The current document discloses systems and methods that implement access controls for service providers. When a client requests access to a service provider, but does not satisfy the conditions for non-limited access, the service provider provides limited access to the services based at least in part on a limited access policy. The limited access policy establishes a limitation that defines when the limited access to the service provider expires. In some implementations, the service provider issues a signed access token to the client, and the access token includes an expiration value that is updated when service requests are processed. When the access token expires, access to the service is terminated.