# Update a policy > **PUT** `https://api.us.nylas.com/v3/policies/{policy_id}` Source: https://developer.nylas.com/docs/reference/api/policies/update-policy/ Updates the specified policy. All fields are optional — only provided fields are updated. The same plan-limit, spam sensitivity, and retention-period validation applies as on create. **Authentication:** NYLAS_API_KEY ## Parameters ### Path parameters | Name | Type | Required | Description | |------|------|----------|-------------| | `policy_id` | string | Yes | The ID of the policy to access. | ## Request body Content-Type: application/json - `name` (string) - `limits` (object) - `limit_attachment_size_limit` (integer) - `limit_attachment_count_limit` (integer) - `limit_attachment_allowed_types` (array) - `limit_size_total_mime` (integer) - `limit_storage_total` (integer) - `limit_count_daily_message_received` (integer) - `limit_count_daily_email_sent` (integer) - `limit_inbox_retention_period` (integer) - `limit_spam_retention_period` (integer) - `rules` (array) - `spam_detection` (object) - `use_list_dnsbl` (boolean) - `use_header_anomaly_detection` (boolean) - `spam_sensitivity` (number) ## Responses ### 200 - OK - `request_id` (string) - ID of the request. - `data` (object) - `id` (string) - Globally unique identifier for the policy (UUID). - `name` (string) - A human-readable name for the policy. Required on create. - `application_id` (string) - The ID of the application that owns the policy. Read-only; derived from the authenticated API key. - `organization_id` (string) - The ID of the Nylas organization that owns the policy. Read-only; derived from the authenticated API key. - `limits` (object) - Operational limits enforced for inboxes that use this policy. All fields are optional. If omitted, each limit defaults to the plan's maximum allowed value. If a requested value exceeds the plan limit, the API returns an error. - `limit_attachment_size_limit` (integer) - Maximum size (in bytes) for a single attachment. - `limit_attachment_count_limit` (integer) - Maximum number of attachments allowed on a single message. - `limit_attachment_allowed_types` (array) - Allowed attachment MIME types. If empty or omitted, all types permitted by the plan are allowed. - `limit_size_total_mime` (integer) - Maximum total MIME size (in bytes) for a single message, including all attachments. - `limit_storage_total` (integer) - Maximum total storage (in bytes) for each inbox that uses this policy. - `limit_count_daily_message_received` (integer) - Maximum number of messages each grant can receive per day. - `limit_count_daily_email_sent` (integer) - Maximum number of messages each grant can send per day. - `limit_inbox_retention_period` (integer) - How long (in days) to retain messages in the inbox before they are deleted. Must be greater than `limit_spam_retention_period` when both are set. - `limit_spam_retention_period` (integer) - How long (in days) to retain messages in the spam folder before they are deleted. Must be shorter than `limit_inbox_retention_period` when both are set. - `rules` (array) - (Legacy) Rule IDs linked to this policy. Rule evaluation uses the `rule_ids` array on the [workspace](/docs/reference/api/workspaces/), not the policy. Set rules on the workspace instead. Whether rules are allowed depends on your plan. - `spam_detection` (object) - Spam detection configuration for inboxes that use this policy. - `use_list_dnsbl` (boolean) - If `true`, enables DNS-based block list (DNSBL) checking on inbound messages. - `use_header_anomaly_detection` (boolean) - If `true`, enables header anomaly detection on inbound messages. - `spam_sensitivity` (number) - Spam detection sensitivity. Must be between `0.1` and `5.0`. Higher values mark more messages as spam. - `created_at` (integer) - When the policy was created, in seconds using the Unix timestamp format. - `updated_at` (integer) - When the policy was last updated, in seconds using the Unix timestamp format. ### 400 - Bad Request - `request_id` (string) - The request ID. - `error` (object) - The response error object. - `type` (string) - The error type. - `message` (string) - The error message. - `provider_error` (object) - The error from the provider. ### 401 - Unauthorized - `request_id` (string) - The request ID. - `error` (object) - The response error object. - `type` (string) - The error type. - `message` (string) - The error message. - `provider_error` (object) - The error from the provider. ### 404 - Not Found - `request_id` (string) - The request ID. - `error` (object) - The response error object. - `type` (string) - The error type. - `message` (string) - The error message. - `provider_error` (object) - The raw error from the provider, if available - `code` (string) - `message` (string) ### 429 - Rate Limit - `request_id` (string) - The request ID. - `error` (object) - The response error object. - `type` (string) - The error type. - `message` (string) - The error message. ## Code samples ### cURL ```bash curl -X PUT "https://api.us.nylas.com/v3/policies/" \ -H "Authorization: Bearer " \ -H "Content-Type: application/json" \ -d '{ "rules": ["", ""] }' ``` ### Node.js SDK ```javascript import Nylas from "nylas"; const nylas = new Nylas({ apiKey: "", apiUri: "", }); async function updatePolicy() { try { const policy = await nylas.policies.update({ policyId: "", requestBody: { limits: { limitInboxRetentionPeriod: 180, }, }, }); console.log("Updated policy:", policy); } catch (error) { console.error("Error updating policy:", error); } } updatePolicy(); ``` ### Python SDK ```python from nylas import Client nylas = Client( "", "", ) policy = nylas.policies.update( policy_id="", request_body={ "rules": ["", ""], }, ) print(policy) ```