This topic provides references on the identity-based permission policies of API Gateway, including system policies and custom policies. You can select or configure a policy to implement fine-grained access control and management based on your business requirements.
System policies
API Gateway provides different system policies for you to attach to Resource Access Management (RAM) identities based on your business requirements. For more information, see System policies for ApiGateway.
Custom policies
Aside from system policies, API Gateway allows you to create, update, and delete custom policies. You must maintain and manage custom policies on your own. For more information, see Reference for API Gateway custom policies.