Skip to main content
Skip table of contents


Policies associated with an app.


Apply one or more Blue Cedar policies to an app. 

This resource adds the policies you choose to any policies that have been previously applied to the app. The policy console validates the components, checking that provisioning profiles are properly formed, and allowing any special code for entitlements to run. If you want to remove policies from an app, see DELETE app-market/policy/{GUID}

App updates

Each time you apply policies to an app, the policy console secures the app with updated policies, which updates the app on the policy console.

Required policies

You must apply the MAP.Next policy to use any of the other Blue Cedar policies. It does not have its own features, but it enables the other policies.  The only exception is Master policy—it applies the MAP.Next policy if you do not.





Required. The GUID for the app. To get the GUIDs for all apps in the system, use GET app-market/catalog; use the value of app_id within the app structure.

policyIds[ ]

The GUID for each policy you want to apply to the app. For a list of available Blue Cedar policies, use GET app-policy/catalog; use the value of policy_id within the policy structure.


An array of policy codes. For a list of available policy codes, see Configuring security policies for your apps.

Note: You must set at least one policy value, using either policyIds[ ] or policyCodes[]; you can use either or both policy arrays, and you can apply more than one policy to an app by setting multiple values.


Required. The GUID for the policy profile. To get the GUIDs for all profiles in the system, use GET profile/catalog; use the value of profile_id within the profile structure. In the API call, use the specific parameter for each policy:

  • app_customization_profile_id
  • browser_profile_id
  • client_certs_profile_id
  • dar_profile_id
  • data_sharing_profile_id
  • device_posture_profile_id
  • diagnostics_profile_id
  • end_user_license_agreement_profile_id
  • local_auth_profile_id
  • master_profile_id
  • secure_web_stack_profile_id
  • signing_profile_id
  • trusted_server_certs_profile_id
  • vpn_profile
save_as_masterOptional. You can use save_as_master to name and save the set of policies and profiles specified in this API call as a master policy profile.

JSON object to set signing attributes for this app:

  • signing_type: The method to use for code-signing the app. Values:
    • SIGN_ON_CONSOLE: Default. Code sign the app with this API call.
    • SIGN_EXTERNALLY: Apply the policies with this API, but code-sign the app externally. Use app-market/export-for-codesigning to download a zip file that includes the app, signing settings, and a signing script.
    • SKIP_CODESIGN: Skip code signing.

When signing_type is SIGN_ON_CONSOLE or SIGN_EXTERNALLY, you must provide a signing profile via signing_profile_id.

Example request

This command selects an app and secures it with a Secure Microtunnel policy and profile:


curl -b c.txt -c c.txt -X POST \
-d appId=87f5da9-8673-41bd-8d09-c8dcb5a916a8 \
-d policyIds[]=POLICY_CODE_MAP_NEXT \
-d policyIds[]=deef3458-9900-4e4c-ab23-232ebb3a8680 \
-d vpn_profile=40a6c1ac-a7b9-4903-a857-7db71db23881 

This command selects an app ID and secures it with three policies and their associated profiles, saving that set of three profiles as a master profile. It also specifies that the app will be code-signed manually. 


curl -b c.txt -c c.txt -X POST \
 -d appId=87f5da9-8673-41bd-8d09-c8dcb5a916a8 \
 -d save_as_master="MyMasterProfile" \ 
 -d policyCodes[]=POLICY_CODE_MAP_NEXT \
 -d vpn_profile=40a6c1ac-a7b9-4903-a857-7db71db23881 \
 -d app_customization_profile_id=6b61c1d2-f149-4680-b325-fb4efa24ed71 \ 
 -d policyCodes[]=POLICY_CODE_LOCAL_AUTH \ 
 -d local_auth_profile_id=82904240-d018-4122-b13d-1d561587ab07 \
 -d signing="{\"signing_type\":\"SKIP_CODESIGNING\"}"

Note that this example uses a Master profile, therefore setting the MAP.Next policy is optional. However, the signing profile cannot be part of the master profile.


curl -b c.txt -c c.txt -X POST \
-F appId=11eef64f-4d55-4637-ab3c-eef20a108596 \
-F policyIds[]=63ee4324-45f1-442c-9ead-b2b797c52b05 \
-F master_profile_id=2ee64c1b-729f-4139-bd4d-ffd44a0f13ca \
-F policyCodes[]=POLICY_CODE_SIGNING \ 
-F signing_profile_id=6b61c1d2-f149-9876-b325-fb4efa74ed71 \
-F signing="{\"signing_type\":\"SIGN_ON_CONSOLE\"}"

This command secures an app to be code-signed manually:

curl -b c.txt -c c.txt -X POST \
-F appId=11eef64f-4d55-4637-ab3c-eef20a108596 \
-F policyIds[]=63ee4324-45f1-442c-9ead-b2b797c52b05 \
-F master_profile_id=2ee64c1b-729f-4139-bd4d-ffd44a0f13ca \
-F signing="{\"signing_type\":\"SKIP_CODESIGN\"}"
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.