": "basic_restricted_topics_on_prompt", "category": "topics", "name": "Restricted Topics - Prompt", "description": "Detects any user attempt to start a discussion on the topics mentioned in the policy." }, { "type": "basic_restricted_topics_on_response", "category": "topics", "name": "Restricted Topics - Response", "description": "Detects any response including discussion on the topics mentioned in the policy." }, { "type": "sql_restricted_tables", "category": "security", "name": "SQL - Restricted Tables", "description": "Detects generation of SQL statements with access to specific tables that are considered sensitive. It is recommended to activate the policy and define system tables, as well as other tables with sensitive information." }, { "type": "sql_allowed_tables", "category": "security", "name": "SQL - Allowed tables", "description": "Detects SQL operations on tables that are not within the limits we set in the policy. Any operation on, or with another table that is not listed in the policy, will trigger the action configured in the policy. Enable this policy for achieving the finest level of security for your SQL statements." }, { "type": "sql_read_only_access", "category": "security", "name": "SQL - Read-Only Access", "description": "Detects any attempt to use SQL operations which requires more than read-only access. Activating this policy is important to avoid accidental or malicious run of dangerous SQL queries like DROP, INSERT, UPDATE and others." }, { "type": "sql_load_limit", "category": "security", "name": "SQL - Load Limit", "description": "Detects SQL statements that are likely to cause significant system load and affect performance." }, { "type": "basic_allowed_topics_on_prompt", "category": "topics", "name": "Allowed Topics - Prompt", "description": "Ensures the conversation adheres to specific and well-defined topics." }, { "type": "basic_allowed_topics_on_response", "category": "topics", "name": "Allowed Topics - Response", "description": "Ensures the conversation adheres to specific and well-defined topics." }, { "type": "prompt_injection", "category": "prompt_injection", "name": "Prompt Injection", "description": "Detects any user attempt of prompt injection or jailbreak." }, { "type": "rag_hallucination", "category": "hallucinations", "name": "RAG Hallucination", "description": "Detects any response that carries a high risk of hallucinations, thus maintaining the integrity and factual correctness of the information." }, { "type": "pii_on_prompt", "category": "security", "name": "PII - Prompt", "description": "Detects existence of PII in the user message, based on the configured sensitive data types. " }, { "type": "pii_on_response", "category": "security", "name": "PII - Response", "description": "Detects potential responses containing PII, based on the configured sensitive data types. " }, { "type": "toxicity_on_prompt", "category": "toxicity", "name": "Toxicity - Prompt", "description": "Detects user messages containing toxicity." }, { "type": "toxicity_on_response", "category": "toxicity", "name": "Toxicity - Response", "description": "Detects potential responses containing toxicity." } ] ``` ### Get Specific Policy Template **Endpoint:** GET `https://guardrails.aporia.com/api/v1/policies/{template_type}` **Headers:** * `Content-Type`: `application/json` * `Authorization`: `Bearer` + Your copied Aporia API key **Path Parameters::** The type identifier of the policy template to retrieve. **Response Fields:** The policy type. The policy category. The policy default name. Description of the policy. **Response JSON Example:** ```json theme={null} { "type": "competition_discussion_on_prompt", "category": "topics", "name": "Competition Discussion - Prompt", "description": "Detects any user attempt to start a discussion including the competition mentioned in the policy." } ``` ### Create Custom Policy **Endpoint:** POST `https://guardrails.aporia.com/api/v1/policies/custom_policy` **Headers:** * `Content-Type`: `application/json` * `Authorization`: `Bearer` + Your copied Aporia API key **Request Fields:** The name of the custom policy. The target of the policy - either `prompt` or `response`. There are 2 configuration modes for custom policy - `simple` and `advanced`, each with it's own condition config. For simple mode, the following parameters must be passed: * evaluation\_instructions - Instructions that define how the policy should evaluate inputs. * modality - Defines whether instructions trigger a violation if they evaluate to `TRUE` or `FALSE`. ```json theme={null} { "configuration_mode": "simple", "evaluation_instructions": "The {answer} is relevant to the {question}", "modality": "violate" } ``` For advanced mode, the following parameters must be passed: * system\_prompt - The system prompt that will be passed to the LLM * top\_p - Top-P sampling probability, between 0 and 1. Defaults to 1. * temperature - Sampling temperature to use, between 0 and 2. Defaults to 1. * modality - Defines whether instructions trigger a violation if they evaluate to `TRUE` or `FALSE`. ```json theme={null} { "configuration_mode": "advanced", "system_prompt": "You will be given a question and an answer, return TRUE if the answer is relevent to the question, return FALSE otherwise. {question} {answer}", "top_p": 1.0, "temperature": 0, "modality": "violate" } ``` **Response Fields:** The custom policy type identifier. The policy category, typically 'custom' for user-defined policies. The default name for the policy template, as provided in the request. A description of the policy based on the evaluation instructions. **Response JSON Example:** ```json theme={null} { "type": "custom_policy_e1dd9b4a-84e5-4a49-9c59-c62dd94572ae", "category": "custom", "name": "Your Custom Policy Name", "description": "Evaluate whether specific conditions are met as per the provided instructions." } ``` ### Edit Custom Policy **Endpoint:** PUT `https://guardrails.aporia.com/api/v1/policies/custom_policy/{custom_policy_type}` **Headers:** * `Content-Type`: `application/json` * `Authorization`: `Bearer` + Your copied Aporia API key **Path Parameters:** The custom policy type identifier to update. Returned from `Create Custom Policy` endpoint. **Request Fields:** The name of the custom policy. The target of the policy - either `prompt` or `response`. There are 2 configuration modes for custom policy - `simple` and `advanced`, each with it's own condition config. For simple mode, the following parameters must be passed: * evaluation\_instructions - Instructions that define how the policy should evaluate inputs. * modality - Defines whether instructions trigger a violation if they evaluate to `TRUE` or `FALSE`. ```json theme={null} { "configuration_mode": "simple", "evaluation_instructions": "The {answer} is relevant to the {question}", "modality": "violate" } ``` For advanced mode, the following parameters must be passed: * system\_prompt - The system prompt that will be passed to the LLM * top\_p - Top-P sampling probability, between 0 and 1. Defaults to 1. * temperature - Sampling temperature to use, between 0 and 2. Defaults to 1. * modality - Defines whether instructions trigger a violation if they evaluate to `TRUE` or `FALSE`. ```json theme={null} { "configuration_mode": "advanced", "system_prompt": "You will be given a question and an answer, return TRUE if the answer is relevent to the question, return FALSE otherwise. {question} {answer}", "top_p": 1.0, "temperature": 0, "modality": "violate" } ``` **Response Fields:** The custom policy type identifier. The policy category, typically 'custom' for user-defined policies. The default name for the policy template. Updated description of the policy based on the new evaluation instructions. **Response JSON Example:** ```json theme={null} { "type": "custom_policy_e1dd9b4a-84e5-4a49-9c59-c62dd94572ae", "category": "custom", "name": "Your Custom Policy Name", "description": "Evaluate whether specific conditions are met as per the new instructions." } ``` ### Delete Custom Policy **Endpoint:** DELETE `https://guardrails.aporia.com/api/v1/policies/custom_policy/{custom_policy_type}` **Headers:** * `Content-Type`: `application/json` * `Authorization`: `Bearer` + Your copied Aporia API key **Path Parameters:** The custom policy type identifier to delete. Returned from `Create Custom Policy` endpoint. **Response:** `200` OK ### Create policies for multiple projects **Endpoint:** PUT `https://guardrails.aporia.com/api/v1/policies/` **Headers:** * `Content-Type`: `application/json` * `Authorization`: `Bearer` + Your copied Aporia API key **Request Fields:** The project ids to create the policies in A list of policies to create. List of policies, each Policy has the following attributes: `policy_type` (string), `priority` (int), `condition` (dict), `action` (dict).