A single policy ID is specified in a JWT. An API has multiple routes/end-points that each may have different rate-limiting and quota requirements. Currently it would require re-authenticating or requesting a delegation token with a specified policy.
I'm thinking it might be more flexible to create groups of policies and specify the group in the JWT.
Also the configuration for APIs is a file for each, but there is only one policy.json.
I'm thinking it would be nice if we could change or add policies a file per policy or group of policies.