Application programming interfaces (API's) allow a customer to interact with a service. As API's evolve, it may be desirable to release features to certain subsets of customers for a beta test or for other special relationships. For example, releasing the features to a subset of customers has been managed by using a whitelist. The whitelist was reviewed at various points of API code during processing of an API request. This whitelist approach can be difficult to scale well, such as when features are large and much checking is done. Using a whitelist can also put the responsibility for managing the restricted API on a developer to manually enforce the restriction.