Policy Review API
Manage the policy review queue — create reviews, assign reviewers, and resolve findings with approve/reject/dismiss workflows.
Endpoints
GET
/v1/policy-reviewsList policy reviews (filtered, paginated)POST
/v1/policy-reviewsCreate a manual reviewPATCH
/v1/policy-reviews/:idUpdate review (assign, resolve, dismiss)Authentication
All endpoints require API key authentication via x-tork-api-key or Authorization: Bearer header.
List Policy Reviews
GET
/v1/policy-reviewsReturns the review queue with optional filters and pagination. Includes aggregate stats by status.
Query Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
status | string | — | Filter by status: flagged, assigned, in_review, resolved, dismissed |
severity | string | — | Filter by severity: critical, high, medium, low |
type | string | — | Filter by type: canary_alert, manual_review, scheduled_review, bounty_finding |
assignee | string | — | Filter by assignee ID |
page | number | 1 | Page number |
limit | number | 50 | Results per page (max 100) |
Example
bash
curl "https://api.tork.network/v1/policy-reviews?status=flagged&severity=critical&limit=10" \
-H "x-tork-api-key: tork_sk_your_api_key"json
{
"reviews": [
{
"id": "rev_a1b2c3",
"title": "High PII exposure in customer support agent",
"description": "Agent detected processing unredacted SSNs",
"severity": "critical",
"type": "canary_alert",
"status": "flagged",
"assignee": null,
"created_at": "2026-02-12T08:30:00Z",
"updated_at": "2026-02-12T08:30:00Z"
}
],
"total": 3,
"stats": {
"flagged": 3,
"assigned": 5,
"in_review": 2,
"resolved": 48,
"dismissed": 7
},
"page": 1,
"limit": 10
}Create Policy Review
POST
/v1/policy-reviewsCreates a new manual review item in the queue.
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
title | string | Yes | Review title (min 5 characters) |
description | string | Yes | Detailed description (min 10 characters) |
severity | string | Yes | critical, high, medium, or low |
type | string | No | Review type (default: manual_review) |
related_use_case | string | No | Related use case identifier |
bash
curl -X POST "https://api.tork.network/v1/policy-reviews" \
-H "x-tork-api-key: tork_sk_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"title": "Review PII handling in onboarding flow",
"description": "Customer reported seeing partial SSN in confirmation email",
"severity": "high",
"related_use_case": "customer-onboarding"
}'json
{
"review": {
"id": "rev_d4e5f6",
"title": "Review PII handling in onboarding flow",
"description": "Customer reported seeing partial SSN in confirmation email",
"severity": "high",
"type": "manual_review",
"status": "flagged",
"created_at": "2026-02-12T14:00:00Z"
}
}Update Policy Review
PATCH
/v1/policy-reviews/:idUpdate a review by performing an action: assign a reviewer, start review, resolve with a resolution, or dismiss.
Actions
assign— Assign a reviewerFields: assignee_id (required), assignee_name (required)
start_review— Mark review as in progressFields: No additional fields
resolve— Resolve the reviewFields: resolution (required), notes (optional)
dismiss— Dismiss the reviewFields: reason (required)
Resolution values: policy_updated, false_positive, accepted_risk, deferred
Example: Resolve a Review
bash
curl -X PATCH "https://api.tork.network/v1/policy-reviews/rev_a1b2c3" \
-H "x-tork-api-key: tork_sk_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"action": "resolve",
"resolution": "policy_updated",
"notes": "Updated redaction rules to catch partial SSNs"
}'json
{
"review": {
"id": "rev_a1b2c3",
"title": "High PII exposure in customer support agent",
"status": "resolved",
"resolution": "policy_updated",
"notes": "Updated redaction rules to catch partial SSNs",
"resolved_at": "2026-02-12T15:30:00Z"
}
}Error Responses
| Status | Description |
|---|---|
400 | Invalid action, missing required fields, or validation error (e.g., title too short) |
401 | Missing or invalid API key |
404 | Review not found |
429 | Rate limit exceeded |
500 | Internal server error |