Skip to main content
POST
/
tyk
/
policies
Create a policy.
curl --request POST \
  --url https://{tenant}/tyk/policies \
  --header 'Content-Type: application/json' \
  --header 'X-Tyk-Authorization: <api-key>' \
  --data '
{
  "access_rights": {
    "8ddd91f3cda9453442c477b06c4e2da4": {
      "allowed_urls": [
        {
          "methods": [
            "GET"
          ],
          "url": "/users"
        }
      ],
      "api_id": "8ddd91f3cda9453442c477b06c4e2da4",
      "api_name": "Itachi api",
      "disable_introspection": false,
      "versions": [
        "Default"
      ]
    }
  },
  "active": true,
  "hmac_enabled": false,
  "id": "5ead7120575961000181867e",
  "is_inactive": false,
  "key_expires_in": 2592000,
  "max_query_depth": -1,
  "meta_data": {
    "update": "sample policy update",
    "user_type": "mobile_user"
  },
  "name": "Sample policy",
  "partitions": {
    "acl": true,
    "complexity": false,
    "per_api": false,
    "quota": true,
    "rate_limit": true
  },
  "per": 60,
  "quota_max": 10000,
  "quota_renewal_rate": 3600,
  "rate": 1000,
  "tags": [
    "security"
  ],
  "throttle_interval": 10,
  "throttle_retry_limit": 10
}
'
{
  "action": "added",
  "key": "5ead7120575961000181867e",
  "status": "ok"
}

Authorizations

X-Tyk-Authorization
string
header
required

Api key

Body

application/json
_id
string
Example:

"5ead7120575961000181867e"

access_rights
object
active
boolean
Example:

true

enable_http_signature_validation
boolean
Example:

false

graphql_access_rights
object
hmac_enabled
boolean
Example:

false

id
string
Example:

"5ead7120575961000181867e"

is_inactive
boolean
Example:

false

key_expires_in
integer<int64>
Example:

0

last_updated
string
Example:

"1655965189"

max_query_depth
integer
Example:

-1

meta_data
object
name
string
Example:

"Swagger Petstore Policy"

org_id
string
Example:

"5e9d9544a1dcd60001d0ed20"

partitions
object
per
number<double>
Example:

60

post_expiry_action
enum<string>

Defines the action to take on a Session in Redis after it expires. Valid values are "retain" and "delete".

Available options:
retain,
delete
Example:

"delete"

post_expiry_grace_period
integer<int64>

Duration in seconds to retain a Session in Redis after it expires. Used with post_expiry_action "retain". Set to -1 to retain indefinitely.

Example:

0

quota_max
integer<int64>
Example:

-1

quota_renewal_rate
integer<int64>
Example:

3600

rate
number<double>
Example:

1000

smoothing
object
tags
string[] | null
throttle_interval
number<double>
Example:

-1

throttle_retry_limit
integer
Example:

-1

Response

Policy created.

action
string
Example:

"modified"

key
string
Example:

"b13d928b9972bd18"

key_hash
string
status
string
Example:

"ok"