SecureAgentMail

List policies

Returns a paginated list of policies. Results can be filtered by inbox and policy type.

GET
/policies

Authorization

BearerAuth
AuthorizationBearer <token>

API key passed as a Bearer token. Production keys start with am_live_ and sandbox keys start with am_test_.

In: header

Query Parameters

inbox_id?string

Filter policies by the inbox they are scoped to.

type?string

Filter policies by type.

Value in"domain_allowlist" | "domain_blocklist" | "keyword_filter" | "rate_limit" | "pii_redaction" | "output_scan"
limit?integer

Maximum number of items to return per page.

Default25
Range1 <= value <= 100
cursor?string

Opaque pagination cursor returned as next_cursor from a previous request.

Response Body

application/json

application/json

application/json

curl -X GET "https://secureagentmail.com/api/v1/policies"
{
  "policies": [
    {
      "id": "pol_r2t5v8",
      "name": "Block Competitor Domains",
      "type": "domain_blocklist",
      "action": "block",
      "inbox_id": "inb_abc123",
      "enabled": true,
      "config": {},
      "created_at": "2026-01-20T12:00:00Z"
    }
  ],
  "has_more": true,
  "next_cursor": "string"
}
{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key.",
    "status": 401
  }
}
{
  "error": {
    "code": "rate_limited",
    "message": "Rate limit exceeded. Please retry after 30 seconds.",
    "status": 429
  }
}

Get attachment with download URL

Retrieves attachment metadata along with a pre-signed, time-limited download URL. The URL expires at the time indicated by `download_url_expires_at`.

Create policy

Creates a new security or compliance policy. Policies can be scoped globally (when `inbox_id` is null) or to a specific inbox. The `config` object shape varies by policy type.