Get Policy Gateway evaluating your traffic in six steps.
1. Create a project
In the console, create a project. Each project holds:
| Field | Purpose |
|---|
name, description | Display metadata |
status | active or disabled |
budget | requests / tokens / window (daily, weekly, monthly) — project-wide quota |
user_quota | Per-user quota, keyed on the X-Policy-User header |
web_tools | enabled + allowed_domains + blocked_domains — restricts web_search / web_fetch reach |
policy_id | The policy this project evaluates against (set in step 3) |
Projects hold exactly one policy. API keys are scoped to exactly one project.
2. Write a policy
Policies have three sections: metadata, rules, deployment.
Start with deployment.enabled: false — shadow mode.
3. Link policy to project
Attach the policy via the console, or via API:
4. Issue a scoped API key
In the console, create an API key under the project. That key is bound to the project — every request made with it is evaluated against the linked policy.
5. Send traffic through the policy surface
Point your client at /policy/* (not /v1/*) so policy evaluation and metadata injection happen:
See policy endpoints for header semantics.
6. Observe, then enforce
Let shadow mode run. Review decisions in the console or via your configured connector. When the allow/refuse rate looks right, flip deployment.enabled: true and ramp percentage from 10 → 100 using canary mode. Last modified on May 3, 2026