You are here:
Agentforce Gateway Policy Templates
To create a policy, start from a template. Available templates depend on whether you protect API or MCP server connections.
Templates for API Connections
Manage API traffic and security by limiting outbound call volumes and restricting access to specific HTTP methods or paths. Prevent resource exhaustion and make sure that agents only interact with authorized endpoints according to your security requirements.
Quota Management Policy Template
The Quota Management policy template is available for both API connections and MCP server connections. It limits outbound calls to selected connections by limiting the number of requests that agents can send during a specified period. You can configure these settings:
- Call Limit: Maximum number of calls that the policy allows within the specified time interval.
- Time Interval: Duration over which the specified call limit applies.
- Quota Type by API Operation: How the quota is distributed among API operations.
- Shared: A single quota shared across all operations. For example, with 100 calls per second shared across operations, if operation A uses 50, the remaining operations collectively have 50 left.
- Per API operation: An individual limit for each operation. For example, if the limit is 100 calls per second, each operation allows 100 calls per second.
- Quota Type by Agent: How the quota is distributed among target agents:
- Shared: AA single quota shared across all agents. For example, with 100 calls per second, if agent A uses 50, agents B and C together have 50 left.
- Per Agent: An individual limit for each agent. For example, with 100 calls per second per agent, agents A, B, and C can each make 100 calls per second independently.
Restrictive Access Policy Template
The Restrictive Access policy template applies only to API connections. It restricts the HTTP paths and methods that Flex Gateway allows. You can configure these settings:
- Methods: HTTP methods to restrict.
- Path: Paths to restrict. The field supports string paths, and wildcards
*match any segment. For example,/users/*/detailsmatches/users/123/detailsor/users/john/details. By default,*means all paths.
Templates for MCP Server Connections
Control outbound request volumes and tool-level access for MCP server connections by applying quota and attribute-based policy templates. Ensure stable server performance and prevent unauthorized agents from executing restricted tools.
Quota Management Policy Template
The Quota Management policy template is available for both API connections and MCP server connections. It limits outbound calls to selected connections by limiting the number of requests that agents can send during a specified period. You can configure these settings:
- Call Limit: Maximum number of calls that the policy allows within the specified time interval.
- Time Interval: Duration over which the specified call limit applies.
- Quota Type by Tool: How the quota is distributed among MCP tools:
- Shared: An individual quota shared across all tools. For example, with 100 calls per second shared across tools, if tool A uses 50, the remaining tools collectively have 50 left.
- Per Tool: An individual limit for each tool. For example, if the limit is 100 calls per second, each tool allows 100 calls per second.
- Quota Type by Agent: How the quota is distributed among target agents:
- Shared: All agents share one limit. For example, with 100 calls per second, if agent A uses 50, agents B and C together have 50 left.
- Per Agent: An individual limit for each agent. For example, with 100 calls per second per agent, agents A, B, and C can each make 100 calls per second independently.
MCP Attribute-Based Access Control Policy Template
The MCP Attribute-Based Access Control policy template is available for MCP server connections only. It controls agent access to MCP server tools by tool name. You allow or block specific tools on the MCP server.
