Policy per end-point instead of per JWT


#1

A single policy ID is specified in a JWT. An API has multiple routes/end-points that each may have different rate-limiting and quota requirements. Currently it would require re-authenticating or requesting a delegation token with a specified policy.

I’m thinking it might be more flexible to create groups of policies and specify the group in the JWT.
Also the configuration for APIs is a file for each, but there is only one policy.json.
I’m thinking it would be nice if we could change or add policies a file per policy or group of policies.


#2

Hi Troy

Thanks for the suggestion, I’ve passed it to the product team who are looking at our v2.4 release.

James