Imported Google Group message. Original thread at: https://groups.google.com/forum/#!topic/tyk-community-support/LCBojI9ezPQ Import Date: 2016-01-19 21:07:03 +0000.
Sender:Thorsten Zenker
.
Date:Sunday, 1 February 2015 11:56:35 UTC.
Hi Martin & the Tyk.io team & community,
it is my understanding that the API access management
does not differentiate the access type.
It would be great to have something like this:
(taken from https://tyk.io/v1.4/rest-api/api-key-management/ )
{
"allowance": 999,
"rate": 1000,
"per": 60,
"expires": 0,
"quota_max": -1,
"quota_renews": 1406121006,
"quota_remaining": 0,
"quota_renewal_rate": 60,
"access_rights": {
"234a71b4c2274e5a57610fe48cdedf40": {
"api_name": "Versioned API",
"api_id": "234a71b4c2274e5a57610fe48cdedf40",
"api_access_type": [ "GET", "PUT", "POST" ]
or
"api_access_type": [ "GET" ]
"versions": [
"v1"
]
}
},
"org_id": "53ac07777cbb8c2d53000002"
}
The api_access_type would list the allowed REST access types.
With this additional feature one can create an access key with limited or enhanced rights.
Do you think this is useful and doable? My "Go programming" kung fu is not good enough to propose a patch.
Cheers
Thorsten