Explore our detailed API documentation, integration guides, and code samples to seamlessly integrate PolicyForge into your application.
PolicyForge provides a complete OpenAPI 3.0.3 specification that AI coding tools (Cursor, Copilot, Claude, etc.) can consume to automatically handle legal compliance for your application.
https://policyforge.co/openapi.json to auto-discover all endpointsOur RESTful API allows you to programmatically generate, manage, and deploy legal policies. Base URL: https://policyforge.co/api/v1
| Method | Endpoint | Description |
|---|---|---|
POST | /policies | Generate a compliance policy |
GET | /policies | List all policies |
GET | /policies/{id} | Get a specific policy |
PATCH | /policies/{id} | Update a policy |
DELETE | /policies/{id} | Delete a policy |
POST | /consent | Record user consent |
GET | /consent/{userId} | Get consent records |
The API follows the OpenAPI 3.0.3 specification, making it easy to integrate with any programming language, framework, or AI tool.
The PolicyForge API uses API keys for authentication. You can generate and manage your API keys in the Settings section of your dashboard.
Keep your API keys secure and never expose them in client-side code.
// Example: Setting the API key in a request header
const apiKey = 'YOUR_API_KEY';
fetch('/api/policies', {
headers: {
'Authorization': `Bearer ${apiKey}`,
'Content-Type': 'application/json'
},
...
});Our API endpoints accept various parameters to customize policy generation and management. Below are the comprehensive parameter options organized by endpoint.
We provide code samples in various programming languages to help you get started quickly.
Generate a GDPR-compliant privacy policy for a SaaS product.
const response = await fetch('https://policyforge.co/api/v1/policies', {
method: 'POST',
headers: {
'Authorization': 'Bearer pf_YOUR_API_KEY',
'Content-Type': 'application/json'
},
body: JSON.stringify({
type: 'privacy_policy',
business_type: 'saas',
jurisdiction: 'gdpr',
company_name: 'Acme Inc',
contact_email: 'privacy@acme.com',
website_url: 'https://acme.com',
data_collection: ['name', 'email', 'usage_data'],
third_party_integrations: ['Stripe', 'Google Analytics'],
user_accounts: true,
payments: true,
analytics: true
})
});
const policy = await response.json();
console.log(policy.hosted_url); // Public URL for your policyGenerate a terms of service and list all policies.
import requests
API_KEY = "pf_YOUR_API_KEY"
BASE_URL = "https://policyforge.co/api/v1"
headers = {"Authorization": f"Bearer {API_KEY}"}
# Generate a terms of service
policy = requests.post(f"{BASE_URL}/policies", headers=headers, json={
"type": "terms_of_service",
"business_type": "e-commerce",
"jurisdiction": "ccpa",
"company_name": "ShopDirect LLC",
"contact_email": "legal@shopdirect.com",
"website_url": "https://shopdirect.com",
"payments": True,
"user_accounts": True
}).json()
print(f"Policy hosted at: {policy['hosted_url']}")
# List all policies
policies = requests.get(f"{BASE_URL}/policies", headers=headers).json()
print(f"Total policies: {policies['total']}")Quick command-line policy generation.
curl -X POST https://policyforge.co/api/v1/policies \
-H "Authorization: Bearer pf_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"type": "privacy_policy",
"business_type": "saas",
"jurisdiction": "gdpr",
"company_name": "Acme Inc",
"contact_email": "privacy@acme.com"
}'API rate limits are based on your subscription tier. Every response includes rate limit headers.
| Tier | Requests/min | Requests/day |
|---|---|---|
| Free | 10 | 100 |
| Pro | 60 | 5,000 |
| Enterprise | 300 | 50,000 |
X-RateLimit-Limit: 60 # Max requests per window
X-RateLimit-Remaining: 45 # Remaining requests
X-RateLimit-Reset: 1707667200 # Unix timestamp for reset| Code | Meaning | Resolution |
|---|---|---|
| 400 | Validation Error | Check the details array for specific field errors |
| 401 | Unauthorized | Check your API key is valid and included as a Bearer token |
| 403 | Subscription Limit | Free tier limit reached — upgrade to Pro for unlimited policies |
| 404 | Not Found | The policy ID doesn't exist or doesn't belong to your account |
| 429 | Rate Limited | Wait until X-RateLimit-Reset or upgrade your plan |
| 500 | Server Error | Retry the request. If persistent, contact support |
Webhooks deliver real-time notifications when events occur in your PolicyForge account. Configure webhooks from your dashboard to automate compliance workflows.
policy.createdA new policy was generated via API or dashboardpolicy.updatedA policy's content or settings were modifiedpolicy.deletedA policy was permanently deletedconsent.recordedA visitor's consent preferences were recordedEach webhook delivers a JSON payload with an HMAC-SHA256 signature for verification.
// Headers
X-PolicyForge-Signature: sha256=<hmac of body using your webhook secret>
Content-Type: application/json
// Body
{
"event": "policy.created",
"timestamp": "2026-02-11T10:30:00Z",
"data": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"type": "privacy",
"title": "Privacy Policy - Acme Inc",
"status": "published",
"hosted_url": "https://policyforge.co/policy/privacy-acme-inc"
}
}Verify webhook authenticity using your webhook secret.
import crypto from 'crypto';
function verifyWebhook(body, signature, secret) {
const expected = 'sha256=' + crypto
.createHmac('sha256', secret)
.update(body)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}Use the OpenAPI spec to auto-generate clients in any language, or use our REST API directly. Official SDKs are coming soon.
Official JavaScript/TypeScript SDK for PolicyForge API.
Official Python SDK for PolicyForge API.
Our developer support team is ready to help you integrate PolicyForge into your application.