In this article, we explored how to build a secure web application using Strapi policies. We created various policies such as consent policy, rate-limit policy, ip whitelist policy, location-input policy, account-locked policy and is-admin policy. These policies help in ensuring the security of our applications by validating user inputs, controlling access to certain routes, limiting API requests, filtering out malicious IP addresses, blocking accounts for a specified period, and checking if a user has admin privileges. By using Strapi policies, we can ensure that our web application is secure and follows best practices for API security.