Policies define the action chains the Actions API will execute. Each policy contains one or more actions and optional observability (telemetry) and TrustLens settings. You reference a policy by its id when calling POST /v1/actions.

What is a policy?

A policy is a declarative object that describes:
  • The list of actions to run, with order (priority) and parallelization hints
  • Optional telemetry exporters and settings
  • Optional TrustLens configuration for advanced insights
Policies enable repeatable, versionable orchestration of actions with clear access control through allowed policies on API keys.

Create a policy

Use the admin endpoint POST /v1/policies with at least one action: 
curl -X POST \
  https://<host>/v1/policies \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <ADMIN_API_KEY>" \
  -d '{
    "name": "policy-textops",
    "actions": [
      {"name": "sanitize", "priority": 1, "parallel": false, "settings": {"level": "standard"}},
      {"name": "classify", "priority": 2, "parallel": false, "settings": {"labels": ["spam", "ham"]}}
    ]
  }'
Response: 
{ "id": "<uuid>" }

Use a policy

Call POST /v1/actions with the policy_id you received and a payload to process: 
curl -X POST \
  https://<host>/v1/actions \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <API_KEY>" \
  -d '{
    "policy_id": "<uuid>",
    "payload": {"input_text": "Hello world", "user_id": "u-123"}
  }'

Best practices

  • Keep actions small and composable; use multiple actions rather than one complex action
  • Prefer sequential execution unless parallel execution is safe and idempotent
  • Name policies clearly and use tags/metadata in your platform to track versions
  • Restrict execution using allowed policies on API keys