Hi @Jesum_Yip - this is certainly possible.
I’d recommend using our access control policies.
You can use policies with the open source gateway, or you can use the GUI in the dashboard or cloud to manage policies if you prefer.
For the example above, setup policy 1, perhaps called “silver policy”, specify in the policy that it provides access to API YYY, limited to a quota of 1,000 calls per 24 hours.
Now create a second policy, “gold policy”, with the same access rights, but with a quota of 2,000 calls per 24 hours.
Now provide access to those policies to whichever clients you wish.
You can add other dimensions of control via a policy also, and it makes it simple to change rights to every client you have, just by changing the policy, instead of reissuing keys for every client.
If you haven’t already, I strongly recommend following our simple, 7 stage ‘getting started with Tyk API Management’ guide. Stage 4 - security policies covers access control policies and introduces the concept in a quick and simple manner. You can do it all in the time it takes to drink a coffee.
Hope that helps
James