To create a security policy with the dashboard, follow these steps:
Step 1: Select Policies from the System Management section
This page displays all the active policies that you have created.
Step 2: Click Add Policy
Enter the following details for your new policy
Step 3: Give the policy a name
All policies require a descriptive name. This helps you to reference it later, and it will appear in drop-down options where you can attach policies to objects such as tokens or OAuth client IDs.
Step 4: Set the rate limit
A rate limit is enforced on all tokens. Set the number of requests per second that a bearer of a token with this policy is allowed to use.
Step 5: Set the quota
A quota limits the number of total requests a user is allowed to have over a longer period of time, so while a rate limit is a rolling window, think of a quota as an absolute maximum that a user is allowed to have over a defined period of time. You can select a period from the Quota resets every drop-down list
Step 6: Add an access rule
Required – An access rule is required for all policies (even partitioned ones) as we need to ensure access is always explicit for APIs managed by Tyk. Select the API you want to add the security policy to from the Add access rule drop-down list and click
Step 7: Save the policy
To make the policy active, click
Create. Once the policy is saved, you will be able to use it when generating tokens, OAuth clients and custom JWT tokens.