Policy Configuration
Governance policies control how vendor queries are filtered, rate-limited, and audited. You can use the built-in templates or create custom policies with field-level granularity.
Policy templates
| Template | Rate limits | Max results | Governance flags |
|---|---|---|---|
| Standard | 60/min, 1K/hr, 10K/day | 50 | Anti-training, stateless, no-cache |
| Restricted | 20/min, 300/hr, 3K/day | 25 | Anti-training, stateless, no-cache |
| Open | 120/min, 5K/hr, 50K/day | 100 | None |
Governance flags
anti_training_enabled
Adds X-Robots-Tag: noai, noimageai and X-Conduit-Anti-Training: true headers. Signals that response data must not be used for AI/ML model training.
require_stateless
Adds X-Conduit-Stateless: true. Instructs vendors to treat each query independently and not persist results.
no_cache_headers
Adds Cache-Control: no-store, no-cache, must-revalidate. Prevents intermediary caching of governed responses.
Field-level access control
Each policy defines rules for individual RESO fields. Fields can be:
***@***.com)RESO field registry (60 fields)
Fields marked with * have non-public base sensitivity levels:
address (8 fields, base: public)
StreetNumberStreetNameStreetAddressCityStateOrProvincePostalCodeCountyOrParishCountryproperty (10 fields, base: public)
PropertyTypePropertySubTypeBedroomsTotalBathroomsTotalBathroomsFullLivingAreaLotSizeAreaLotSizeUnitsYearBuiltStorieslisting (12 fields, base: public / restricted*)
ListingIdListingKeyStandardStatusMlsStatusListPriceClosePrice*OriginalListPriceListingContractDateCloseDateDaysOnMarketModificationTimestampPublicRemarksagent (12 fields, base: mixed)
ListAgentFullNameListAgentEmail*ListAgentMlsId*ListAgentDirectPhone*ListOfficeNameListOfficeKeyBuyerAgentFullNameBuyerAgentEmail*BuyerAgentMlsId*BuyerAgentDirectPhone*BuyerOfficeNameBuyerOfficeKeyfinancial (8 fields, base: restricted)
TaxAnnualAmountTaxAssessedValueAssociationFeeAssociationFeeFrequencyOriginalEntryTimestampPricePerSquareFootFinancialDataSourceConcessionsmedia (5 fields, base: public)
MediaPhotosCountVirtualTourURLUnbrandedMainImageURLMediaModificationTimestampcompliance (5 fields, base: public)
CopyrightNoticeDisclaimerTextLastUpdateDateDataSourceOriginatingSystemNameCreating custom policies
Create custom policies via the API with specific rate limits and field rules:
POST /api/mls/policies
{
"name": "Premium Partner",
"description": "High-trust vendor with expanded access",
"rate_limit_per_minute": 200,
"rate_limit_per_hour": 10000,
"rate_limit_per_day": 100000,
"max_results_per_query": 200,
"anti_training_enabled": true,
"require_stateless": false,
"no_cache_headers": false,
"field_rules": [
{ "field_name": "ListAgentEmail", "access_level": "masked", "mask_format": "***@***.com" },
{ "field_name": "ListAgentDirectPhone", "access_level": "masked", "mask_format": "(***) ***-****" }
]
}[i]Policy assignment