Tyk v2.2 Documentation Components

HomeTyk v2.2 Documentation ComponentsTutorial: Create Security Policy Using API

Tutorial: Create Security Policy Using API

To create an API Security Policy using the API is a single call. It is very similar to the token creation object, and the two are very similar. To generate a simple security policy using the Tyk Cloud API you can use the following curl command:

curl -X POST -H "authorization: {API-TOKEN}"
 -H "Content-Type: application/json"
 -d '{
      "access_rights": {
        "{API-ID}": {
          "allowed_urls": [],
          "api_id": "{API-ID}",
          "api_name": "{API-NAME}",
          "versions": [
      "active": true,
      "name": "POLICY NAME",
      "rate": 100,
      "per": 1,
      "quota_max": 10000,
      "quota_renewal_rate": 3600,
      "tags": ["Startup Users"]
 https://admin.cloud.tyk.io/api/portal/policies | python -mjson.tool

You must replace:

  • {API-TOKEN}: Your API Token for the dashboard API
  • {API-ID}: The API ID you wish this policy to grant access to, there can be more than one of these entries
  • {API-NAME}: The name of the API that is being granted access to (this is not required, but helps when debugging or auditing)
  • POLICY NAME: The name of this security policy

The main elements that are important are:

  • access_rights: A list of objects representing which APIs that you haev configured to grant access to
  • rate and per: The number of requests per second to allow
  • quota_max: The maximum number of allowed requests over a quota period
  • quota_renewal_rate: how often the quota resets, in seconds. In this case we have set it to renew every hour.

When you send this request, you should see the following reply with your Policy ID:

    "Message": "577a8589428a6b0001000017",
    "Meta": null,
    "Status": "OK"

You can then use this policy ID in the apply_policy_id field of an API Token. Please see the relevant documentation on session objects for more information about how tokens are attached to policies.

For more information on how Policies are constructed and a detailed explanation of their properties, please see the Security Policies section.

Was this article helpful to you? Yes No