Routing Rules API
Enable fine-grained control over how just-in-time access requests are evaluated, approved, and enforced—ensuring secure, compliant, and context-aware access workflows.
Last updated
Enable fine-grained control over how just-in-time access requests are evaluated, approved, and enforced—ensuring secure, compliant, and context-aware access workflows.
Last updated
The Routing Rules API gives you fine-grained control over how just-in-time access requests are evaluated and approved. By defining workflow rules based on both the requestor (who is making the request) and the resource (what they’re trying to access), you can enforce consistent, auditable, and dynamic access controls across your infrastructure.
Request routing allows you to direct access requests through different approval paths based on context. For example, you can require manual approval for sensitive production systems, while allowing auto-approved access to staging environments. You can also limit request scope using filters or directory-based rules, ensuring access is only available to the right people at the right time.
Retrieve a specific routing rule by its name.
GET /o/{orgId}/routing/name/{name} HTTP/1.1
Host: api.p0.app
Authorization: Bearer JWT
Accept: */*
{
"name": "text",
"disabled": true,
"requestor": {
"type": "text",
"uid": "text"
},
"resource": {
"type": "text",
"service": "text",
"filters": {
"ANY_ADDITIONAL_PROPERTY": {
"effect": "text",
"key": "text",
"value": true,
"pattern": "text"
}
}
},
"approval": [
{
"type": "text",
"directory": "text",
"integration": "text",
"profile_property": "text",
"services": [
"text"
],
"options": {
"allow_one_party": true,
"require_reason": true,
"cooldown": 1,
"duration": 1
}
}
]
}Retrieve a specific routing configuration by workflow ID.
GET /o/{orgId}/routing/{workflowId} HTTP/1.1
Host: api.p0.app
Authorization: Bearer JWT
Accept: */*
{
"id": "text",
"createdDate": "2025-06-20T08:29:02.722Z",
"rules": [
{
"name": "text",
"disabled": true,
"requestor": {
"type": "text",
"uid": "text"
},
"resource": {
"type": "text",
"service": "text",
"filters": {
"ANY_ADDITIONAL_PROPERTY": {
"effect": "text",
"key": "text",
"value": true,
"pattern": "text"
}
}
},
"approval": [
{
"type": "text",
"directory": "text",
"integration": "text",
"profile_property": "text",
"services": [
"text"
],
"options": {
"allow_one_party": true,
"require_reason": true,
"cooldown": 1,
"duration": 1
}
}
]
}
]
}Delete the routing rule with the specified name.
DELETE /o/{orgId}/routing/name/{name} HTTP/1.1
Host: api.p0.app
Authorization: Bearer JWT
Accept: */*
Routing rule deleted successfully. No content returned.
No content
Retrieve the routing configuration (WorkflowConfig) for the specified organization.
The ID of the organization.
GET /o/{orgId}/routing HTTP/1.1
Host: api.p0.app
Authorization: Bearer JWT
Accept: */*
{
"id": "text",
"createdDate": "2025-06-20T08:29:02.722Z",
"rules": [
{
"name": "text",
"disabled": true,
"requestor": {
"type": "text",
"uid": "text"
},
"resource": {
"type": "text",
"service": "text",
"filters": {
"ANY_ADDITIONAL_PROPERTY": {
"effect": "text",
"key": "text",
"value": true,
"pattern": "text"
}
}
},
"approval": [
{
"type": "text",
"directory": "text",
"integration": "text",
"profile_property": "text",
"services": [
"text"
],
"options": {
"allow_one_party": true,
"require_reason": true,
"cooldown": 1,
"duration": 1
}
}
]
}
]
}Save a new version of the routing configuration.
The ID of the organization.
POST /o/{orgId}/routing HTTP/1.1
Host: api.p0.app
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 515
{
"currentVersion": "text",
"workflow": {
"id": "text",
"createdDate": "2025-06-20T08:29:02.722Z",
"rules": [
{
"name": "text",
"disabled": true,
"requestor": {
"type": "text",
"uid": "text"
},
"resource": {
"type": "text",
"service": "text",
"filters": {
"ANY_ADDITIONAL_PROPERTY": {
"effect": "text",
"key": "text",
"value": true,
"pattern": "text"
}
}
},
"approval": [
{
"type": "text",
"directory": "text",
"integration": "text",
"profile_property": "text",
"services": [
"text"
],
"options": {
"allow_one_party": true,
"require_reason": true,
"cooldown": 1,
"duration": 1
}
}
]
}
]
}
}Updated routing rules returned.
{
"rules": [
{
"name": "text",
"disabled": true,
"requestor": {
"type": "text",
"uid": "text"
},
"resource": {
"type": "text",
"service": "text",
"filters": {
"ANY_ADDITIONAL_PROPERTY": {
"effect": "text",
"key": "text",
"value": true,
"pattern": "text"
}
}
},
"approval": [
{
"type": "text",
"directory": "text",
"integration": "text",
"profile_property": "text",
"services": [
"text"
],
"options": {
"allow_one_party": true,
"require_reason": true,
"cooldown": 1,
"duration": 1
}
}
]
}
],
"version": "text"
}Create a new routing rule with the specified name.
A human readable name for this routing rule
Whether or not the routing rule should be evaluated; if false or undefined, the rule will be evaluated
POST /o/{orgId}/routing/name/{name} HTTP/1.1
Host: api.p0.app
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 413
{
"name": "text",
"disabled": true,
"requestor": {
"type": "text",
"uid": "text"
},
"resource": {
"type": "text",
"service": "text",
"filters": {
"ANY_ADDITIONAL_PROPERTY": {
"effect": "text",
"key": "text",
"value": true,
"pattern": "text"
}
}
},
"approval": [
{
"type": "text",
"directory": "text",
"integration": "text",
"profile_property": "text",
"services": [
"text"
],
"options": {
"allow_one_party": true,
"require_reason": true,
"cooldown": 1,
"duration": 1
}
}
]
}Routing rule created successfully.
{
"name": "text",
"disabled": true,
"requestor": {
"type": "text",
"uid": "text"
},
"resource": {
"type": "text",
"service": "text",
"filters": {
"ANY_ADDITIONAL_PROPERTY": {
"effect": "text",
"key": "text",
"value": true,
"pattern": "text"
}
}
},
"approval": [
{
"type": "text",
"directory": "text",
"integration": "text",
"profile_property": "text",
"services": [
"text"
],
"options": {
"allow_one_party": true,
"require_reason": true,
"cooldown": 1,
"duration": 1
}
}
]
}Update an existing routing rule with the specified name.
A human readable name for this routing rule
Whether or not the routing rule should be evaluated; if false or undefined, the rule will be evaluated
PUT /o/{orgId}/routing/name/{name} HTTP/1.1
Host: api.p0.app
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 413
{
"name": "text",
"disabled": true,
"requestor": {
"type": "text",
"uid": "text"
},
"resource": {
"type": "text",
"service": "text",
"filters": {
"ANY_ADDITIONAL_PROPERTY": {
"effect": "text",
"key": "text",
"value": true,
"pattern": "text"
}
}
},
"approval": [
{
"type": "text",
"directory": "text",
"integration": "text",
"profile_property": "text",
"services": [
"text"
],
"options": {
"allow_one_party": true,
"require_reason": true,
"cooldown": 1,
"duration": 1
}
}
]
}Routing rule updated successfully.
{
"name": "text",
"disabled": true,
"requestor": {
"type": "text",
"uid": "text"
},
"resource": {
"type": "text",
"service": "text",
"filters": {
"ANY_ADDITIONAL_PROPERTY": {
"effect": "text",
"key": "text",
"value": true,
"pattern": "text"
}
}
},
"approval": [
{
"type": "text",
"directory": "text",
"integration": "text",
"profile_property": "text",
"services": [
"text"
],
"options": {
"allow_one_party": true,
"require_reason": true,
"cooldown": 1,
"duration": 1
}
}
]
}