Skip to main content
POST
/
v1
/
policies
/
evaluate
curl -X POST https://api.truthlocks.com/v1/policies/evaluate \
  -H "X-API-Key: tl_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "action": "MINT",
    "target_type": "ISSUER",
    "input": {
      "jurisdiction": "US",
      "trust_tier": "verified_org",
      "status": "ACTIVE",
      "risk_rating": "low"
    }
  }'

{
  "allowed": true,
  "matched_rules": ["us_only"],
  "reasons": [],
  "decision_id": "dec_7f3a1b"
}
Evaluates all active policies that match the given action and target against the provided input. Use this endpoint to test how your policies behave before activating them in production. The response includes which rules matched, whether the request would be allowed, and a decision_id for audit trail queries.
The reasons field is only populated when the request is denied. Allowed responses return an empty array. If you previously relied on evaluation_ms for performance monitoring, that field has been removed — query resource_type=policy_decision in the decision audit trail instead.
Every evaluation is recorded in the audit log with a SHA-256 hash of the input for tamper-evidence. Use the decision_id to look up the decision in audit queries.

Parameters

action
string
required
The policy category to evaluate: MINT, VERIFY, or BUNDLE_EXPORT.
target_type
string
required
The binding target type: ISSUER, VERIFICATION_PROFILE, or TENANT_DEFAULT.
target_id
string
UUID of the specific target. Omit for TENANT_DEFAULT to evaluate tenant-wide policies.
input
object
required
Key-value pairs representing the request context. Supports dot-notation for nested fields (e.g., key.age_days).Common fields include jurisdiction, trust_tier, status, risk_rating, assurance_level, key.age_days, and key.status. See the available fields reference for the full list.
curl -X POST https://api.truthlocks.com/v1/policies/evaluate \
  -H "X-API-Key: tl_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "action": "MINT",
    "target_type": "ISSUER",
    "input": {
      "jurisdiction": "US",
      "trust_tier": "verified_org",
      "status": "ACTIVE",
      "risk_rating": "low"
    }
  }'

Responses

{
  "allowed": true,
  "matched_rules": ["us_only"],
  "reasons": [],
  "decision_id": "dec_7f3a1b"
}

Response fields

FieldTypeDescription
allowedbooleanWhether the request would be permitted under the current active policies.
matched_rulesstring[]IDs of rules that matched the input. Empty when no rule matched and the default effect applied.
reasonsstring[]Explanation of why the request was denied. Always an empty array when allowed is true.
decision_idstringUnique identifier for this evaluation. Use it to look up the full decision record in the audit trail.
curl -X POST https://api.truthlocks.com/v1/policies/evaluate \
  -H "X-API-Key: tlk_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "action": "MINT",
    "target_type": "TENANT_DEFAULT",
    "input": {
      "jurisdiction": "US",
      "trust_tier": "verified_org"
    }
  }'