open-nomad/website/pages/api-docs/acl-policies.mdx

---
layout: api
page_title: ACL Policies - HTTP API
sidebar_title: ACL Policies
description: The /acl/policy endpoints are used to configure and manage ACL policies.
---

# ACL Policies HTTP API

The `/acl/policies` and `/acl/policy/` endpoints are used to manage ACL policies.
For more details about ACLs, please see the [ACL Guide](https://learn.hashicorp.com/nomad?track=acls#operations-and-development).

## List Policies

This endpoint lists all ACL policies. This lists the policies that have been replicated
to the region, and may lag behind the authoritative region.

| Method | Path            | Produces           |
| ------ | --------------- | ------------------ |
| `GET`  | `/acl/policies` | `application/json` |

The table below shows this endpoint's support for
[blocking queries](/api-docs#blocking-queries), [consistency modes](/api-docs#consistency-modes) and
[required ACLs](/api-docs#acls).

| Blocking Queries | Consistency Modes | ACL Required                                                                                                                     |
| ---------------- | ----------------- | -------------------------------------------------------------------------------------------------------------------------------- |
| `YES`            | `all`             | `management` for all policies.<br />Output when given a non-management token will be limited to the policies on the token itself |

### Parameters

- `prefix` `(string: "")` - Specifies a string to filter ACL policies based on
  a name prefix. This is specified as a query string parameter.

### Sample Request

```shell
$ curl \
    https://localhost:4646/v1/acl/policies
```

```shell
$ curl \
    https://localhost:4646/v1/acl/policies?prefix=prod
```

### Sample Response

```json
[
  {
    "Name": "foo",
    "Description": "",
    "CreateIndex": 12,
    "ModifyIndex": 13
  }
]
```

## Create or Update Policy

This endpoint creates or updates an ACL Policy. This request is always forwarded to the
authoritative region.

| Method | Path                       | Produces       |
| ------ | -------------------------- | -------------- |
| `POST` | `/acl/policy/:policy_name` | `(empty body)` |

The table below shows this endpoint's support for
[blocking queries](/api-docs#blocking-queries) and
[required ACLs](/api-docs#acls).

| Blocking Queries | ACL Required |
| ---------------- | ------------ |
| `NO`             | `management` |

### Parameters

- `Name` `(string: <required>)` - Specifies the name of the policy.
  Creates the policy if the name does not exist, otherwise updates the existing policy.

- `Description` `(string: <optional>)` - Specifies a human readable description.

- `Rules` `(string: <required>)` - Specifies the Policy rules in HCL or JSON format.

### Sample Payload

```json
{
  "Name": "my-policy",
  "Description": "This is a great policy",
  "Rules": ""
}
```

### Sample Request

```shell
$ curl \
    --request POST \
    --data @payload.json \
    https://localhost:4646/v1/acl/policy/my-policy
```

## Read Policy

This endpoint reads an ACL policy with the given name. This queries the policy that have been
replicated to the region, and may lag behind the authoritative region.

| Method | Path                       | Produces           |
| ------ | -------------------------- | ------------------ |
| `GET`  | `/acl/policy/:policy_name` | `application/json` |

The table below shows this endpoint's support for
[blocking queries](/api-docs#blocking-queries), [consistency modes](/api-docs#consistency-modes) and
[required ACLs](/api-docs#acls).

| Blocking Queries | Consistency Modes | ACL Required                                |
| ---------------- | ----------------- | ------------------------------------------- |
| `YES`            | `all`             | `management` or token with access to policy |

### Sample Request

```shell
$ curl \
    https://localhost:4646/v1/acl/policy/foo
```

### Sample Response

```json
{
  "Name": "foo",
  "Rules": "",
  "Description": "",
  "CreateIndex": 12,
  "ModifyIndex": 13
}
```

## Delete Policy

This endpoint deletes the named ACL policy. This request is always forwarded to the
authoritative region.

| Method   | Path                       | Produces       |
| -------- | -------------------------- | -------------- |
| `DELETE` | `/acl/policy/:policy_name` | `(empty body)` |

The table below shows this endpoint's support for
[blocking queries](/api-docs#blocking-queries) and
[required ACLs](/api-docs#acls).

| Blocking Queries | ACL Required |
| ---------------- | ------------ |
| `NO`             | `management` |

### Parameters

- `policy_name` `(string: <required>)` - Specifies the policy name to delete.

### Sample Request

```shell
$ curl \
    --request DELETE \
    https://localhost:4646/v1/acl/policy/foo
```
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00			`---`
			`layout: api`
			`page_title: ACL Policies - HTTP API`
new website :sparkles: 2020-02-06 23:45:31 +00:00			`sidebar_title: ACL Policies`
			`description: The /acl/policy endpoints are used to configure and manage ACL policies.`
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00			`---`

			`# ACL Policies HTTP API`

			The `/acl/policies` and `/acl/policy/` endpoints are used to manage ACL policies.
link-fixup; move navigation 2020-03-20 21:00:59 +00:00			`For more details about ACLs, please see the [ACL Guide](https://learn.hashicorp.com/nomad?track=acls#operations-and-development).`
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00
			`## List Policies`

			`This endpoint lists all ACL policies. This lists the policies that have been replicated`
			`to the region, and may lag behind the authoritative region.`

new website :sparkles: 2020-02-06 23:45:31 +00:00			`\| Method \| Path \| Produces \|`
			`\| ------ \| --------------- \| ------------------ \|`
			\| `GET` \| `/acl/policies` \| `application/json` \|
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00
			`The table below shows this endpoint's support for`
fixing links (cherry picked from commit 575f22e970e2429b8f9871f11b8c3e0924c82dc2) 2020-03-20 22:24:56 +00:00			`[blocking queries](/api-docs#blocking-queries), [consistency modes](/api-docs#consistency-modes) and`
			`[required ACLs](/api-docs#acls).`
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00
new website :sparkles: 2020-02-06 23:45:31 +00:00			`\| Blocking Queries \| Consistency Modes \| ACL Required \|`
			`\| ---------------- \| ----------------- \| -------------------------------------------------------------------------------------------------------------------------------- \|`
			\| `YES` \| `all` \| `management` for all policies.<br />Output when given a non-management token will be limited to the policies on the token itself \|
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00
docs: add missing `prefix` param to the ACL API endpoints 2019-10-08 18:05:12 +00:00			`### Parameters`

			- `prefix` `(string: "")` - Specifies a string to filter ACL policies based on
docs: fix ACL `prefix` param documentation 2019-10-11 14:28:44 +00:00			`a name prefix. This is specified as a query string parameter.`
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00
			`### Sample Request`

new website :sparkles: 2020-02-06 23:45:31 +00:00			```shell
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00			`$ curl \`
Changed `nomad.rocks` to `localhost:4646` to align with defaults Should provide cut and paste example for most users. Advanced users should be able to correct URLs to something appropriate. 2018-01-29 16:27:52 +00:00			`https://localhost:4646/v1/acl/policies`
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00			```

new website :sparkles: 2020-02-06 23:45:31 +00:00			```shell
docs: add missing `prefix` param to the ACL API endpoints 2019-10-08 18:05:12 +00:00			`$ curl \`
			`https://localhost:4646/v1/acl/policies?prefix=prod`
			```

website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00			`### Sample Response`

			```json
			`[`
			`{`
			`"Name": "foo",`
			`"Description": "",`
			`"CreateIndex": 12,`
new website :sparkles: 2020-02-06 23:45:31 +00:00			`"ModifyIndex": 13`
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00			`}`
			`]`
			```

			`## Create or Update Policy`

			`This endpoint creates or updates an ACL Policy. This request is always forwarded to the`
			`authoritative region.`

new website :sparkles: 2020-02-06 23:45:31 +00:00			`\| Method \| Path \| Produces \|`
			`\| ------ \| -------------------------- \| -------------- \|`
			\| `POST` \| `/acl/policy/:policy_name` \| `(empty body)` \|
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00
			`The table below shows this endpoint's support for`
fixing links (cherry picked from commit 575f22e970e2429b8f9871f11b8c3e0924c82dc2) 2020-03-20 22:24:56 +00:00			`[blocking queries](/api-docs#blocking-queries) and`
			`[required ACLs](/api-docs#acls).`
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00
new website :sparkles: 2020-02-06 23:45:31 +00:00			`\| Blocking Queries \| ACL Required \|`
			`\| ---------------- \| ------------ \|`
			\| `NO` \| `management` \|
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00
			`### Parameters`

			- `Name` `(string: <required>)` - Specifies the name of the policy.
			`Creates the policy if the name does not exist, otherwise updates the existing policy.`

			- `Description` `(string: <optional>)` - Specifies a human readable description.

			- `Rules` `(string: <required>)` - Specifies the Policy rules in HCL or JSON format.

			`### Sample Payload`

			```json
			`{`
new website :sparkles: 2020-02-06 23:45:31 +00:00			`"Name": "my-policy",`
			`"Description": "This is a great policy",`
			`"Rules": ""`
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00			`}`
			```

			`### Sample Request`

new website :sparkles: 2020-02-06 23:45:31 +00:00			```shell
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00			`$ curl \`
			`--request POST \`
			`--data @payload.json \`
Changed `nomad.rocks` to `localhost:4646` to align with defaults Should provide cut and paste example for most users. Advanced users should be able to correct URLs to something appropriate. 2018-01-29 16:27:52 +00:00			`https://localhost:4646/v1/acl/policy/my-policy`
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00			```

			`## Read Policy`

			`This endpoint reads an ACL policy with the given name. This queries the policy that have been`
			`replicated to the region, and may lag behind the authoritative region.`

new website :sparkles: 2020-02-06 23:45:31 +00:00			`\| Method \| Path \| Produces \|`
			`\| ------ \| -------------------------- \| ------------------ \|`
			\| `GET` \| `/acl/policy/:policy_name` \| `application/json` \|
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00
			`The table below shows this endpoint's support for`
fixing links (cherry picked from commit 575f22e970e2429b8f9871f11b8c3e0924c82dc2) 2020-03-20 22:24:56 +00:00			`[blocking queries](/api-docs#blocking-queries), [consistency modes](/api-docs#consistency-modes) and`
			`[required ACLs](/api-docs#acls).`
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00
new website :sparkles: 2020-02-06 23:45:31 +00:00			`\| Blocking Queries \| Consistency Modes \| ACL Required \|`
			`\| ---------------- \| ----------------- \| ------------------------------------------- \|`
ListPolicies and GetPolicy work w/o management token 2017-10-13 18:30:27 +00:00			\| `YES` \| `all` \| `management` or token with access to policy \|
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00
			`### Sample Request`

new website :sparkles: 2020-02-06 23:45:31 +00:00			```shell
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00			`$ curl \`
Changed `nomad.rocks` to `localhost:4646` to align with defaults Should provide cut and paste example for most users. Advanced users should be able to correct URLs to something appropriate. 2018-01-29 16:27:52 +00:00			`https://localhost:4646/v1/acl/policy/foo`
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00			```

			`### Sample Response`

			```json
			`{`
			`"Name": "foo",`
			`"Rules": "",`
			`"Description": "",`
			`"CreateIndex": 12,`
			`"ModifyIndex": 13`
			`}`
			```

			`## Delete Policy`

			`This endpoint deletes the named ACL policy. This request is always forwarded to the`
			`authoritative region.`

new website :sparkles: 2020-02-06 23:45:31 +00:00			`\| Method \| Path \| Produces \|`
			`\| -------- \| -------------------------- \| -------------- \|`
			\| `DELETE` \| `/acl/policy/:policy_name` \| `(empty body)` \|
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00
			`The table below shows this endpoint's support for`
fixing links (cherry picked from commit 575f22e970e2429b8f9871f11b8c3e0924c82dc2) 2020-03-20 22:24:56 +00:00			`[blocking queries](/api-docs#blocking-queries) and`
			`[required ACLs](/api-docs#acls).`
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00
new website :sparkles: 2020-02-06 23:45:31 +00:00			`\| Blocking Queries \| ACL Required \|`
			`\| ---------------- \| ------------ \|`
			\| `NO` \| `management` \|
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00
			`### Parameters`

			- `policy_name` `(string: <required>)` - Specifies the policy name to delete.

			`### Sample Request`

new website :sparkles: 2020-02-06 23:45:31 +00:00			```shell
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00			`$ curl \`
			`--request DELETE \`
Changed `nomad.rocks` to `localhost:4646` to align with defaults Should provide cut and paste example for most users. Advanced users should be able to correct URLs to something appropriate. 2018-01-29 16:27:52 +00:00			`https://localhost:4646/v1/acl/policy/foo`
website: Document ACL APIs and configuration 2017-08-23 23:56:05 +00:00			```