Skip to main content
Get Policy Gateway evaluating your traffic in six steps.

1. Create a project

In the console, create a project. Each project holds:
FieldPurpose
name, descriptionDisplay metadata
statusactive or disabled
budgetrequests / tokens / window (daily, weekly, monthly) — project-wide quota
user_quotaPer-user quota, keyed on the X-Policy-User header
web_toolsenabled + allowed_domains + blocked_domains — restricts web_search / web_fetch reach
policy_idThe policy this project evaluates against (set in step 3)
Projects hold exactly one policy. API keys are scoped to exactly one project.

2. Write a policy

Policies have three sections: metadata, rules, deployment.
Start with deployment.enabled: false — shadow mode. Attach the policy via the console, or via API:

4. Issue a scoped API key

In the console, create an API key under the project. That key is bound to the project — every request made with it is evaluated against the linked policy.

5. Send traffic through the policy surface

Point your client at /policy/* (not /v1/*) so policy evaluation and metadata injection happen:
See policy endpoints for header semantics.

6. Observe, then enforce

Let shadow mode run. Review decisions in the console or via your configured connector. When the allow/refuse rate looks right, flip deployment.enabled: true and ramp percentage from 10 → 100 using canary mode.
Last modified on May 3, 2026