List policies (grants)

Endpoint: GET /v1/vaults/:vault_id/policies
Authentication: Bearer JWT

Returns all policies (grants) for the given vault.

Example request

curl
TypeScript

curl -s "https://api.1claw.xyz/v1/vaults/ae370174-9aee-4b02-ba7c-d1519930c709/policies" \
  -H "Authorization: Bearer <token>"

const { data } = await client.access.listGrants(vaultId);
for (const p of data.policies) {
  console.log(p.id, p.principal_type, p.permissions);
}

Example response (200)

{
    "policies": [
        {
            "id": "897b37da-a265-4bd4-818b-e716eeff3de3",
            "vault_id": "ae370174-9aee-4b02-ba7c-d1519930c709",
            "secret_path_pattern": "**",
            "principal_type": "agent",
            "principal_id": "ec7e0226-30f0-4dda-b169-f060a3502603",
            "permissions": ["read"],
            "conditions": {},
            "created_by": "2a57eb5e-caac-4e34-9685-b94c37458eb1",
            "created_at": "2026-02-18T12:00:00Z"
        }
    ]
}

Update a policy

Endpoint: PUT /v1/vaults/:vault_id/policies/:policy_id
Body: permissions (array), optional conditions (object), optional expires_at (ISO 8601). Only these fields can be updated; path pattern and principal are fixed after creation.

In the dashboard, open Vaults → [vault] → Policies and click the pencil (edit) icon on a policy to change permissions, conditions, or expiry. Use the trash icon to delete a policy.

Example request​

Example response (200)​

Update a policy​

Example request

Example response (200)

Update a policy