Governance API
The Governance API enables administrators to create and manage data governance policies, generate compliance reports, and maintain oversight of content access and usage within your organization. Ensure data security and regulatory compliance through comprehensive governance controls. Configure in the Glean UI under Admin → Governance. You can also configure the same using the APIs provided. Each policy or report scans every indexed document according to its settings and surfaces any violations for review.
Authorization
To call the policy and report endpoints, create a Client API token with scope DATA_GOVERNANCE. The token must belong to a user who can access the Sensitive Content pages (for example, a Super Admin or Sensitive Content Moderator).
For content-hiding endpoints, generate a token with scope CONTENT_HIDING. The associated user must be able to edit visibility overrides, typically a Super Admin.
See Authentication for detailed steps.
Difference between policies and reports
A report runs a one-off scan and lets you download violations as a CSV when it finishes.
Policies support two schedules—WEEKLY and CONTINUOUS.
A policy adds an interactive dashboard where you can review findings, archive items, and optionally hide flagged documents.
Note: Policy and report APIs share many request fields. Ensure any shared fields use consistent values within the same payload.
APIs
Governance APIs fall into three groups: policy, report, and content-hiding endpoints.
Both policies and reports share a common configuration object, config. This has certain fields that need not be populated while submitting a report or policy to be created as they are only meant to be populated on return. Namely, the config version, createdAt and createdBy will automatically be set without needing to be passed.
Policy APIs
With these endpoints, you can perform CRUD operations on policies. Policies created/edited through these would reflect in the Sensitive Findings section under the Admin > Governance section in the Glean UI.
Report APIs
Only creating a one-time report is supported via API for reports. You can get the report's scan status to check if it has completed and download its violation CSV. For any of the other features such as updating, other frequencies, etc., please use policies.
Reports created using this endpoint will appear in the "Sensitive Content Reporting" section under Admin > Governance in the UI.
Content hiding APIs
Content hiding works by setting "visibility overrides" to a particular document. These overrides can come from different sources, such as:
-
Existing policies that might flag a document meeting its requirements if "auto-hide" is enabled.
-
If it is manually hidden by a user. Different users are treated as different sources.
-
If a document is present in the CSV for hiding it.
On manually hiding, the document will have a visibility override set with source type "user". On manually unhiding, the document will be unhidden from all sources (not just the user source). All its visibility overrides will be removed and the document will be visible on Glean.