Access Policies API: Hybrid REST API mode differences

This document summarizes the differences and important notes for using the Secure Private Access Access Policies APIs in Hybrid REST API mode.

Not applicable parameters in hybrid mode

The following parameters are not applicable and are optional in the hybrid environment and should not be used in requests or relied on in responses:

• userAndGroups (under conditions)
• advancedSettings (under accessRules)

If present, these fields will be ignored or omitted in hybrid mode.

Behavioral differences

• accessRules:
  • Only one access rule is allowed per policy in hybrid mode. Requests attempting to configure multiple rules in one policy will be rejected.
• tagSource (under rules):
  • The value ThirdPartyDevicePosture is not allowed for hybrid mode.

Schema and endpoint notes

• All other request/response schemas and error handling remain unchanged from the standard API, except for the above differences.
• Use the hybrid API base URL and credentials as configured for your hybrid deployment.

Migration note

If migrating to hybrid mode, update your API integrations to:

• Ensure policies contain only one access rule.
• Remove or ignore unsupported fields as listed above.
• Do not use ThirdPartyDevicePosture for tagSource.

Reference

For complete details and examples, refer to the main Access Policies API documentation. This document highlights only the differences for Hybrid REST API mode.