I would like to implement quotas for users accessing my API but I'm not sure Tyk will meet my needs by simply reading the documentation.
Currently, my flow could be described as follows :
1. The user provides credentials to the app
2. The app calls the Authorization Server for validation. The token is returned to the user if successful.
3. In the following requests, the app will validate the token (Authorization header) against the Authorization Server before accessing the service.
My problem is that I cannot implement quotas based on tokens since my users would be able to retrieve a new token to avoid the limit. However, I noticed that Tyk Gateway REST API was available for token management. According to your experience, is it possible to manage users at the gateway level or should I change my API authentication method?