OrgIPPolicy

Per-org IP allowlist policy: mode and the canonical CIDR list applied to authenticated requests.

object
Type: string

Resource type identifier
id
Type: string

Unique identifier for the policy.
org_id
Type: string

Organization this policy belongs to
mode
Type: string

Enforcement mode: disabled skips evaluation, enforce rejects off-list requests, dry_run allows them but emits an audit event.
allowlist
Type: array string[]

Canonical, deduplicated CIDR list. Bare IPs submitted on PATCH are stored as /32 (IPv4) or /128 (IPv6).
updated_by
Type: object · Actor

Actor (session user, personal API key, or org API key) that last updated the policy. Omitted for the never-seeded defensive fallback row.
- object
  Type: string
  
  Resource type identifier
- method
  Type: string
  
  Principal class. One of session, personal_key, org_key, system.
- user
  Type: object · User
  
  Full user profile. Populated for session and personal_key (the key owner) when the user row is resolvable; null for org_key and system, and also null when the user row was deleted after the attribution was recorded.
- personal_key
  Type: object · ActorPersonalKey
  
  Personal API key pointer. Populated only for personal_key.
- org_key
  Type: object · ActorOrgKey
  
  Org API key pointer. Populated only for org_key.
created_at
Type: string

When the policy row was created.
updated_at
Type: string

When the policy row was last updated.