Create policy definition.
curl --request POST \
--url https://{tenant}/api/portal/policies \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"access_rights": {
"8ddd91f3cda9453442c477b06c4e2da4": {
"allowed_urls": [
{
"methods": [
"GET"
],
"url": "/users"
}
],
"api_id": "8ddd91f3cda9453442c477b06c4e2da4",
"api_name": "Itachi API",
"disable_introspection": false,
"versions": [
"Default"
]
}
},
"active": true,
"hmac_enabled": false,
"is_inactive": false,
"key_expires_in": 2592000,
"max_query_depth": -1,
"meta_data": {
"email": "itachi@tyk.io",
"user_type": "mobile_user"
},
"name": "Sample policy",
"partitions": {
"acl": true,
"complexity": false,
"per_api": false,
"quota": true,
"rate_limit": true
},
"per": 60,
"quota_max": 10000,
"quota_renewal_rate": 3600,
"rate": 1000,
"tags": [
"security"
],
"throttle_interval": 10,
"throttle_retry_limit": 10
}
'import requests
url = "https://{tenant}/api/portal/policies"
payload = {
"access_rights": { "8ddd91f3cda9453442c477b06c4e2da4": {
"allowed_urls": [
{
"methods": ["GET"],
"url": "/users"
}
],
"api_id": "8ddd91f3cda9453442c477b06c4e2da4",
"api_name": "Itachi API",
"disable_introspection": False,
"versions": ["Default"]
} },
"active": True,
"hmac_enabled": False,
"is_inactive": False,
"key_expires_in": 2592000,
"max_query_depth": -1,
"meta_data": {
"email": "itachi@tyk.io",
"user_type": "mobile_user"
},
"name": "Sample policy",
"partitions": {
"acl": True,
"complexity": False,
"per_api": False,
"quota": True,
"rate_limit": True
},
"per": 60,
"quota_max": 10000,
"quota_renewal_rate": 3600,
"rate": 1000,
"tags": ["security"],
"throttle_interval": 10,
"throttle_retry_limit": 10
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
access_rights: {
'8ddd91f3cda9453442c477b06c4e2da4': {
allowed_urls: [{methods: ['GET'], url: '/users'}],
api_id: '8ddd91f3cda9453442c477b06c4e2da4',
api_name: 'Itachi API',
disable_introspection: false,
versions: ['Default']
}
},
active: true,
hmac_enabled: false,
is_inactive: false,
key_expires_in: 2592000,
max_query_depth: -1,
meta_data: {email: 'itachi@tyk.io', user_type: 'mobile_user'},
name: 'Sample policy',
partitions: {acl: true, complexity: false, per_api: false, quota: true, rate_limit: true},
per: 60,
quota_max: 10000,
quota_renewal_rate: 3600,
rate: 1000,
tags: ['security'],
throttle_interval: 10,
throttle_retry_limit: 10
})
};
fetch('https://{tenant}/api/portal/policies', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenant}/api/portal/policies",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'access_rights' => [
'8ddd91f3cda9453442c477b06c4e2da4' => [
'allowed_urls' => [
[
'methods' => [
'GET'
],
'url' => '/users'
]
],
'api_id' => '8ddd91f3cda9453442c477b06c4e2da4',
'api_name' => 'Itachi API',
'disable_introspection' => false,
'versions' => [
'Default'
]
]
],
'active' => true,
'hmac_enabled' => false,
'is_inactive' => false,
'key_expires_in' => 2592000,
'max_query_depth' => -1,
'meta_data' => [
'email' => 'itachi@tyk.io',
'user_type' => 'mobile_user'
],
'name' => 'Sample policy',
'partitions' => [
'acl' => true,
'complexity' => false,
'per_api' => false,
'quota' => true,
'rate_limit' => true
],
'per' => 60,
'quota_max' => 10000,
'quota_renewal_rate' => 3600,
'rate' => 1000,
'tags' => [
'security'
],
'throttle_interval' => 10,
'throttle_retry_limit' => 10
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://{tenant}/api/portal/policies"
payload := strings.NewReader("{\n \"access_rights\": {\n \"8ddd91f3cda9453442c477b06c4e2da4\": {\n \"allowed_urls\": [\n {\n \"methods\": [\n \"GET\"\n ],\n \"url\": \"/users\"\n }\n ],\n \"api_id\": \"8ddd91f3cda9453442c477b06c4e2da4\",\n \"api_name\": \"Itachi API\",\n \"disable_introspection\": false,\n \"versions\": [\n \"Default\"\n ]\n }\n },\n \"active\": true,\n \"hmac_enabled\": false,\n \"is_inactive\": false,\n \"key_expires_in\": 2592000,\n \"max_query_depth\": -1,\n \"meta_data\": {\n \"email\": \"itachi@tyk.io\",\n \"user_type\": \"mobile_user\"\n },\n \"name\": \"Sample policy\",\n \"partitions\": {\n \"acl\": true,\n \"complexity\": false,\n \"per_api\": false,\n \"quota\": true,\n \"rate_limit\": true\n },\n \"per\": 60,\n \"quota_max\": 10000,\n \"quota_renewal_rate\": 3600,\n \"rate\": 1000,\n \"tags\": [\n \"security\"\n ],\n \"throttle_interval\": 10,\n \"throttle_retry_limit\": 10\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://{tenant}/api/portal/policies")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"access_rights\": {\n \"8ddd91f3cda9453442c477b06c4e2da4\": {\n \"allowed_urls\": [\n {\n \"methods\": [\n \"GET\"\n ],\n \"url\": \"/users\"\n }\n ],\n \"api_id\": \"8ddd91f3cda9453442c477b06c4e2da4\",\n \"api_name\": \"Itachi API\",\n \"disable_introspection\": false,\n \"versions\": [\n \"Default\"\n ]\n }\n },\n \"active\": true,\n \"hmac_enabled\": false,\n \"is_inactive\": false,\n \"key_expires_in\": 2592000,\n \"max_query_depth\": -1,\n \"meta_data\": {\n \"email\": \"itachi@tyk.io\",\n \"user_type\": \"mobile_user\"\n },\n \"name\": \"Sample policy\",\n \"partitions\": {\n \"acl\": true,\n \"complexity\": false,\n \"per_api\": false,\n \"quota\": true,\n \"rate_limit\": true\n },\n \"per\": 60,\n \"quota_max\": 10000,\n \"quota_renewal_rate\": 3600,\n \"rate\": 1000,\n \"tags\": [\n \"security\"\n ],\n \"throttle_interval\": 10,\n \"throttle_retry_limit\": 10\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://{tenant}/api/portal/policies")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"access_rights\": {\n \"8ddd91f3cda9453442c477b06c4e2da4\": {\n \"allowed_urls\": [\n {\n \"methods\": [\n \"GET\"\n ],\n \"url\": \"/users\"\n }\n ],\n \"api_id\": \"8ddd91f3cda9453442c477b06c4e2da4\",\n \"api_name\": \"Itachi API\",\n \"disable_introspection\": false,\n \"versions\": [\n \"Default\"\n ]\n }\n },\n \"active\": true,\n \"hmac_enabled\": false,\n \"is_inactive\": false,\n \"key_expires_in\": 2592000,\n \"max_query_depth\": -1,\n \"meta_data\": {\n \"email\": \"itachi@tyk.io\",\n \"user_type\": \"mobile_user\"\n },\n \"name\": \"Sample policy\",\n \"partitions\": {\n \"acl\": true,\n \"complexity\": false,\n \"per_api\": false,\n \"quota\": true,\n \"rate_limit\": true\n },\n \"per\": 60,\n \"quota_max\": 10000,\n \"quota_renewal_rate\": 3600,\n \"rate\": 1000,\n \"tags\": [\n \"security\"\n ],\n \"throttle_interval\": 10,\n \"throttle_retry_limit\": 10\n}"
response = http.request(request)
puts response.read_body{
"Message": "663b4bbd5715ec323b424dca",
"Meta": null,
"Status": "OK"
}{
"Message": "This policy name has already been used. Enter a unique policy name.",
"Meta": null,
"Status": "Error"
}{
"Message": "Not authorised",
"Meta": null,
"Status": "Error"
}{
"Message": "Request body malformed.",
"Meta": null,
"Status": "Error"
}{
"Message": "Failure creating data, please contact your administrator.",
"Meta": null,
"Status": "Error"
}Policies
Create policy definition.
Creating policy definitions is slightly different to the core API, API definitions are wrapped inside an api_definition field and event handlers, such as webhooks are not embedded in the main api_definition object (though they can be), webhooks are instead appended as references into the hook_references field, the API will embed the correct webhook data into the event handler interface.
POST
/
api
/
portal
/
policies
Create policy definition.
curl --request POST \
--url https://{tenant}/api/portal/policies \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"access_rights": {
"8ddd91f3cda9453442c477b06c4e2da4": {
"allowed_urls": [
{
"methods": [
"GET"
],
"url": "/users"
}
],
"api_id": "8ddd91f3cda9453442c477b06c4e2da4",
"api_name": "Itachi API",
"disable_introspection": false,
"versions": [
"Default"
]
}
},
"active": true,
"hmac_enabled": false,
"is_inactive": false,
"key_expires_in": 2592000,
"max_query_depth": -1,
"meta_data": {
"email": "itachi@tyk.io",
"user_type": "mobile_user"
},
"name": "Sample policy",
"partitions": {
"acl": true,
"complexity": false,
"per_api": false,
"quota": true,
"rate_limit": true
},
"per": 60,
"quota_max": 10000,
"quota_renewal_rate": 3600,
"rate": 1000,
"tags": [
"security"
],
"throttle_interval": 10,
"throttle_retry_limit": 10
}
'import requests
url = "https://{tenant}/api/portal/policies"
payload = {
"access_rights": { "8ddd91f3cda9453442c477b06c4e2da4": {
"allowed_urls": [
{
"methods": ["GET"],
"url": "/users"
}
],
"api_id": "8ddd91f3cda9453442c477b06c4e2da4",
"api_name": "Itachi API",
"disable_introspection": False,
"versions": ["Default"]
} },
"active": True,
"hmac_enabled": False,
"is_inactive": False,
"key_expires_in": 2592000,
"max_query_depth": -1,
"meta_data": {
"email": "itachi@tyk.io",
"user_type": "mobile_user"
},
"name": "Sample policy",
"partitions": {
"acl": True,
"complexity": False,
"per_api": False,
"quota": True,
"rate_limit": True
},
"per": 60,
"quota_max": 10000,
"quota_renewal_rate": 3600,
"rate": 1000,
"tags": ["security"],
"throttle_interval": 10,
"throttle_retry_limit": 10
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
access_rights: {
'8ddd91f3cda9453442c477b06c4e2da4': {
allowed_urls: [{methods: ['GET'], url: '/users'}],
api_id: '8ddd91f3cda9453442c477b06c4e2da4',
api_name: 'Itachi API',
disable_introspection: false,
versions: ['Default']
}
},
active: true,
hmac_enabled: false,
is_inactive: false,
key_expires_in: 2592000,
max_query_depth: -1,
meta_data: {email: 'itachi@tyk.io', user_type: 'mobile_user'},
name: 'Sample policy',
partitions: {acl: true, complexity: false, per_api: false, quota: true, rate_limit: true},
per: 60,
quota_max: 10000,
quota_renewal_rate: 3600,
rate: 1000,
tags: ['security'],
throttle_interval: 10,
throttle_retry_limit: 10
})
};
fetch('https://{tenant}/api/portal/policies', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenant}/api/portal/policies",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'access_rights' => [
'8ddd91f3cda9453442c477b06c4e2da4' => [
'allowed_urls' => [
[
'methods' => [
'GET'
],
'url' => '/users'
]
],
'api_id' => '8ddd91f3cda9453442c477b06c4e2da4',
'api_name' => 'Itachi API',
'disable_introspection' => false,
'versions' => [
'Default'
]
]
],
'active' => true,
'hmac_enabled' => false,
'is_inactive' => false,
'key_expires_in' => 2592000,
'max_query_depth' => -1,
'meta_data' => [
'email' => 'itachi@tyk.io',
'user_type' => 'mobile_user'
],
'name' => 'Sample policy',
'partitions' => [
'acl' => true,
'complexity' => false,
'per_api' => false,
'quota' => true,
'rate_limit' => true
],
'per' => 60,
'quota_max' => 10000,
'quota_renewal_rate' => 3600,
'rate' => 1000,
'tags' => [
'security'
],
'throttle_interval' => 10,
'throttle_retry_limit' => 10
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://{tenant}/api/portal/policies"
payload := strings.NewReader("{\n \"access_rights\": {\n \"8ddd91f3cda9453442c477b06c4e2da4\": {\n \"allowed_urls\": [\n {\n \"methods\": [\n \"GET\"\n ],\n \"url\": \"/users\"\n }\n ],\n \"api_id\": \"8ddd91f3cda9453442c477b06c4e2da4\",\n \"api_name\": \"Itachi API\",\n \"disable_introspection\": false,\n \"versions\": [\n \"Default\"\n ]\n }\n },\n \"active\": true,\n \"hmac_enabled\": false,\n \"is_inactive\": false,\n \"key_expires_in\": 2592000,\n \"max_query_depth\": -1,\n \"meta_data\": {\n \"email\": \"itachi@tyk.io\",\n \"user_type\": \"mobile_user\"\n },\n \"name\": \"Sample policy\",\n \"partitions\": {\n \"acl\": true,\n \"complexity\": false,\n \"per_api\": false,\n \"quota\": true,\n \"rate_limit\": true\n },\n \"per\": 60,\n \"quota_max\": 10000,\n \"quota_renewal_rate\": 3600,\n \"rate\": 1000,\n \"tags\": [\n \"security\"\n ],\n \"throttle_interval\": 10,\n \"throttle_retry_limit\": 10\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://{tenant}/api/portal/policies")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"access_rights\": {\n \"8ddd91f3cda9453442c477b06c4e2da4\": {\n \"allowed_urls\": [\n {\n \"methods\": [\n \"GET\"\n ],\n \"url\": \"/users\"\n }\n ],\n \"api_id\": \"8ddd91f3cda9453442c477b06c4e2da4\",\n \"api_name\": \"Itachi API\",\n \"disable_introspection\": false,\n \"versions\": [\n \"Default\"\n ]\n }\n },\n \"active\": true,\n \"hmac_enabled\": false,\n \"is_inactive\": false,\n \"key_expires_in\": 2592000,\n \"max_query_depth\": -1,\n \"meta_data\": {\n \"email\": \"itachi@tyk.io\",\n \"user_type\": \"mobile_user\"\n },\n \"name\": \"Sample policy\",\n \"partitions\": {\n \"acl\": true,\n \"complexity\": false,\n \"per_api\": false,\n \"quota\": true,\n \"rate_limit\": true\n },\n \"per\": 60,\n \"quota_max\": 10000,\n \"quota_renewal_rate\": 3600,\n \"rate\": 1000,\n \"tags\": [\n \"security\"\n ],\n \"throttle_interval\": 10,\n \"throttle_retry_limit\": 10\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://{tenant}/api/portal/policies")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"access_rights\": {\n \"8ddd91f3cda9453442c477b06c4e2da4\": {\n \"allowed_urls\": [\n {\n \"methods\": [\n \"GET\"\n ],\n \"url\": \"/users\"\n }\n ],\n \"api_id\": \"8ddd91f3cda9453442c477b06c4e2da4\",\n \"api_name\": \"Itachi API\",\n \"disable_introspection\": false,\n \"versions\": [\n \"Default\"\n ]\n }\n },\n \"active\": true,\n \"hmac_enabled\": false,\n \"is_inactive\": false,\n \"key_expires_in\": 2592000,\n \"max_query_depth\": -1,\n \"meta_data\": {\n \"email\": \"itachi@tyk.io\",\n \"user_type\": \"mobile_user\"\n },\n \"name\": \"Sample policy\",\n \"partitions\": {\n \"acl\": true,\n \"complexity\": false,\n \"per_api\": false,\n \"quota\": true,\n \"rate_limit\": true\n },\n \"per\": 60,\n \"quota_max\": 10000,\n \"quota_renewal_rate\": 3600,\n \"rate\": 1000,\n \"tags\": [\n \"security\"\n ],\n \"throttle_interval\": 10,\n \"throttle_retry_limit\": 10\n}"
response = http.request(request)
puts response.read_body{
"Message": "663b4bbd5715ec323b424dca",
"Meta": null,
"Status": "OK"
}{
"Message": "This policy name has already been used. Enter a unique policy name.",
"Meta": null,
"Status": "Error"
}{
"Message": "Not authorised",
"Meta": null,
"Status": "Error"
}{
"Message": "Request body malformed.",
"Meta": null,
"Status": "Error"
}{
"Message": "Failure creating data, please contact your administrator.",
"Meta": null,
"Status": "Error"
}Authorizations
The Tyk Dashboard API Access Credentials
Body
application/json
Show child attributes
Show child attributes
Show child attributes
Show child attributes
Show child attributes
Show child attributes
Show child attributes
Show child attributes
Was this page helpful?
⌘I