Skip to content
noBSredir

Governance

Requires a Team plan or higher.

Link governance is configured as part of the workspace settings. Set the governance field via PATCH /api/workspaces/:wsId.

Setting governance policies

Role: owner

Terminal window
curl -X PATCH https://nobsredir.com/api/workspaces/ws_abc123 \
  -H "X-API-Key: nobs_your_key" \
  -H "Content-Type: application/json" \
  -d '{
    "governance": {
      "require_utm": true,
      "require_tags": true,
      "require_title": false,
      "max_expiry_days": 90,
      "blocked_domains": ["competitor.com", "old-site.com"],
      "allowed_domains": null
    }
  }'

Response 200:

{"ok": true}

Set governance to null to clear all policies.

Errors:

  • 402 - Governance requires a Team plan or higher
  • 400 - Invalid policy (e.g. max_expiry_days not a positive integer, blocked_domains not an array of strings, using both blocked_domains and allowed_domains)

Reading governance policies

Governance is returned in the workspace response:

Terminal window
curl https://nobsredir.com/api/workspaces/ws_abc123 \
  -H "X-API-Key: nobs_your_key"
{
  "id": "ws_abc123",
  "name": "My Workspace",
  "governance": {
    "require_utm": true,
    "require_tags": true,
    "max_expiry_days": 90,
    "blocked_domains": ["competitor.com"]
  }
}

If no governance is configured, the field is null.

Policy fields

FieldTypeDescription
require_utmbooleanRequire UTM parameters (at least source and medium) on every link.
require_tagsbooleanRequire at least one tag on every link.
require_titlebooleanRequire a title on every link.
max_expiry_daysintegerRequire an expiry date within N days. Links must have expires_at set and it must be no more than N days from now.
blocked_domainsstring[]Block links targeting these domains. Subdomain matching is included - blocking example.com also blocks sub.example.com.
allowed_domainsstring[]Only allow links targeting these domains. Subdomain matching is included - allowing example.com also allows sub.example.com. Takes precedence over blocked_domains.

All fields are optional. Only include the policies you want to enforce.

blocked_domains and allowed_domains are mutually exclusive - you cannot set both at the same time.

How enforcement works

Governance policies are checked at link creation time (POST /workspaces/:wsId/links and bulk create). If a link violates any active policy, the request is rejected with a 400 error and a descriptive message.

Example error responses:

{"error": "Governance: UTM parameters (source and medium) are required"}
{"error": "Governance: Target domain 'competitor.com' is blocked"}
{"error": "Governance: Expiry must be set and within 90 days"}

Allowlist example:

{"error": "Workspace policy only allows links to approved domains"}

Governance does not retroactively affect existing links - only new links are validated.