With our latest update, we are introducing mutate endpoints (Create, Update, Delete) alongside existing read-only capabilities (Get, List) for data loss prevention (DLP) rules and detectors. This allows super admins to programmatically manage and fully automate the entire lifecycle of their DLP policies, from initial creation to real-time activation and deactivation.
Note this is an API-only launch for capabilities currently supported in the Admin console.
About DLP
DLP lets Workspace admins control external file sharing to prevent sensitive information leaks. It scans files for violations, triggering incidents and protective actions like content blocking.
How DLP works:
- Admins define rules for sensitive content across Drive, Gmail, Chat, and Chrome.
- DLP scans content for DLP rule violations that trigger DLP incidents.
- DLP enforces the rules you defined and violations trigger actions, such as alerts.
- Admins are alerted for DLP rule violations.
 |
| Summary of capabilities supported by mutate endpoints for DLP |
Getting started
- Admins: You must be a super admin to use the Policy API. See our developer documentation to learn more about the Policy API. You can also use GAM, an open source tool for managing Workspace, which now supports the Policy API.
- End users: This is an admin-only capability.
Rollout pace
- Rapid Release and Scheduled Release domains: Available now
Availability
- Available to all Google Workspace customers and Workspace Individual subscribers
Resources
- Google Cloud Identity Help: Policy API Overview
- Google Cloud Identity Help: REST Resource: policies
- Google Cloud Identity Help: Setting up the Policy API
- Google Cloud Identity Help: Listing and getting policies
- Google Cloud Identity Help: Creating, patching, and deleting policies
- Google Workspace Updates Blog: The Policy API is now generally available with support for auditing more security features