Routing Rules API

Enable fine-grained control over how just-in-time access requests are evaluated, approved, and enforced—ensuring secure, compliant, and context-aware access workflows.

The Routing Rules API gives you fine-grained control over how just-in-time access requests are evaluated and approved. By defining workflow rules based on both the requestor (who is making the request) and the resource (what they’re trying to access), you can enforce consistent, auditable, and dynamic access controls across your infrastructure.

Request routing allows you to direct access requests through different approval paths based on context. For example, you can require manual approval for sensitive production systems, while allowing auto-approved access to staging environments. You can also limit request scope using filters or directory-based rules, ensuring access is only available to the right people at the right time.

Get Routing Configuration

get

Retrieve the routing configuration (WorkflowConfig) for the specified organization.

Authorizations
Path parameters
orgIdstringRequired

The ID of the organization.

Responses
200
Routing configuration returned successfully.
application/json
get
GET /o/{orgId}/routing HTTP/1.1
Host: api.p0.app
Authorization: Bearer JWT
Accept: */*
{
  "id": "text",
  "createdDate": "2025-07-10T04:30:19.188Z",
  "rules": [
    {
      "name": "text",
      "disabled": true,
      "requestor": {
        "type": "text",
        "uid": "text"
      },
      "resource": {
        "type": "text",
        "service": "text",
        "filters": {
          "ANY_ADDITIONAL_PROPERTY": {
            "effect": "text",
            "key": "text",
            "value": true,
            "pattern": "text"
          }
        }
      },
      "approval": [
        {
          "type": "text",
          "directory": "text",
          "integration": "text",
          "profile_property": "text",
          "services": [
            "text"
          ],
          "options": {
            "allow_one_party": true,
            "require_reason": true,
            "cooldown": 1,
            "duration": 1
          }
        }
      ]
    }
  ]
}

Save Routing Configuration

post

Save a new version of the routing configuration.

Authorizations
Path parameters
orgIdstringRequired

The ID of the organization.

Body
currentVersionstringOptional
Responses
200
Updated routing rules returned.
application/json
post
POST /o/{orgId}/routing HTTP/1.1
Host: api.p0.app
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 515

{
  "currentVersion": "text",
  "workflow": {
    "id": "text",
    "createdDate": "2025-07-10T04:30:19.188Z",
    "rules": [
      {
        "name": "text",
        "disabled": true,
        "requestor": {
          "type": "text",
          "uid": "text"
        },
        "resource": {
          "type": "text",
          "service": "text",
          "filters": {
            "ANY_ADDITIONAL_PROPERTY": {
              "effect": "text",
              "key": "text",
              "value": true,
              "pattern": "text"
            }
          }
        },
        "approval": [
          {
            "type": "text",
            "directory": "text",
            "integration": "text",
            "profile_property": "text",
            "services": [
              "text"
            ],
            "options": {
              "allow_one_party": true,
              "require_reason": true,
              "cooldown": 1,
              "duration": 1
            }
          }
        ]
      }
    ]
  }
}
200

Updated routing rules returned.

{
  "rules": [
    {
      "name": "text",
      "disabled": true,
      "requestor": {
        "type": "text",
        "uid": "text"
      },
      "resource": {
        "type": "text",
        "service": "text",
        "filters": {
          "ANY_ADDITIONAL_PROPERTY": {
            "effect": "text",
            "key": "text",
            "value": true,
            "pattern": "text"
          }
        }
      },
      "approval": [
        {
          "type": "text",
          "directory": "text",
          "integration": "text",
          "profile_property": "text",
          "services": [
            "text"
          ],
          "options": {
            "allow_one_party": true,
            "require_reason": true,
            "cooldown": 1,
            "duration": 1
          }
        }
      ]
    }
  ],
  "version": "text"
}

Get a Routing Rule by Name

get

Retrieve a specific routing rule by its name.

Authorizations
Path parameters
orgIdstringRequired
namestringRequired
Responses
200
Routing rule returned successfully.
application/json
get
GET /o/{orgId}/routing/name/{name} HTTP/1.1
Host: api.p0.app
Authorization: Bearer JWT
Accept: */*
{
  "name": "text",
  "disabled": true,
  "requestor": {
    "type": "text",
    "uid": "text"
  },
  "resource": {
    "type": "text",
    "service": "text",
    "filters": {
      "ANY_ADDITIONAL_PROPERTY": {
        "effect": "text",
        "key": "text",
        "value": true,
        "pattern": "text"
      }
    }
  },
  "approval": [
    {
      "type": "text",
      "directory": "text",
      "integration": "text",
      "profile_property": "text",
      "services": [
        "text"
      ],
      "options": {
        "allow_one_party": true,
        "require_reason": true,
        "cooldown": 1,
        "duration": 1
      }
    }
  ]
}

Get Workflow Configuration by ID

get

Retrieve a specific routing configuration by workflow ID.

Authorizations
Path parameters
orgIdstringRequired
workflowIdstringRequired
Responses
200
Workflow configuration returned successfully.
application/json
Responseall of
get
GET /o/{orgId}/routing/{workflowId} HTTP/1.1
Host: api.p0.app
Authorization: Bearer JWT
Accept: */*
{
  "id": "text",
  "createdDate": "2025-07-10T04:30:19.188Z",
  "rules": [
    {
      "name": "text",
      "disabled": true,
      "requestor": {
        "type": "text",
        "uid": "text"
      },
      "resource": {
        "type": "text",
        "service": "text",
        "filters": {
          "ANY_ADDITIONAL_PROPERTY": {
            "effect": "text",
            "key": "text",
            "value": true,
            "pattern": "text"
          }
        }
      },
      "approval": [
        {
          "type": "text",
          "directory": "text",
          "integration": "text",
          "profile_property": "text",
          "services": [
            "text"
          ],
          "options": {
            "allow_one_party": true,
            "require_reason": true,
            "cooldown": 1,
            "duration": 1
          }
        }
      ]
    }
  ]
}

Create a Routing Rule by Name

post

Create a new routing rule with the specified name.

Authorizations
Path parameters
orgIdstringRequired
namestringRequired
Body
namestringOptional

A human readable name for this routing rule

disabledbooleanOptional

Whether or not the routing rule should be evaluated; if false or undefined, the rule will be evaluated

Responses
200
Routing rule created successfully.
application/json
post
POST /o/{orgId}/routing/name/{name} HTTP/1.1
Host: api.p0.app
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 413

{
  "name": "text",
  "disabled": true,
  "requestor": {
    "type": "text",
    "uid": "text"
  },
  "resource": {
    "type": "text",
    "service": "text",
    "filters": {
      "ANY_ADDITIONAL_PROPERTY": {
        "effect": "text",
        "key": "text",
        "value": true,
        "pattern": "text"
      }
    }
  },
  "approval": [
    {
      "type": "text",
      "directory": "text",
      "integration": "text",
      "profile_property": "text",
      "services": [
        "text"
      ],
      "options": {
        "allow_one_party": true,
        "require_reason": true,
        "cooldown": 1,
        "duration": 1
      }
    }
  ]
}
200

Routing rule created successfully.

{
  "name": "text",
  "disabled": true,
  "requestor": {
    "type": "text",
    "uid": "text"
  },
  "resource": {
    "type": "text",
    "service": "text",
    "filters": {
      "ANY_ADDITIONAL_PROPERTY": {
        "effect": "text",
        "key": "text",
        "value": true,
        "pattern": "text"
      }
    }
  },
  "approval": [
    {
      "type": "text",
      "directory": "text",
      "integration": "text",
      "profile_property": "text",
      "services": [
        "text"
      ],
      "options": {
        "allow_one_party": true,
        "require_reason": true,
        "cooldown": 1,
        "duration": 1
      }
    }
  ]
}

Update a Routing Rule by Name

put

Update an existing routing rule with the specified name.

Authorizations
Path parameters
orgIdstringRequired
namestringRequired
Body
namestringOptional

A human readable name for this routing rule

disabledbooleanOptional

Whether or not the routing rule should be evaluated; if false or undefined, the rule will be evaluated

Responses
200
Routing rule updated successfully.
application/json
put
PUT /o/{orgId}/routing/name/{name} HTTP/1.1
Host: api.p0.app
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 413

{
  "name": "text",
  "disabled": true,
  "requestor": {
    "type": "text",
    "uid": "text"
  },
  "resource": {
    "type": "text",
    "service": "text",
    "filters": {
      "ANY_ADDITIONAL_PROPERTY": {
        "effect": "text",
        "key": "text",
        "value": true,
        "pattern": "text"
      }
    }
  },
  "approval": [
    {
      "type": "text",
      "directory": "text",
      "integration": "text",
      "profile_property": "text",
      "services": [
        "text"
      ],
      "options": {
        "allow_one_party": true,
        "require_reason": true,
        "cooldown": 1,
        "duration": 1
      }
    }
  ]
}
200

Routing rule updated successfully.

{
  "name": "text",
  "disabled": true,
  "requestor": {
    "type": "text",
    "uid": "text"
  },
  "resource": {
    "type": "text",
    "service": "text",
    "filters": {
      "ANY_ADDITIONAL_PROPERTY": {
        "effect": "text",
        "key": "text",
        "value": true,
        "pattern": "text"
      }
    }
  },
  "approval": [
    {
      "type": "text",
      "directory": "text",
      "integration": "text",
      "profile_property": "text",
      "services": [
        "text"
      ],
      "options": {
        "allow_one_party": true,
        "require_reason": true,
        "cooldown": 1,
        "duration": 1
      }
    }
  ]
}

Delete a Routing Rule by Name

delete

Delete the routing rule with the specified name.

Authorizations
Path parameters
orgIdstringRequired
namestringRequired
Responses
204
Routing rule deleted successfully. No content returned.
delete
DELETE /o/{orgId}/routing/name/{name} HTTP/1.1
Host: api.p0.app
Authorization: Bearer JWT
Accept: */*
204

Routing rule deleted successfully. No content returned.

No content

Last updated