To create a security policy with the dashboard, follow these steps:
Step 1: Navigate to the policies management page
Step 2: Click the add policy button
This page lists out all the policies that you have created. Once you have reached the policies list you need to click the add policy button.
Step 3: Give the policy a name
All policies require a descriptive name, this helps you to reference it later, and it will appear in drop-down options where you can attach policies to objects such as tokens or OAuth client IDs.
Step 4: Set the rate limit
A rate limit is enforced on all tokens, set the number of requests per second that a bearer of a token with this policy is allowed to use.
Step 5: Set the quota
A quota limits the number of total requests a user is allowed to have over a longer period of time, so while a rate limit is a rolling window, think of a quota as an absolute maximum that a user is allowed to have over a week, a day or a month.
Step 6: Add a security entry
Required – A security entry is required for all policies (even partitioned ones) as we need to ensure access is always explicit for APIs managed by Tyk.
Step 7: Save the policy
To make the policy active, select the
Create button. Once the policy is saved, you will be able to use it when generating tokens, OAuth clients and custom JWT tokens.