Renaming keys is not possible (see #34). Would be useful for Basic Auth users

Any support for cache?

Hitting the same request twice or more with a cache can really save resource/backend server load.

The diagram is pushed to the right, see http://i.imgur.com/mN39b6M.png

Any ideas on adding an extensibility layer? Things like translating the request, customized logging and integration with existing apis (for quotas as an example) all come to mind.

I think you got it right when you say you want to keep tyk simple, yet by having an extensibility layer you allow your users to extend it to adapt to their business.

Anyways, just my 2c.

We would like to, for high availability purposes, run multiple copies of Tyk behind a load balancer. The only issue I can think of would be the analytics purge loops getting in the way of each other and purging unread data. There's a couple of options I can think of to get around this:

• Use the new Redis database option so that each instance uses separate databases.
• Add an option to set the analytics key prefix so each instance can have it's own prefix.
• Add an option to disable the purge loop (maybe when PurgeDelay is 0 as that's not particularly useful). We could then write our own process to pull out and purge the data as we don't use MongoDB and we don't want to be collecting CSVs.

I'm not keen on using a Redis database per instance as that could mean many small databases. Personally my preferred option would be the third seeing as we don't use MongoDB and it also means the config between instances would be the same but I'd like to hear any other suggestions if you have any?

It would be useful if there was a route for checking rate/quota limits without incurring a hit on those limits, similar to https://developer.github.com/v3/rate_limit/

Hi there! I'm trying out Tyk and running into an issue with translating requests to be able to support a multi-tenant micro-service based architecture. Hoping to understand if there is some way that Tyk would be able to support my use case or if it is something that could be enhanced within Tyk to support it.

In my case I'm setup like this:

API consumer makes a request to https://{client}.mydomain.com/{service}/{path} where {client} is a client name and {service} is the particular micro-service that they are attempting to access and {path} is everything after the name of the micro-service. Once this request is processed by Tyk it is sent to https://{service}.myinternaldomain.com/{path} but I need to provide the {client} value to my target somehow.

The simplest way that I can think of to approach this is to simply forward my original Host header, but I', not seeing how this could be done with Tyk right now.

The next would be to be able to dynamically rewrite the URL. In this case I would have Tyk rewrite https://{client}.mydomain.com/{service}/{path} (where {client} and {path} are both dynamic values) into something along the lines of https://{service}.myinternaldomain.com/clients/{client}/{path} but I'm not seeing a clear path as to how I would accomplish this with Tyk right now either.

Those are the options which are clear to me right now, I'd love to hear your opinions or if there is some way that Tyk would support something like this but I am just missing it.

Thanks!

Below is an api definition that we're using:

{
    "name": "API",
    "api_id": "1",
    "org_id": "default",
    "definition": {
        "location": "header",
        "key": "version"
    },
    "auth": {
        "auth_header_name": "authorization"
    },
    "version_data": {
        "not_versioned": true
    },
    "proxy": {
        "listen_path": "/",
        "target_url": "http://backend:8000",
        "strip_listen_path": true
    }
}

version_data.not_versioned is set to true but hitting any route in that API returns

{
    "error": "This API version doesn't seem to exist"
}

This is running on a build of current master.

Also notice that the single quote in the string has been HTML encoded, that probably shouldn't happen. 😄

Currently the /apis/ endpoint lists APIs - how about POST/PUTting definitions there too? Thinking of using this in a Kubernetes/Docker environment & being able to update API definitions through REST calls rather than adding files or editing the database would be pretty useful. (Love the project by the way!)

It is my understanding that the API access management
does not differentiate the access type.

It would be great to have something like this:
(taken from https://tyk.io/v1.4/rest-api/api-key-management/ )
{
"allowance": 999,
"rate": 1000,
"per": 60,
"expires": 0,
"quota_max": -1,
"quota_renews": 1406121006,
"quota_remaining": 0,
"quota_renewal_rate": 60,
"access_rights": {
"234a71b4c2274e5a57610fe48cdedf40": {
"api_name": "Versioned API",
"api_id": "234a71b4c2274e5a57610fe48cdedf40",

       --> extra part
        "api_access_type": [ "GET", "PUT", "POST" ]
        or
        "api_access_type": [ "GET" ]
        <-- end of extra part

        "versions": [
            "v1"
        ]
    }
},
"org_id": "53ac07777cbb8c2d53000002"

}

The api_access_type would list the allowed REST access types.
With this additional feature one can create an access key with limited or enhanced rights.

I'm not entirely sure why, but when working with the endpoint designer in the Dashboard, at least one of Cache, Whitelist, Blacklist, Ignore, Transform, Headers, or Mock must be checked in order for the endpoint to be saved.

If you don't check any of these options, the endpoint is lost when you hit the Update button.

According to Access Control (v1.5), allowance and rate should be set to the same value.

I'm seeing two issues:

1. allowance is never actually used. AFAICT, it's only ever decremented (session_manager.go).
2. rate has an off-by-one error. If you set rate to 5 and per to 5, this sounds like it should be: "max of 5 requests every 5 seconds". However, this will only allow 4 requests to succeed and will fail on the fifth request.

The rate limiting test doesn't catch this because it never validates the second request. See gateway_test.go. If you do the following, you'll see it fails:

    secondRecorder := httptest.NewRecorder()
    chain.ServeHTTP(secondRecorder, req)

    if secondRecorder.Code != 200 {
        t.Error("Second request failed with non-200 code: \n", secondRecorder.Code)
    }   

    thirdRecorder := httptest.NewRecorder()
    chain.ServeHTTP(thirdRecorder, req)

General question: If you are using rate limiting, should it return in the response headers? Currently I only see the quota information returned with a X-Ratelimit-Remaining header which isn't accurate as usually your rate limiting has tighter thresholds that your quota. Restated: should there be separate response headers: one for quota, and one for rate limiting?

Edit: Add test example.

Is there any chance of releasing API documentation for the Portal? We're using our own self-hosted portal which we'll need to hook into Tyk. Although there seems to be documentation for the main Tyk API, anything to do with the Dashboard seems to be missing.

The kind of APIs I'm interested in are those about key management, although it would be great to get the API catalogue info too if there's an API for that.

Here's some of the ones I've observed being used so far:

POST /portal/member/apis/{{API ID}}/request for requesting an API key
GET /api/portal/developers/{{DEV ID}} for retrieving developer information
DELETE /api/portal/developers/key/{{KEY}} for deleting an API key

Basically if it would be possible to get some kind of API for managing end-users, that would be brilliant. Alternatively if there are any plans to open source the Dashboard, we could work on this ourselves and contribute it back.

Is it possible to output logs to file ?

When requesting /tyk/keys/ I'm getting an "API not found" error. This comes from https://github.com/lonelycode/tyk/blob/master/api.go#L176 because APIID is an empty string so which results in GetSpecForApi(APIID) returning nil.

How is this intended to work with 'internal' routes?

We've got tyk running behind a pair of load balancers for HA. Both load balancers perform health checks on tyk by requesting / every second which quickly generates a lot of useless analytics data.

What do you think about a feature to not create analytics data for requests from specified IPs?

At the moment if host manager's connection to Redis is interrupted (e.g. Redis cluster failover occurred) the host manager process dies. Ideally it would attempt to re-try connection a
(configurable?) number of times before giving up.

More details on the issue that caused this issue to be raised can be found at: https://groups.google.com/forum/#!topic/tyk-community-support/M6YAB5IC248

A RESTful API has a collection "/users".

• The POST request on the collection represents the signup.
• The GET request represents the listing of users

Is it possible the make the proxy ignore POST /users but protect GET /users. From the your docs, I assume there is no way to configure the ignore paths by request method. Is there a syntax in the ignore string or could you point me to the code so I can try to patch. Thanks.

"versions": {
      "v1": {
        "paths": {
          "black_list": [],
          "white_list": [],
          "ignored": [
            "/users"
          ]
        },
        "expires": "3000-01-02 15:04",
        "name": "Default"
      }
    },
    "not_versioned": true
  },

Can you please add support to pass API key as a query parameter, rather than in the header?

Thank you very much!

Would be great to be able to disable SSL certificate validation on a per endpoint basis or the capability to import self-signed certificates that are trusted just not signed by a trusted authority (equivalent of a Java keystore). The former more appropriate for development, while the latter is more appropriate for production B2B scenarios where there isn't a need for a third party to establish trust.

Hello , Maybe something I'm doing wrong, but I've just installed tyk version 1.2.1 and dashboard 0.8 on a ubuntu 14.04. Everything seems to be working correctly as I verify the proxy is working correctly ( I can reach my endpoint through tyk) and I can also login the dashboard without problems. I have configured tyk to use use_db_app_configs and managed to create the API from the console.

So far so good. tyk starts ok I think:

Tyk.io Gateway API v1.2.1

Copyright Jively Ltd. 2014
http://www.tyk.io

INFO[0000] No configuration file defined, will try to use default (./tyk.conf)
INFO[0000] Setting up analytics DB connection
INFO[0000] Using MongoDB cache purge
INFO[0000] Connecting to redis on: localhost:6379
DEBU[0000] Enabling debug-level output
Listening on port: 8080

INFO[0000] Listening on [::]:8080
INFO[0000] Using App Configuration from Mongo DB
DEBU[0000] INITIALISING EVENT HANDLERS
INFO[0000] Loading API configurations.
INFO[0000] Loading API Spec for: rcsousa
INFO[0000] Connecting to redis on: localhost:6379
INFO[0000] Connecting to redis on: localhost:6379
INFO[0010] Not connected to analytics store, connecting...
DEBU[0112] Setting key: analytics-2014122516-422c9f6e-fddd-439f-73d0-43099ea0d014
DEBU[0122] Setting key: analytics-2014122516-bccee697-89cb-4941-4786-8c5155761bfb
DEBU[0133] Setting key: analytics-2014122516-1ca6b565-2576-40dd-44ab-d6c85c66276d
DEBU[0308] Setting key: analytics-2014122516-4f021902-85ff-4852-4577-9fa88a81cc54
DEBU[0827] Setting key: analytics-2014122516-524f35a2-f0ae-4d07-485e-5be3d4e36578
DEBU[0846] Setting key: analytics-2014122516-c455b1b3-2e55-4adf-5b2b-f321c7db7a95
DEBU[0975] Setting key: analytics-2014122516-1396192c-c8ac-4688-6fb0-4a363d4536e7
DEBU[1058] Setting key: analytics-2014122516-cc3781a2-cc65-4f35-7207-662d413d951a
DEBU[1073] Setting key: analytics-2014122516-0f6d9753-58ad-47f6-657d-e28ef383c467
DEBU[1269] Setting key: analytics-2014122516-7fbe5842-4505-4fcf-5b77-7afff22cbf84

and as you can see, statistics are being correctly add to the Mongodb collection.

show dbs
local 0.03125GB
test (empty)
tyk_analytics 0.0625GB
use tyk_analytics
switched to db tyk_analytics
show collections
system.indexes
tyk_analytics
tyk_analytics_users
tyk_apis
tyk_organisations
db.tyk_analytics.count()
31
db.tyk_analytics.findOne()
{
"_id" : ObjectId("549c30c5e3eb809beead5f13"),
"method" : "GET",
"path" : "",
"contentlength" : NumberLong(0),
"useragent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36",
"day" : 25,
"month" : 12,
"year" : 2014,
"hour" : 15,
"responsecode" : 200,
"apikey" : "",
"timestamp" : ISODate("2014-12-25T15:44:02.614Z"),
"apiversion" : "Non Versioned",
"apiname" : "rcsousa API",
"apiid" : "1",
"orgid" : "default",
"oauthid" : ""
}

Although everything seems to be ok.. I can't see any changes in the dashboard ... It's like there's no data to display

Kind regards,

Ricardo

When I hit a Basic Auth API with the browser (no Authorization header set) Tyk sends back the (correct) header "WWW-Authenticate" and status 401 Unauthorized. If I enter incorrect user data and the browser sends the Authorization header with the incorrect user data then I get a 403 Forbidden and not prompt to enter correct user data (no "WWW-Authenticate" header). The only way I can retry with different user data is by deleting the stored sessions in my browser. I understand that Tyk is made to protect APIs and that people do not usually look at APIs using the browser but oftentimes they still do (mostly the developers). It would be good if typos in the user name would not result in having to reset the browser session storage.

A user with basic auth settings can not be created because it raises an non-descript error. See http://i.imgur.com/FtPbugV.png . I can only create a user without basic auth and add the password in edit mode. But then I can not set the user name any more. This means I have to either use the generated hash or rename the apikey in redis.

Right now to run on a non-file system based configuration MongoDB is required. I'm wondering if there are any plans to look at adding support for another datastore. I ask because I would love to be able to use a managed service (such as AWS RDS) to manage my datastore for Tyk instead of having to do it myself.

I'm not sure of the reasons why MongoDB was chosen, but I'm assuming it was due to it being a document database. Maybe something like DynamoDB would be a good fit for it. Or if there just needs to be support for JSON fields then maybe MySQL is a better fit now with the addition of JSON support.

Hi,
We've followed your installation & setup guide to install the gateway & the dashboard. We've independently verified the data from mongodb & they seem to be fine. When we hit up the URL, nginx always seems to respond back with 'Bad Gateway' (or) 'Internal Server Error'.
Our sites-available config for tyke is below

server {
    listen 5000;
    server_name <our_server_name>;

    gzip              on;
    gzip_buffers      16 8k;
    gzip_comp_level   4;
    gzip_http_version 1.1;
    gzip_min_length   1280;
    gzip_types        text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon image/bmp;
    gzip_vary         on;

    # The Go application server
    location / {
        rewrite /(.*) /API_LISTEN_PATH/$1 break;

        proxy_pass_header Server;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass http://tyk;
    }
}

Our assumption is that the API_LISTEN_PATH is not being picked up from mongodb. How can I resolve this?

Changing clock skew for HMAC authentication could be handy instead of always using 300ms

I get the following error when I specify the API authorization key as a querystring parameter:

• Hostname was NOT found in DNS cache
• Trying 127.0.0.1...
• Connected to localhost (127.0.0.1) port 8080 (#0)

  POST /f1704c1ec4004cc457200a35afb75919/o/token/?authKey=xxxxxxxxx HTTP/1.1
  User-Agent: curl/7.35.0
  Host: localhost:8080
  Accept: /
  Content-Length: 287
  Content-Type: application/x-www-form-urlencoded

• upload completely sent off: 287 out of 287 bytes
  < HTTP/1.1 500 Internal Server Error
  < Date: Tue, 05 May 2015 09:29:43 GMT
  < Content-Length: 0
  < Content-Type: text/plain; charset=utf-8
  <
• Connection #0 to host localhost left intact

It seems that the body of the request is not included.

Have a look at the thread below for further details.

https://groups.google.com/forum/#!topic/tyk-community-support/-aEjmtdlgmk

Thanks,

M

Hi,

I just installed Tyk 1.2.1 + Dashboard 0.8 (completely fresh install) and I can't login to the dashboard.

The login screen asks for a username yet I only set a first, last name and email address. Trying to login with first name prompted:

ERRO[3230] Failure in user lookup
ERRO[3230] not found

So I assumed I needed to use my email, which doesn't prompt the error. However, I did set a password for my account (and I can see the hash in Mongo) but when I try to login the logs show:

ERRO[3291] Could not EXPIRE key
ERRO[3291] ERR Client sent AUTH, but no password is set
ERRO[3291] Error trying to set value:
ERRO[3291] ERR Client sent AUTH, but no password is set
[221 ms] 301 '/login'
ERRO[3291] Error trying to get value:
ERRO[3291] ERR Client sent AUTH, but no password is set
ERRO[3291] Key not found
[4 ms] 200 '/'
[10 ms] 304 '/styles/4aaae68d.bootstrap.min.css'
[1472 μs] 304 '/images/5c8902f4.tyk.png'
[696 μs] 304 '/styles/1f2549a3.sb-admin.css'

This is my dashboard configuration:

{
    "listen_port": 9001,
    "tyk_api_config": {
        "Host": "http://localhost",
        "Port": "9000",
        "Secret": "352d20ee67be67f6340b4c0605b044b7"
    },
    "mongo_url": "mongodb://localhost/tyk_analytics",
    "page_size": 10,
    "admin_secret": "12345",
    "redis_port": 6379,
    "redis_host": "localhost",
    "redis_password": "test",
    "force_api_defaults": true,
    "notify_on_change": true,
    "license_owner": "Your Name"
}

This is my Tyk configuration:

{  
  "listen_port":9000,
  "secret":"352d20ee67be67f6340b4c0605b044b7",
  "template_path":"/etc/tyk/templates",
  "use_db_app_configs":true,
  "app_path":"/etc/tyk/apps/",
  "storage":{  
    "type":"redis",
    "host":"localhost",
    "port":6379,
    "username":"",
    "password":"",
    "database":0
  },
  "enable_analytics":true,
  "analytics_config":{  
    "type":"mongo",
    "csv_dir":"/tmp",
    "mongo_url":"mongodb://localhost/tyk_analytics",
    "mongo_db_name":"tyk_analytics",
    "mongo_collection":"tyk_analytics",
    "purge_delay":10,
    "ignored_ips":[  

    ]
  }
}

I see no error when starting one or the other. Could you advise? Thanks

I'd like to add a key to tyk manually in order to use my own key generation algorithm but I can't make it work:

curl -i -X PUT http://localhost:8080/tyk/keys/123 \
> --header "x-tyk-authorization: 352d20ee67be67f6341b4c0605b044b7" \
> --data '{
>     "allowance": 1000,
>     "rate": 1000,
>     "per": 60,
>     "expires": 1429359466,
>     "quota_max": -1,
>     "quota_renews": 1404121006,
>     "quota_remaining": 0,
>     "quota_renewal_rate": 60,
>     "access_rights": {
>         "1": {
>             "api_name": "Tyk Test API",
>             "api_id": "1",
>             "versions": [
>                 "Default"
>             ]
>         }
>     },
>     "org_id": ""
> }'

HTTP/1.1 400 Bad Request
Content-Type: application/json
Date: Sat, 18 Apr 2015 09:41:48 GMT
Content-Length: 46

{"status":"error","error":"Request malformed"}

It's working perfectly for with /tyk/keys/create

Currently the password for basic auth is stored in clear text in the redis datastore. Users might use the same password for other websites. Thus a compromised redis store would mean that all passwords of users are known to an attacker which might lead to hacked email accounts, etc. Preserving backward compatibility with existing data in the DB is not hard, just add a field "pwencoding" that stores the hash algorithm used and defaults no 'none' if it's not present.
Tyk analytics already uses password hashing but I don't know which one. Using PBKDF would probably be a good idea.

Interesting project and affordable for us smaller companies. I thank you for that. We need to settle on an API gateway instead of writing our own but the pricing is ridiculous on most offers.

I hope this project will grow. Do you have a roadmap you could share?

Thank you.

I have a clean Tyk install(we're considering adopting it).
I have setup Tyk to proxy to httpbin and am sending requests to it but these are not being reflected in the UI.
I have looked in mongo and I see analytics entries being added as I send requests to Tyk.
Here are some sample responses that the UI receives from Tyk Dashboard Server:

http://localhost:33000/api/usage/6/1/2015/7/1/2015?api_id=e3465c099f6c41467aca92af49345114&api_version=Non+Versioned&p=-1&res=day
{"data":[{"id":{"day":31,"month":12,"year":2014,"hour":0,"code":200,"path":"","key":""},"hits":0,"success":0,"error":0,"last_hit":"0001-01-01T00:00:00Z","request_time":0},{"id":{"day":1,"month":1,"year":2015,"hour":0,"code":200,"path":"","key":""},"hits":0,"success":0,"error":0,"last_hit":"0001-01-01T00:00:00Z","request_time":0},{"id":{"day":3,"month":1,"year":2015,"hour":0,"code":200,"path":"","key":""},"hits":0,"success":0,"error":0,"last_hit":"0001-01-01T00:00:00Z","request_time":0},{"id":{"day":5,"month":1,"year":2015,"hour":0,"code":200,"path":"","key":""},"hits":0,"success":0,"error":0,"last_hit":"0001-01-01T00:00:00Z","request_time":0},{"id":{"day":7,"month":1,"year":2015,"hour":0,"code":200,"path":"","key":""},"hits":0,"success":0,"error":0,"last_hit":"0001-01-01T00:00:00Z","request_time":0},{"id":{"day":30,"month":12,"year":2014,"hour":0,"code":200,"path":"","key":""},"hits":0,"success":0,"error":0,"last_hit":"0001-01-01T00:00:00Z","request_time":0},{"id":{"day":2,"month":1,"year":2015,"hour":0,"code":200,"path":"","key":""},"hits":0,"success":0,"error":0,"last_hit":"0001-01-01T00:00:00Z","request_time":0},{"id":{"day":4,"month":1,"year":2015,"hour":0,"code":200,"path":"","key":""},"hits":0,"success":0,"error":0,"last_hit":"0001-01-01T00:00:00Z","request_time":0},{"id":{"day":6,"month":1,"year":2015,"hour":0,"code":200,"path":"","key":""},"hits":0,"success":0,"error":0,"last_hit":"0001-01-01T00:00:00Z","request_time":0}],"pages":0}

Here is my tyk.conf

{
   "listen_port":8080,
   "secret":"352d20ee67be67f6340b4c0605b044b7",
   "template_path":"./templates",
   "use_db_app_configs":true,
   "app_path":"./apps/",
   "storage":{
      "type":"redis",
      "host":"localhost",
      "port":6379,
      "username":"",
      "password":"",
      "database":0
   },
   "enable_analytics": true,
   "analytics_config":{
      "type":"mongo",
      "csv_dir":"/tmp",
      "mongo_url":"mongodb://localhost/tyk_analytics",
      "mongo_db_name":"tyk_analytics",
      "mongo_collection":"tyk_analytics",
      "purge_delay":0,
      "ignored_ips":[

      ]
   },
   "health_check":{
      "enable_health_checks":true,
      "health_check_value_timeouts":60
   }
}

And my tyk_analytics.conf

{
    "listen_port": 3000,
    "tyk_api_config": {
        "Host": "http://localhost",
        "Port": "8080",
        "Secret": "352d20ee67be67f6340b4c0605b044b7"
    },
    "mongo_url": "mongodb://localhost/tyk_analytics",
    "page_size": 10,
    "admin_secret": "12345",
    "redis_port": 6379,
    "redis_host": "localhost",
    "redis_password": "",
    "force_api_defaults": true,
    "notify_on_change": true,
    "license_owner": "Your Name"
}

Hi, my analytics look like this: http://i.imgur.com/bSMyytL.png . The thing is that I didn't define any endpoint named /
The only endpoint I created is called /test, see here: http://i.imgur.com/1FIrAUw.png .

This is basically a ticket to discuss ideas about the structuring of Tyk so we don't have to keep polluting #23 :-P

Thanks for the extensive reply. Could you be bothered to draw up a diagram similar to the one I drew which details the current communication paths (includeing the implicit ones through databases)? I think it would really help understanding the current architecture. I dumped the powerpoint slide with my diagram to http://s000.tinyupload.com/index.php?file_id=87456586263021545868

Two more questions: Is there a system behind where what information is stored? In Redis I see tyk-admin-api-XXX and apikey-XXX, those are both keys. In mongo I see tyk_analytics_users, tyk_apis and tyk_organisations. Am I correct assuming that metadata is stored in Mongo and keys in Redis? Why did you decide to use two database backends?

Given a HTTP request like this:

POST http://dashboard.local/admin/organisations/
admin-auth: 12345
Content-Type: application/json

{
    "owner_name": "My Org",
    "owner_slug": "myorg"
}

The resulting object stored in the database does not contain the name or slug specified:

{
  "_id": {
    "$oid": "555b07526cf82c03af000003"
  },
  "owner_name": "",
  "owner_slug": "",
  "apis": [],
  "key_quota": 0
}

I've matched the organization objects mentioned in the documentation for the get requests, do POST/PUT use different key names? Neither creation nor update seems to set these fields.

We would like to do analytics but without MongoDB.

Unfortunately, CSV export is a little poor. Is it possible to dump the same value in CSV as in MongoDB ?

Are there any plans to support Swagger import? I've noticed there's API blueprint import, however we export our documentation via code annotations, which doesn't seem to have the capability to do so in API Blueprint format.

From looking at the blueprint.go file, I can see the Blueprint import seems to be quite simple, however it's also fairly specific to that. I'm not entirely sure how to go about building in support for Swagger myself, so if there's no current plans for Swagger import, advice in this area would be helpful.

The "basic auth" option for an API can not be selected in the Dashboard. It can only be set manually using MongoDb.

Hi,

We recently upgraded to Tyk 1.6 and the 0.9.4 dashboard. I made a new docker container which connects to the same database I've been using for Tyk 1.5, but when I log in to the dashboard with Safari, I only see the leftmost column, but nothing in the "main" field of the dashboard, as seen in the attached screenshot.
Firefox and Chrome works fine.

I've cleared all browser cache and tried with two versions of Safari, and I see the same behaviour.

I'm running Tyk and the dashboard from a custom Docker container, a version of which you can find here:
https://github.com/avart/docker-tyk

When you create a user with the admin API (/admin/users) it would be useful to get the api access key back, so you can then proceed and modify it using the users API.
If that information is not returned in the response we can end up in deadlock situations as the one described here

https://groups.google.com/forum/#!msg/tyk-community-support/dNT3Mymyu0A/WCn2QxtBwj8J

Feature request: Middleware transforms on end-point APIs responses, not just on incoming requests. And preferably configurable via the Tyk Dashboard.

Use case: End-point APIs can use pagination links within the JSON response. These pagination URIs contains the address or domain name of the end-point. But you don't want users to access end-points directly, so the gateway should rewrite the pagination links so they are properly routed through the gateway.

Hi,

When trying make 'build/container' it failed due missing data for go-uuid.
I can't add it to GOPATH this way and therefore, I can't build the container to run the app.

https://code.google.com/p/go-uuid/uuid

Any solution for this ?

Inconsistent use of authorisation vs authorization. We prefer authorization.

tykAuthKey := r.Header.Get("X-Tyk-Authorisation")

The rate limiting and quota data is integrated in the session (key) objects. This leads to various problems, see the following scenarios.

Scenario A, two tyk nodes:

• request arrives on node A. Session object is retrieved. Allowance is e.g. 10
• request arrives on node B. Session object is retrieved. State is the same as in node A (allowance=10)
• allowance is decremented in node A and state is saved (allowance = 9)
• allowance is decremented in node B and state is saved (allowance = 9)
• allowance has only been decremented once

Scenario B, tyk node and tky analytics:

• request arrives on node A. Session object is retrieved. Allowance is e.g. 10
• password change is requested in analytics API. Session object is retrieved (allowance=10)
• allowance is decremented in node A and state is saved (allowance = 9)
• session with changed password is saved by analytics (allowance = 10)
• allowance has not been decremented at all

These scenarios are quite likely to happen in high-load environments and apply to both quotas and rate limits (since they are essentially the same thing). A fix would be to remove the rate limit information from the session object and put it into a quickly expiring redis key (or two keys because we basically have two rates, one for short term and one for long term).

See the "Pattern" part in the redis documentation for INCR that discusses exactly this issue: http://redis.io/commands/incr

Do we have to watch out for analytics data not filling up mongoldb or is it purged automatically ?

Looking through the app samples and tests theres a key auth.auth_header_name which doesn't actually appear to be used anywhere. Is this meant to be a way of renaming the auth header to replace authorization?

I seem to be getting Content-Type text/plain in my responses when sending requests to the management API instead of application/json.

I'm definitely sending application/json in my requests. Is this an oversight or is there anything special I need to do to get back a valid content type?

Using the Tyk Analytics, I have created these whitelisted endpoints:

GET /documents
POST /documents
PUT /documents
DELETE /documents

And the result in API Definition on MongoDB was:

"extended_paths" : {
    "ignored" : [ ],
    "white_list" : [
        {
            "path" : "/documents",
            "method_actions" : {
                "GET" : {
                    "action" : "no_action",
                    "code" : 200,
                    "data" : "",
                    "headers" : {

                    }
                }
            }
        },
        {
            "path" : "/documents",
            "method_actions" : {
                "POST" : {
                    "action" : "no_action",
                    "code" : 200,
                    "data" : "",
                    "headers" : {

                    }
                }
            }
        },
        {
            "path" : "/documents",
            "method_actions" : {
                "PUT" : {
                    "action" : "no_action",
                    "code" : 200,
                    "data" : "",
                    "headers" : {

                    }
                }
            }
        },
        {
            "path" : "/documents",
            "method_actions" : {
                "DELETE" : {
                    "action" : "no_action",
                    "code" : 200,
                    "data" : "",
                    "headers" : {

                    }
                }
            }
        }
    ],
    "black_list" : [ ],
    "cache" : [ ],
    "transform" : [ ],
    "transform_headers" : [ ]
}

In this scenario, only GET /documents works properly, because it was the first one. For other methods, Tyk returns 409 Conflict. After that, as @lonelycode suggested on support forum, I manually altered the API definition in MongoDB to this:

"extended_paths" : {
    "ignored" : [ ],
    "white_list" : [
        {
            "path" : "/documents",
            "method_actions" : {
                "GET" : {
                    "action" : "no_action",
                    "code" : 200,
                    "data" : "",
                    "headers" : {

                    }
                },
                "POST" : {
                    "action" : "no_action",
                    "code" : 200,
                    "data" : "",
                    "headers" : {

                    }
                },
                "PUT" : {
                    "action" : "no_action",
                    "code" : 200,
                    "data" : "",
                    "headers" : {

                    }
                },
                "DELETE" : {
                    "action" : "no_action",
                    "code" : 200,
                    "data" : "",
                    "headers" : {

                    }
                }
            }
        }
    ],
    "black_list" : [ ],
    "cache" : [ ],
    "transform" : [ ],
    "transform_headers" : [ ]
}

And then, everything has been working properly!

Is is possible to define more than one target_url endpoint per app definition?
For instance assume we have three web servers hosting the endpoint app, could I define the endpoints something like this:

"proxy": {
    "listen_path": "/api/",
    "target_url": "http://192.168.0.10/",
    "target_url": "http://192.168.0.20/",
    "target_url": "http://192.168.0.30/",
    "strip_listen_path": true
}

Or would it be better to just have a pool defined that round-robins the requests to the endpoints?

I've been going through working on orchestrating my configuration of Tyk and I'm trying to get a list of users for an organization prior to having an access key.

What I'm doing is very similar to the setup script here. I'm going through and checking if an organization already exists, if not I'm creating it. Then I need to see if a user already exists and if not create them. The problem I have is that there doesn't seem to be an endpoint outside of the users API to list users, while there is one to create them.

For what I'm doing I'm expecting to have the following flow: GET /admin/organisations (POST /admin/organisations if the organisation doesn't exist) GET /admin/users (POST /admin/users if the user doesn't exist).

I tried simply doing a POST to /admin/users to see if it updated the user if they already exist, but that's not the case. The reason why I can't do a GET /api/users is because I don't have an API key yet to be able to make that call. I just want to make sure that I avoid creating a ton of users that are unnecessary and the same thing (this script will be run tons of times).