I think I now understand what it is you want to achieve. And unfortunately the Policy, Key and API relationship are not designed that way.
You can create keys in 2 ways:
- From a policy - which is being used as a template
- Directly on a range of API(s) - as set in the
access_rightssection in the definition
You cannot combine both of them to try and achieve something complex. It’s either the APIs are defined in the policy (where they can be managed) or they are defined in the key. Adding the same API in the access_rights when it’s already present in the policy does not override the values already set in policy.
If you’ve specified the access_rights in the policy, then there is no need to set it again in the key. Tyk first checks if there is a policy assigned to the key. If there is a policy template, then it would use that. If not then it would use the APIs as defined in the key. A policy can only managed the access_rights of the APIs that are set within it. The policy cannot manage or modify the properties set in a key, unless enforcement is enabled in the policy.
I hope this makes it clear.