To create security policy with the dashboard is very straightforward and only requires a few steps:
Step 1: navigate to the policies section:
Step 2: select the add policy button
This page lists out all the policies that you have created. Once you have reached the policies list you need to select the button to add a policy.
Step 3: Give the policy a name
All policies require a descriptive name, this helps you to reference it later and it will show up in drop-down options where you can attach policies to objects such as tokens or OAuth client IDs
Step 4: Set the rate limit
A rate limit is enforced on all tokens, set the number of requests per second that a bearer of a token with this policy is allowed to use.
Step 5: Set the quota
Quota’s limit the number of total requests a user is allowed to have over a longer period of time, so while a rate limit is a rolling window, think of a quota as an absolute maximum that a user is allowed to have over a week, a day or a month.
Step 6: Add a security entry
Required A security entry is required for all policies (even partitioned ones) as we need to ensure access is always explicit for APIs managed by Tyk.
Step 7: Save the policy
To make the policy active, select the “Create” button. Once the policy is saved, you will be able to use it when generating tokens, OAuth clients and custom JWT tokens.