Policies
Ledger-wide access rules that define which signers (via circles) can perform which operations on which record types.
List policies
Authorization
BearerAuth LedgerHeader Access token obtained from POST /oauth/token
In: header
Handle of the target ledger (e.g. demo-co)
In: header
Query Parameters
Maximum records to return
25value <= 100Records to skip
0Response Body
application/json
curl -X GET "https://demo-co.ldg-stg.one/api/v2/policies"{
"data": [
{
"handle": "hub-owner-access",
"schema": "access",
"record": "any",
"values": [
{
"action": "any",
"record": "any",
"signer": {
"$circle": "owner"
},
"bearer": {
"$signer": {
"$circle": "services"
}
}
}
],
"custom": {}
}
],
"meta": {
"total": 4,
"limit": 25,
"offset": 0
}
}Create policy
Authorization
BearerAuth LedgerHeader Access token obtained from POST /oauth/token
In: header
Handle of the target ledger (e.g. demo-co)
In: header
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
curl -X POST "https://demo-co.ldg-stg.one/api/v2/policies" \ -H "Content-Type: application/json" \ -d '{ "data": { "handle": "hub-owner-access", "schema": "access", "record": "any", "values": [ { "action": "any", "record": "any", "signer": { "$circle": "owner" } }, { "action": { "$in": [ "read", "query" ] }, "record": "any", "bearer": { "$signer": { "$circle": "owner" } } } ] } }'{
"data": {
"handle": "hub-owner-access",
"schema": "access",
"record": "any",
"values": [
{
"action": "any",
"record": "any",
"signer": {
"$circle": "owner"
},
"bearer": {
"$signer": {
"$circle": "services"
}
}
}
],
"custom": {}
}
}Get policy
Authorization
BearerAuth LedgerHeader Access token obtained from POST /oauth/token
In: header
Handle of the target ledger (e.g. demo-co)
In: header
Path Parameters
Record handle
Response Body
application/json
application/json
curl -X GET "https://demo-co.ldg-stg.one/api/v2/policies/pay-20260608-001"{
"data": {
"handle": "hub-owner-access",
"schema": "access",
"record": "any",
"values": [
{
"action": "any",
"record": "any",
"signer": {
"$circle": "owner"
},
"bearer": {
"$signer": {
"$circle": "services"
}
}
}
],
"custom": {}
}
}{
"error": {
"code": "not-found",
"message": "Wallet not found"
}
}Circles
Named signer groups (`owner`, `admin`, `operations`, `security`, `support`, `services`) used in access-control policies to grant permissions to sets of Ed25519 keys.
Bridges
Configurations that connect the ledger to external financial systems — a bridge declares its capabilities (`debits`, `credits`, `anchors`, `events`) and the URL of your bridge server.