Policy management API - POST a policy boundary

Latest Dynatrace
Reference
Published Nov 20, 2025

Creates a new policy boundary within a level. You can't create a global-level boundary, as these are managed by Dynatrace.

The request consumes and produces an application/json payload.

POST	`https://api.dynatrace.com/iam/v1/repo/account/{accountId}/boundaries`

Authentication

To execute this request, you need the Allow IAM policy configuration for environments (iam-policies-management) permission assigned to your token. To learn how to obtain and use it, see OAuth clients.

Parameters

Parameter	Type	Description	In	Required
accountId	-	The ID of the policy boundary level. Use the UUID of the account.	path	required
body	PolicyBoundaryDto	The JSON body of the request. Contains new policy boundary	body	required

Request body objects

The `PolicyBoundaryDto` object

Element	Type	Description	Required
name	string	The display name of the policy boundary.	required
boundaryQuery	string	The boundary query of the policy boundary.	required
metadata	Map	The metadata of the policy boundary.	required

The `Map` object

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

{
  "name": "string",
  "boundaryQuery": "string",
  "metadata": {}
}

Response

Response codes

Code	Type	Description
201	PolicyBoundaryOverview	Successful response - policy boundary created
400	ErrorDto	Failed. The request is invalid
404	ErrorDto	Failed. The specified resource is not found.

Response body objects

The `PolicyBoundaryOverview` object

Element	Type	Description
uuid	string	-
levelType	string	-
levelId	string	-
name	string	The display name of the policy boundary.
boundaryQuery	string	The boundary query of the policy boundary.
boundaryConditions	Condition[]	-
metadata	Map	The metadata of the policy boundary.

The `Condition` object

Element	Type	Description
name	string	The name of the condition. It indicates which part of the services is checked by the condition.
operator	string	The operator of the condition.
values	string[]	A list of reference values of the condition.

Element

Type

Description

name

string

The name of the condition.

It indicates which part of the services is checked by the condition.

operator

string

The operator of the condition.

values

string[]

A list of reference values of the condition.

The `Map` object

Response body JSON model

{
  "uuid": "string",
  "levelType": "string",
  "levelId": "string",
  "name": "string",
  "boundaryQuery": "string",
  "boundaryConditions": [
    {
      "name": "string",
      "operator": "string",
      "values": [
        "string"
      ]
    }
  ],
  "metadata": {}
}

Validate payload

We recommend that you validate the payload before submitting it with an actual request. A response code of 200 indicates a valid payload.

The request consumes an application/json payload.

POST	`https://api.dynatrace.com/iam/v1/repo/account/{accountId}/boundaries/validation`

Authentication

Parameters

Parameter	Type	Description	In	Required
accountId	-	The ID of the policy boundary level. Use the UUID of the account.	path	required
body	PolicyBoundaryDto	The JSON body of the request. Contains new policy boundary	body	required

Request body objects

The `PolicyBoundaryDto` object

Element	Type	Description	Required
name	string	The display name of the policy boundary.	required
boundaryQuery	string	The boundary query of the policy boundary.	required
metadata	Map	The metadata of the policy boundary.	required

The `Map` object

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

{
  "name": "string",
  "boundaryQuery": "string",
  "metadata": {}
}

Example

In this example, the request creates a new policy boundary within a level. It a new policy boundary for the accountID f1a2b3c4-d5e6-7890-ab12-34cd56ef7890.

Curl

curl --request POST \
  --url https://api.dynatrace.com/iam/v1/repo/account/f1a2b3c4-d5e6-7890-ab12-34cd56ef7890/boundaries \
  --header 'accept: application/json' \
  --header 'Authorization: Bearer abcdefjhij1234567890' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "name_string",
  "boundaryQuery": "boundaryQuery",
  "metadata": {}
  }'

Request URL

https://api.dynatrace.com/iam/v1/repo/account/f1a2b3c4-d5e6-7890-ab12-34cd56ef7890/boundaries

Request body

{
  "name": "bnd_teamAA",
  "boundaryQuery": "storage:dt.security_context = \"TEAM-AA\";",
  "metadata": {}
}

Response body

{
  "uuid": "9a7b6c54-3d2e-4f10-a8b2-7cde9012f345",
  "levelType": "account",
  "levelId": "f1a2b3c4-d5e6-7890-ab12-34cd56ef7890",
  "name": "bnd_teamAA",
  "boundaryQuery": "storage:dt.security_context = \"TEAM-AA\";",
  "boundaryConditions": [
    {
      "name": "storage:dt.security_context",
      "operator": "EQ",
      "values": [
        "TEAM-AA"
      ]
    }
  ],
  "metadata": {}
}

Response code

201 - Successful response - policy boundary created.

Policy management API - POST a policy boundary

Authentication

Parameters

Request body objects

The PolicyBoundaryDto object

The Map object

Request body JSON model

Response

Response codes

Response body objects

The PolicyBoundaryOverview object

The Condition object

The Map object

Response body JSON model

Validate payload

Authentication

Parameters

Request body objects

The PolicyBoundaryDto object

The Map object

Request body JSON model

Example

Curl

Request URL

Request body

Response body

Response code

The `PolicyBoundaryDto` object

The `Map` object

The `PolicyBoundaryOverview` object

The `Condition` object

The `Map` object

The `PolicyBoundaryDto` object

The `Map` object