Hi @maantarng, welcome to the community and thanks for taking the time to explore Tyk.
From what I have skimmed through about ACL in Kong, I don’t think Tyk has a one to one matching.
However, if you want to restrict user 1 to access API A and B but want user 2 to only access API C, then you can do that with the access rights section in Keys.
"access_rights": {
"<API ID>": {
"allowance_scope": "",
"allowed_urls": [
{
"url": "/deny",
"methods": [
"GET"
]
}
],
"api_id": "<API ID>",
"api_name": "<API NAME>",
"limit": {
"max_query_depth": -1,
"per": 60,
"quota_max": -1,
"quota_remaining": 0,
"quota_renewal_rate": -1,
"quota_renews": 0,
"rate": 3,
"throttle_interval": -1,
"throttle_retry_limit": -1
},
"restricted_types": [<FOR GRAPH QL USE CASE IF I CAN REMEMBER CORRECTLY>],
"versions": [
"2.0.0"
]
}
}
You can also use policies for more complex scenarios. We have a writeup explaining the concept on partition policies with a few examples and use cases.
Considering you are still exploring, this thread may shed some light if you have questions about the relationship between API, Keys and Policies