# API Access Policies

Access policies enable control over the client's usage of APIs. This helps prevent overuse of an API by a single client, which could result in degraded performance for the community of API users. While an access policy is optional, if you do not create and associate an access policy with a client, then there is not API usage limits on the client.

An access policy is comprised of two types of limits:

Policy type Description
Rate limit policy Restricts the number of API calls that can be made within a specified short time period, such as a minute.
Request limit policy Restricts the number of API calls that can be made within a longer time period, such as 30 days.

To view existing and create new access policies, navigate to Tools > API platform > Policies.

# Create new access policy

  1. Click Create new policy.
    The Create new policy window appears. Create API Policy Create API Policy
  2. Fill in the following fields:
    • Name: Enter a descriptive name for the policy.
    • Rate limit time interval:
    • Rate limit number of requests:
    • Usage quota time interval:
    • Usage quota number of requests:
  3. Click Create policy.
    The new policy is visible in the Policies page.

Next, associate the policy with an access profile. Proceed to create a client or if you have already done so, create an access profile.

# Managing policy usage

When an API access policy exceeds defined rate limits or usage quotas, servers respond with a 429 error. To help clients with troubleshooting, additional details are provided in responses for requests associated with an API policy.

For 429 responses:

Header Description
retry-after Indicates the timestamp for the next valid request to be made, depending on rate limit or usage allowances.

Last updated: 10/10/2023, 3:48:11 PM