Tyk v2.2 Documentation Components

  1. Home
  2. Tyk v2.2 Documentation Components
  3. Developer Portal Concepts: Policies

Developer Portal Concepts: Policies

In the context of the developer portal, a security policy is the main “element” being exposed to public access. The policy is the same as a standard policy, and the policy forms the baseline template that gets used when the portal generates a token for the developer.

Security policies are used instead of a one-to-one mapping because they encapsulate all the information needed for a public API programme:

  1. Rate limits
  2. Quota
  3. Access Lists (What APIs and which versions are permitted)
  4. Granular access (Which methods and paths are allowed, e.g. you may want to only expose read-only access to the portal, so only GET requests are allowed)
  5. Multi-key-management (With a policy, you can manage thousands of tokens, instead of one by one)

Within the developer portal admin area, under a developer record, you will see their subscriptions. Those subscriptions represent the tokens they have and their policy level access. It is possible to then “upgrade” or “downgrade” a developers access without actually managing their token, but just assigning a new policy to that token.