> ## Documentation Index
> Fetch the complete documentation index at: https://clearlayer.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Policies

> Define compliance requirements for an asset.

## Create a policy

<code>POST /v1/policies</code>

Creates a compliance policy that defines the rules investors and wallets must satisfy to be granted access to an asset. Policies are referenced by `asset_policy_id` when requesting a [compliance decision](/api/decisions).

<Warning>
  All requests to this endpoint require a valid API key in the `Authorization` header.
</Warning>

***

## Request body

<ParamField path="name" type="string" required>
  A human-readable display name for the policy (e.g. `"US Accredited Only"`).
</ParamField>

<ParamField path="requires_kyc" type="boolean" required>
  If `true`, the investor's `kyc_status` must be `"verified"` for a decision to be `"allow"`.
</ParamField>

<ParamField path="requires_accredited" type="boolean" required>
  If `true`, the investor's `accredited_status` must be `true` for a decision to be `"allow"`.
</ParamField>

<ParamField path="allowed_countries" type="string[]">
  An allowlist of 2-letter ISO country codes. If non-empty, only investors from these countries can receive an `"allow"` decision. Defaults to `[]`.
</ParamField>

<ParamField path="blocked_countries" type="string[]">
  A blocklist of 2-letter ISO country codes. Investors from these countries are always denied. Defaults to `[]`.
</ParamField>

<ParamField path="wallet_must_be_verified" type="boolean" required>
  If `true`, the wallet's `screening_status` must be `"verified"` for a decision to be `"allow"`.
</ParamField>

<ParamField path="status" type="string">
  Whether the policy is active. Must be `"active"` or `"inactive"`. Defaults to `"active"`.
</ParamField>

<Note>
  When `allowed_countries` is `[]` (empty), no country restriction is applied — investors from any country can pass this check. Only set `allowed_countries` when you want to explicitly restrict access to specific countries.
</Note>

***

## Response fields

<ResponseField name="id" type="string">
  Unique policy ID. Format: `pol_...`
</ResponseField>

<ResponseField name="name" type="string">
  The policy display name.
</ResponseField>

<ResponseField name="requires_kyc" type="boolean">
  Whether KYC verification is required.
</ResponseField>

<ResponseField name="requires_accredited" type="boolean">
  Whether accreditation is required.
</ResponseField>

<ResponseField name="allowed_countries" type="string[]">
  Allowlisted country codes. Empty array means no restriction.
</ResponseField>

<ResponseField name="blocked_countries" type="string[]">
  Blocklisted country codes.
</ResponseField>

<ResponseField name="wallet_must_be_verified" type="boolean">
  Whether wallet screening must be `"verified"`.
</ResponseField>

<ResponseField name="status" type="string">
  `"active"` or `"inactive"`.
</ResponseField>

<ResponseField name="created_at" type="string">
  ISO 8601 timestamp of when the policy was created.
</ResponseField>

***

## Example

<CodeGroup>
  ```bash curl theme={null}
  curl -X POST https://clearlayer-api-production.up.railway.app/v1/policies \
    -H "Authorization: Bearer cl_test_key_1234567890" \
    -H "Content-Type: application/json" \
    -d '{
      "name": "US Accredited Only",
      "requires_kyc": true,
      "requires_accredited": true,
      "allowed_countries": ["US"],
      "blocked_countries": [],
      "wallet_must_be_verified": true
    }'
  ```
</CodeGroup>

### 201 — Created

```json theme={null}
{
  "id": "pol_m3n4o5p6q7r8",
  "name": "US Accredited Only",
  "requires_kyc": true,
  "requires_accredited": true,
  "allowed_countries": ["US"],
  "blocked_countries": [],
  "wallet_must_be_verified": true,
  "status": "active",
  "created_at": "2024-01-15T10:32:00.000Z"
}
```
