> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dataharbor.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Access Control

> Declarative access controls — geo restrictions, expiration, and instant revocation.

# Access Control

**Access on your terms.**

Declarative access controls that enforce where, when, and whether data can flow. Define rules once; enforcement is automatic.

## Geo restrictions

Control where your data can be accessed with allow/deny lists by region.

### Allow list

Only allow requests from specified regions:

```yaml theme={null}
access:
  geo_allow:
    - US
    - EU
    - CA
```

### Deny list

Block requests from specified regions:

```yaml theme={null}
access:
  geo_deny:
    - CN
    - RU
```

Requests from denied regions receive a `403 Forbidden` response.

## Expiration

Set hard expiration dates on any Virtual API. Expiration is configured through the Virtual API UX.

After expiration:

* All requests receive `410 Gone`
* No data is served
* Virtual API can be renewed with a new expiration date

## Instant shutdown

Revoke access immediately via the Virtual API UX. No waiting for tokens to expire.

Revocation is instant. All subsequent requests receive `403 Forbidden`.

## Combining access controls

Geo restrictions can be combined with expiration and instant shutdown for layered access control:

```yaml theme={null}
access:
  geo_allow:
    - US
    - EU
```

## Next steps

<CardGroup cols={2}>
  <Card title="Backplane Control" icon="gauge" href="./backplane-control">
    Add infrastructure-level source protection
  </Card>

  <Card title="REST API Delivery" icon="plug" href="../delivery/rest-api">
    See how access rules apply at the REST delivery layer
  </Card>
</CardGroup>
