OrgIPPolicy

Per-org IP allowlist policy: mode and the canonical CIDR list applied to authenticated requests.

object
Type: string

Resource type identifier
id
Type: string

Unique identifier for the policy. Empty when the org has no row yet (default representation).
org_id
Type: string

Organization this policy belongs to
mode
Type: string

Enforcement mode: disabled skips evaluation, enforce rejects off-list requests, dry_run allows them but emits an audit event.
allowlist
Type: array string[]

Canonical, deduplicated CIDR list. Bare IPs submitted on PATCH are stored as /32 (IPv4) or /128 (IPv6).
updated_by
Type: object · User

User who last updated the policy. Omitted when the row has never been edited or when the edit originated from an org key.
- object
  Type: string
  
  Resource type identifier
- id
  Type: string
  
  Unique identifier for the user
- email
  Type: string
  
  User's email address
- first_name
  Type: string
  
  User's first name
- last_name
  Type: string
  
  User's last name
- avatar_url
  Type: string
  
  URL to user's avatar image
- mfa_enabled
  Type: boolean
  
  Whether MFA is enabled for this user
- created_at
  Type: string
  
  When the user was created
- updated_at
  Type: string
  
  When the user was last updated
- last_login_at
  Type: string
  
  When the user last successfully authenticated anywhere (global across all orgs; nil if never). For per-org login recency, see the membership resource's last_login_at.
- last_active_at
  Type: string
  
  When the user last made an authenticated request anywhere (global across all orgs; debounced ~1 minute, nil if never). For per-org activity recency, see the membership resource's last_active_at.
created_at
Type: string

When the policy row was created. Empty for the default representation.
updated_at
Type: string

When the policy row was last updated. Empty for the default representation.