Tyk v2.2 Documentation Components

  1. Home
  2. Tyk v2.2 Documentation Components
  3. Create a security policy with the dashboard

Create a security policy with the dashboard

To create a security policy with the dashboard, follow these steps:

Step 1: Select Policies from the System Management section

Policies menu link location

This page displays all the active policies that you have created.

Step 2: Click Add Policy

Add policy button location

Enter the following details for your new policy

Step 3: Give the policy a name

Policy name form

All policies require a descriptive name. This helps you to reference it later, and it will appear in drop-down options where you can attach policies to objects such as tokens or OAuth client IDs.

Step 4: Set the rate limit

Rate limit form

A rate limit is enforced on all tokens. Set the number of requests per second that a bearer of a token with this policy is allowed to use.

Step 5: Set the quota

Quota form

A quota limits the number of total requests a user is allowed to have over a longer period of time, so while a rate limit is a rolling window, think of a quota as an absolute maximum that a user is allowed to have over a defined period of time. You can select a period from the Quota resets every drop-down list

Step 6: Add an access rule

Access rights form

Required – An access rule is required for all policies (even partitioned ones) as we need to ensure access is always explicit for APIs managed by Tyk. Select the API you want to add the security policy to from the Add access rule drop-down list and click Add.

Step 7: Save the policy

Policy partitions form

To make the policy active, click Create. Once the policy is saved, you will be able to use it when generating tokens, OAuth clients and custom JWT tokens.