API Builder includes access controls such as:
- API keys
- website origin restrictions
- IP address restrictions
- key rotation
Why this matters
API Builder is not just an endpoint generator. It is also the delivery environment, so access policy is part of the product itself rather than something users have to bolt on elsewhere.
Typical access-policy workflow
- Create or rotate an access key.
- Decide whether the API should be callable from any client or only an approved set.
- Add origin restrictions, IP restrictions, or both.
- Test the behavior before handing the API to another team or application.