The authorization functionality serves to track incoming calls for each Api key and enforce the selected terms of service.
In application architecture terms, the authorization module is located in the front-end of the application and it is called immediately after the authentication interceptor for each authenticated incoming call.
It allows or denies access based on client status, requested resource ownership and rate limits.