diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
index f54d947..5c11b26 100644
--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
@@ -47,6 +47,7 @@ pub fn routes() -> Vec<Route> {
         post_delete_user,
         post_org_import,
         list_policies,
+        list_policies_token,
         get_policy,
         put_policy,
     ]
@@ -911,6 +912,30 @@ fn list_policies(org_id: String, _headers: AdminHeaders, conn: DbConn) -> JsonRe
     })))
 }
 
+#[get("/organizations/<org_id>/policies/token?<token>")]
+fn list_policies_token(org_id: String, token: String, conn: DbConn) -> JsonResult {
+    let invite = crate::auth::decode_invite(&token)?;
+
+    let invite_org_id = match invite.org_id {
+        Some(invite_org_id) => invite_org_id,
+        None => err!("Invalid token"),
+    };
+
+    if invite_org_id != org_id {
+        err!("Token doesn't match request organization");
+    }
+    
+    // TODO: We receive the invite token as ?token=<>, validate it contains the org id
+    let policies = OrgPolicy::find_by_org(&org_id, &conn);
+    let policies_json: Vec<Value> = policies.iter().map(OrgPolicy::to_json).collect();
+
+    Ok(Json(json!({
+        "Data": policies_json,
+        "Object": "list",
+        "ContinuationToken": null
+    })))
+}
+
 #[get("/organizations/<org_id>/policies/<pol_type>")]
 fn get_policy(org_id: String, pol_type: i32, _headers: AdminHeaders, conn: DbConn) -> JsonResult {
     let pol_type_enum = match OrgPolicyType::from_i32(pol_type) {