Policies
Policies control how IndigiArmor handles detected risks — which detection domains are active, what action to take, and at what sensitivity threshold. Each organization can have multiple policies with one marked as default.
Plan requirement: Basic policy CRUD is available on all plans. The domain_thresholds field (per-domain sensitivity tuning) requires the perDomainSensitivity feature, available on Professional plans and above.
GET
/v1/policiesList all policies for your organization.
Response
200 OK
{
"policies": [
{
"id": "uuid",
"name": "Strict PII Detection",
"enabled": true,
"detection_categories": ["pii", "education", "cultural", "reidentification", "injection"],
"action": "block",
"sensitivity_threshold": 0.3,
"custom_rules": {},
"domain_thresholds": { "pii": 0.3, "cultural": 0.2 },
"is_default": true,
"created_at": "2026-01-15T10:00:00Z"
}
]
}POST
/v1/policiesCreate a new detection policy.
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Display name for the policy |
enabled | boolean | No | Whether the policy is active (default: true) |
detection_categories | string[] | No | Active domains: pii, education, cultural, reidentification, injection (default: all) |
action | "allow" | "flag" | "block" | No | Default action when risk is detected (default: "block") |
sensitivity_threshold | number | No | Confidence threshold 0-1 (default: 0.5). Lower = more sensitive |
custom_rules | object | No | Custom rule configuration (default: {}) |
domain_thresholds | object | No | Per-domain sensitivity thresholds. Object mapping domain names to custom threshold values 0-1. Available when the perDomainSensitivity feature is enabled. Example: { "pii": 0.3, "cultural": 0.2 } |
is_default | boolean | No | Set as default policy. Unsets any existing default (default: false) |
Create Response
201 Created
{
"policy": {
"id": "uuid",
"name": "Strict PII Detection",
"enabled": true,
"detection_categories": ["pii", "education"],
"action": "block",
"sensitivity_threshold": 0.3,
"custom_rules": {},
"domain_thresholds": { "pii": 0.3, "cultural": 0.2 },
"is_default": true,
"created_at": "2026-01-15T10:00:00Z"
}
}PUT
/v1/policies/:idUpdate an existing policy. Only include fields you want to change.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | string | Yes | The policy ID |
Update Body
All fields are optional. Only provided fields are updated.
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | No | New display name |
enabled | boolean | No | Enable or disable |
detection_categories | string[] | No | Replace active domains |
action | "allow" | "flag" | "block" | No | Change default action |
sensitivity_threshold | number | No | Change threshold |
custom_rules | object | No | Update custom rule configuration |
domain_thresholds | object | No | Update per-domain sensitivity thresholds. Object mapping domain names to threshold values 0-1. Requires perDomainSensitivity feature. |
is_default | boolean | No | Set or unset as default |
DELETE
/v1/policies/:idDelete a policy permanently.
Delete Response
200 OK
{ "deleted": true }Examples
SDK
// List all policies
const policies = await armor.listPolicies();
// Create a strict policy for PII + education data
const policy = await armor.createPolicy({
name: 'FERPA Compliance',
action: 'block',
sensitivity_threshold: 0.3,
detection_categories: ['pii', 'education'],
is_default: true,
});
// Disable a policy
await armor.updatePolicy(policy.id, { enabled: false });
// Delete a policy
await armor.deletePolicy(policy.id);cURL — Create
curl -X POST https://indigiarmor.com/v1/policies \
-H "Authorization: Bearer ia_sk_..." \
-H "Content-Type: application/json" \
-d '{
"name": "FERPA Compliance",
"action": "block",
"sensitivity_threshold": 0.3,
"detection_categories": ["pii", "education"],
"is_default": true
}'