Skip to main content
Access policies gate email-driven Sign In Modules — Self-Provisioning by Email, Meeting Host, Conference, and Event Access. The policy decides which email addresses or domain patterns may sign in. This API family lets an integration manage that allow-list programmatically (HR feed, attendee list, visitor-management system).

Email pattern rules

Three shapes are accepted everywhere emails[] appears:
  • Full addressalice@acme.com
  • Domain wildcard*@acme.com
  • Subdomain wildcard*@*.acme.com
Patterns are normalised server-side. Adding a full address that’s already shadowed by an existing wildcard produces a warning, not an error.

Prerequisites

  • The target Sign-In Context has the access policy you’re editing, and at least one email-driven module bound to it.
  • Your integration has the Context API key and an approved source IP.
See API overview for the common auth, base URL, and status-code model.

Error body

A failed request in this family returns: 
{
  "status": 400,
  "message": "emails must not be empty",
  "request_id": "6f5e4d3c-..."
}
  • status — the HTTP status code, repeated in the body for easy logging.
  • message — human-readable description of what went wrong.
  • request_id — correlation ID; include it when reporting an issue.

Operations

Add emails

POST .../policies/{accessPolicyId}/emails

Remove emails

DELETE .../policies/{accessPolicyId}/emails