> ## Documentation Index
> Fetch the complete documentation index at: https://agenticadvertisingorg-snap-format-preview-links.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Save policy

> Create or update a community-contributed policy. Requires authentication. Registry-sourced and pending-review policies cannot be edited (returns 409). Updates automatically create a revision record.



## OpenAPI

````yaml /static/openapi/registry.yaml post /api/policies/save
openapi: 3.1.0
info:
  title: AgenticAdvertising.org Registry API
  description: >-
    REST API for the AgenticAdvertising.org registry. Resolve brands,

    discover properties, look up agents, and validate authorization in the

    AdCP ecosystem.


    Most endpoints are public and require no authentication. Endpoints marked

    with a lock icon accept either an organization API key or a user JWT

    obtained via the OAuth 2.1 flow — see
    [Authentication](https://agenticadvertising.org/docs/registry/index#authentication).


    **Base URL:** `https://agenticadvertising.org`
  version: 1.0.0
  contact:
    name: AgenticAdvertising.org
    url: https://agenticadvertising.org
servers:
  - url: https://agenticadvertising.org
    description: Production
security: []
tags:
  - name: Onboarding
    description: >-
      Explicitly bootstrap a third-party integration into the AAO registry. Most
      callers don't need this tag — `POST /api/me/agents` auto-creates the org
      (for fresh users) and the member profile (for first-time agent
      registration) without a separate round trip. Use `POST /api/organizations`
      only when you need to override the auto-derived org name / company_type /
      revenue_tier. Tier transitions happen via the billing flow only; the
      Stripe webhook is the sole writer of `organizations.membership_tier`.
  - name: Member Agents
    description: >-
      Register, list, update, and remove agents on the caller's organization
      member profile. Authenticated programmatic surface for CI / scripts that
      don't want to round-trip the full member profile.
  - name: Brand Resolution
    description: Resolve advertiser domains to canonical brand identities.
  - name: Property Resolution
    description: >-
      Resolve publisher domains to their property configurations and authorized
      agents.
  - name: Agent Discovery
    description: >-
      Browse the federated agent network, search agent inventory profiles,
      publisher index, and registry statistics.
  - name: Change Feed
    description: Poll cursor-based registry change events for local sync.
  - name: Lookups & Authorization
    description: >-
      Look up agents by domain or property, and validate ad-serving
      authorization.
  - name: Validation Tools
    description: >-
      Validate publisher adagents.json files and generate compliant
      configurations.
  - name: Community Mirrors
    description: >-
      Publish, fetch, list, and retire catalog-only adagents.json mirrors for
      platforms that have not adopted AdCP.
  - name: Search
    description: Cross-entity search across brands, publishers, agents, and properties.
  - name: Agent Probing
    description: >-
      Connect to live agents and inspect their capabilities, formats, and
      inventory.
  - name: Brand Discovery
    description: Discover and crawl brand.json files across domains.
  - name: Agent Compliance
    description: Agent compliance status, storyboard test results, and compliance history.
  - name: Policy Registry
    description: >-
      Browse, resolve, and contribute governance policies for campaign
      compliance.
paths:
  /api/policies/save:
    post:
      tags:
        - Policy Registry
      summary: Save policy
      description: >-
        Create or update a community-contributed policy. Requires
        authentication. Registry-sourced and pending-review policies cannot be
        edited (returns 409). Updates automatically create a revision record.
      operationId: savePolicy
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                policy_id:
                  type: string
                  example: my_brand_safety
                  description: Lowercase alphanumeric with underscores
                version:
                  type: string
                  example: 1.0.0
                name:
                  type: string
                  example: Acme Corp Brand Safety
                category:
                  type: string
                  enum:
                    - regulation
                    - standard
                enforcement:
                  type: string
                  enum:
                    - must
                    - should
                    - may
                policy:
                  type: string
                  example: >-
                    Ads must not appear adjacent to content depicting
                    violence...
                description:
                  type: string
                jurisdictions:
                  type: array
                  items:
                    type: string
                region_aliases:
                  type: object
                  additionalProperties:
                    type: array
                    items:
                      type: string
                policy_categories:
                  type: array
                  items:
                    type: string
                channels:
                  type: array
                  items:
                    type: string
                effective_date:
                  type: string
                sunset_date:
                  type: string
                governance_domains:
                  type: array
                  items:
                    type: string
                source_url:
                  type: string
                  description: Must use http:// or https://
                source_name:
                  type: string
                guidance:
                  type: string
                exemplars:
                  type: object
                  properties:
                    pass:
                      type: array
                      items:
                        type: object
                        properties:
                          scenario:
                            type: string
                          explanation:
                            type: string
                        required:
                          - scenario
                          - explanation
                    fail:
                      type: array
                      items:
                        type: object
                        properties:
                          scenario:
                            type: string
                          explanation:
                            type: string
                        required:
                          - scenario
                          - explanation
                ext:
                  type: object
                  additionalProperties: {}
              required:
                - policy_id
                - version
                - name
                - category
                - enforcement
                - policy
      responses:
        '200':
          description: Policy saved
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    enum:
                      - true
                  message:
                    type: string
                  policy_id:
                    type: string
                  revision_number:
                    type:
                      - integer
                      - 'null'
                required:
                  - success
                  - message
                  - policy_id
                  - revision_number
        '400':
          description: Validation error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '401':
          description: Authentication required
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '409':
          description: Cannot edit registry-sourced or pending policy
          content:
            application/json:
              schema:
                type: object
                properties:
                  error:
                    type: string
                  policy_id:
                    type: string
                required:
                  - error
                  - policy_id
        '429':
          description: Rate limit exceeded
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
      security:
        - bearerAuth: []
        - oauth2: []
components:
  schemas:
    Error:
      type: object
      properties:
        error:
          type: string
      required:
        - error
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: >-
        Bearer token in the `Authorization` header. Two token types are
        accepted:


        - **Organization API key** (`sk_...`) issued via the dashboard.
        Org-scoped, long-lived, for server-to-server use.

        - **User JWT** obtained via the OAuth 2.1 authorization code flow with
        PKCE. User-scoped, short-lived. Discover the authorization server at
        `/.well-known/oauth-authorization-server` and the protected-resource
        metadata at `/.well-known/oauth-protected-resource/api`.
    oauth2:
      type: oauth2
      description: >-
        OAuth 2.1 authorization code flow with PKCE. Users authenticate via
        AuthKit and clients receive a Bearer JWT that authorizes both the MCP
        endpoint and this REST API. Dynamic client registration is supported at
        `/register`.
      flows:
        authorizationCode:
          authorizationUrl: https://agenticadvertising.org/authorize
          tokenUrl: https://agenticadvertising.org/token
          refreshUrl: https://agenticadvertising.org/token
          scopes:
            openid: User identifier
            profile: User profile information
            email: User email address

````