"Access to this API has been disallowed" error is sometimes thrown by Tyk

timlansbergen · July 6, 2017, 8:02am

Hi Tyk,

I’m facing a strange bug in Tyk that results sometimes in an error:
Jul 6 09:43:15 apim-dev tyk: time=“Jul 6 09:43:15” level=error msg=“request error: Access to this API has been disallowed” api_id=9d6b1c15966e45406877b4669cda103c org_id=58924c7c660450026f755e09 path="/stock-rtm/get-block-types" server_name=“SERVERNAME” user_id="****e16e" user_ip=IPADRES

I checked the api_id (9d6b1c15966e45406877b4669cda103c) and it actually points to the wrong api. The api_id (9d6b1c15966e45406877b4669cda103c) is related to an api which has the listen path “/stock” instead of the listen path “/stock-rtm”

When I check the token on the page System Management/Keys, it is able to lookup the key and I can see that it related to the correct policy.

When I go to System Management/Api and select the specific API and update it without changing anything, the token works again.

Do you have any tips to debug this and find the root cause?

Kind regards,

Tim

Kos · July 6, 2017, 11:46am

Hi Tim,

can you share your API definitions as well as your Policy one ?

Thanks,
Kos @ Tyk Support Team

timlansbergen · July 6, 2017, 1:54pm

API Definitions RTM- STOCK:

{
    "_id" : ObjectId("594d369eb8763d5baa39c1c0"),
    "name" : "DEV - RTM - Steinweg Stock Core",
    "slug" : "stock-rtm",
    "api_id" : "967231a0860f45f750aa3a59197b8436",
    "org_id" : "58924c7c660450026f755e09",
    "use_keyless" : false,
    "use_oauth2" : false,
    "use_openid" : false,
    "openid_options" : {
        "providers" : [],
        "segregate_by_client" : false
    },
    "oauth_meta" : {
        "allowed_access_types" : [],
        "allowed_authorize_types" : [],
        "auth_login_redirect" : ""
    },
    "auth" : {
        "use_param" : true,
        "param_name" : "",
        "use_cookie" : false,
        "cookie_name" : "",
        "auth_header_name" : "Authorization"
    },
    "use_basic_auth" : false,
    "enable_jwt" : false,
    "use_standard_auth" : true,
    "enable_coprocess_auth" : false,
    "jwt_signing_method" : "",
    "jwt_source" : "",
    "jwt_identit_base_field" : "",
    "jwt_client_base_field" : "",
    "jwt_policy_field_name" : "",
    "notifications" : {
        "shared_secret" : "",
        "oauth_on_keychange_url" : ""
    },
    "enable_signature_checking" : false,
    "hmac_allowed_clock_skew" : -1.0,
    "base_identity_provided_by" : "",
    "definition" : {
        "location" : "header",
        "key" : "version"
    },
    "version_data" : {
        "not_versioned" : true,
        "versions" : {
            "djE=" : {
                "name" : "djE=",
                "expires" : "",
                "paths" : {
                    "ignored" : [],
                    "white_list" : [],
                    "black_list" : []
                },
                "use_extended_paths" : true,
                "extended_paths" : {
                    "ignored" : [],
                    "white_list" : [ 
                        {
                            "path" : "/stock-rtm/get-totals-by-client-code-and-department-code-and-product-code-and-weight-type",
                            "method_actions" : {
                                "POST" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/pack/get-by-pb-num-and-pb-sub",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/pb-out/get-by-ord-num",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/pb-out/get-by-pb-num-and-pb-sub-and-ord-num-and-ord-sub",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/get-by-pb-num-and-pb-sub-and-wtype",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/get-unique-product-codes-by-department-code-and-client-code",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/pb-in/list-by-client-code-and-department-code-paged",
                            "method_actions" : {
                                "POST" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/pb-out/get-by-ord-num-and-ord-sub",
                            "method_actions" : {
                                "POST" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/pb-out/get-by-pb-num-and-pb-sub",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/get-brand-name-by-pb-num-and-pb-sub",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/get-physical-stock-by-client-code-and-department-code",
                            "method_actions" : {
                                "POST" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/pb-in/get-by-ord-num-and-ord-sub",
                            "method_actions" : {
                                "POST" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/unblock",
                            "method_actions" : {
                                "POST" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/get-block-status",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/get-block",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/get-block-types",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/get-pb-shape-by-pb-num-and-pb-sub",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/pack/get-by-code",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/pb-in/get-by-ord-num",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/pb-in/get-by-pb-num-and-pb-sub",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock-rtm/block",
                            "method_actions" : {
                                "POST" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }
                    ],
                    "black_list" : [],
                    "cache" : [],
                    "transform" : [],
                    "transform_response" : [],
                    "transform_headers" : [],
                    "transform_response_headers" : [],
                    "hard_timeouts" : [],
                    "circuit_breakers" : [],
                    "url_rewrites" : [],
                    "virtual" : [],
                    "size_limits" : [],
                    "method_transforms" : [],
                    "track_endpoints" : [],
                    "do_not_track_endpoints" : []
                },
                "global_headers" : {},
                "global_headers_remove" : [],
                "global_size_limit" : NumberLong(0),
                "override_target" : ""
            }
        }
    },
    "uptime_tests" : {
        "check_list" : [],
        "config" : {
            "expire_utime_after" : NumberLong(0),
            "service_discovery" : {
                "use_discovery_service" : false,
                "query_endpoint" : "",
                "use_nested_query" : false,
                "parent_data_path" : "",
                "data_path" : "",
                "port_data_path" : "",
                "target_path" : "",
                "use_target_list" : false,
                "cache_timeout" : NumberLong(0),
                "endpoint_returns_list" : false
            },
            "recheck_wait" : 0
        }
    },
    "proxy" : {
        "preserve_host_header" : false,
        "listen_path" : "/stock-rtm",
        "target_url" : "TARGETURL",
        "strip_listen_path" : false,
        "enable_load_balancing" : false,
        "target_list" : [],
        "check_host_against_uptime_tests" : false,
        "service_discovery" : {
            "use_discovery_service" : false,
            "query_endpoint" : "",
            "use_nested_query" : false,
            "parent_data_path" : "",
            "data_path" : "",
            "port_data_path" : "",
            "target_path" : "",
            "use_target_list" : false,
            "cache_timeout" : NumberLong(0),
            "endpoint_returns_list" : false
        }
    },
    "disable_rate_limit" : false,
    "disable_quota" : false,
    "custom_middleware" : {
        "pre" : [],
        "post" : [],
        "post_key_auth" : [],
        "auth_check" : {
            "name" : "",
            "path" : "",
            "require_session" : false
        },
        "response" : [],
        "driver" : "",
        "id_extractor" : {
            "extract_from" : "",
            "extract_with" : "",
            "extractor_config" : {}
        }
    },
    "custom_middleware_bundle" : "",
    "cache_options" : {
        "cache_timeout" : NumberLong(0),
        "enable_cache" : false,
        "cache_all_safe_requests" : false,
        "cache_response_codes" : [],
        "enable_upstream_cache_control" : false
    },
    "session_lifetime" : NumberLong(0),
    "active" : true,
    "auth_provider" : {
        "name" : "",
        "storage_engine" : "",
        "meta" : {}
    },
    "session_provider" : {
        "name" : "",
        "storage_engine" : "",
        "meta" : null
    },
    "event_handlers" : {
        "events" : {}
    },
    "enable_batch_request_support" : false,
    "enable_ip_whitelisting" : false,
    "allowed_ips" : [],
    "dont_set_quota_on_create" : false,
    "expire_analytics_after" : NumberLong(0),
    "response_processors" : [],
    "CORS" : {
        "enable" : true,
        "allowed_origins" : [],
        "allowed_methods" : [ 
            "GET", 
            "PUT", 
            "POST", 
            "DELETE"
        ],
        "allowed_headers" : [],
        "exposed_headers" : [],
        "allow_credentials" : false,
        "max_age" : 0,
        "options_passthrough" : true,
        "debug" : false
    },
    "domain" : "apim-dev.srv.steinweg.nl",
    "do_not_track" : false,
    "tags" : [],
    "enable_context_vars" : false,
    "hook_references" : [],
    "is_site" : false,
    "sort_by" : 0
}

timlansbergen · July 6, 2017, 1:56pm

API definition stock:

{
    "_id" : ObjectId("58c31914e12a86028c5b81c2"),
    "name" : "DEV - Steinweg Stock Core",
    "slug" : "stock",
    "api_id" : "9d6b1c15966e45406877b4669cda103c",
    "org_id" : "58924c7c660450026f755e09",
    "use_keyless" : false,
    "use_oauth2" : false,
    "use_openid" : false,
    "openid_options" : {
        "providers" : [],
        "segregate_by_client" : false
    },
    "oauth_meta" : {
        "allowed_access_types" : [],
        "allowed_authorize_types" : [],
        "auth_login_redirect" : ""
    },
    "auth" : {
        "use_param" : true,
        "param_name" : "",
        "use_cookie" : false,
        "cookie_name" : "",
        "auth_header_name" : "Authorization"
    },
    "use_basic_auth" : false,
    "enable_jwt" : false,
    "use_standard_auth" : true,
    "enable_coprocess_auth" : false,
    "jwt_signing_method" : "",
    "jwt_source" : "",
    "jwt_identit_base_field" : "",
    "jwt_client_base_field" : "",
    "jwt_policy_field_name" : "",
    "notifications" : {
        "shared_secret" : "",
        "oauth_on_keychange_url" : ""
    },
    "enable_signature_checking" : false,
    "hmac_allowed_clock_skew" : -1.0,
    "base_identity_provided_by" : "",
    "definition" : {
        "location" : "header",
        "key" : "version"
    },
    "version_data" : {
        "not_versioned" : true,
        "versions" : {
            "djE=" : {
                "name" : "djE=",
                "expires" : "",
                "paths" : {
                    "ignored" : [],
                    "white_list" : [],
                    "black_list" : []
                },
                "use_extended_paths" : true,
                "extended_paths" : {
                    "ignored" : [],
                    "white_list" : [ 
                        {
                            "path" : "/stock/block",
                            "method_actions" : {
                                "POST" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/get-block",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/get-pb-shape-by-pb-num-and-pb-sub",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/pack/get-by-code",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/pb-out/get-by-ord-num-and-ord-sub",
                            "method_actions" : {
                                "POST" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/get-block-types",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/get-brand-name-by-pb-num-and-pb-sub",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/get-physical-stock-by-client-code-and-department-code",
                            "method_actions" : {
                                "POST" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/get-totals-by-client-code-and-department-code-and-product-code-and-weight-type",
                            "method_actions" : {
                                "POST" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/pb-in/get-by-ord-num",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/pb-in/list-by-client-code-and-department-code-paged",
                            "method_actions" : {
                                "POST" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/pb-out/get-by-ord-num",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/pb-out/get-by-pb-num-and-pb-sub",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/get-unique-product-codes-by-department-code-and-client-code",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/pack/get-by-pb-num-and-pb-sub",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/pb-in/get-by-pb-num-and-pb-sub",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/get-block-status",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/get-by-pb-num-and-pb-sub-and-wtype",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/pb-in/get-by-ord-num-and-ord-sub",
                            "method_actions" : {
                                "POST" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/pb-out/get-by-pb-num-and-pb-sub-and-ord-num-and-ord-sub",
                            "method_actions" : {
                                "GET" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }, 
                        {
                            "path" : "/stock/unblock",
                            "method_actions" : {
                                "POST" : {
                                    "action" : "no_action",
                                    "code" : 0,
                                    "data" : "",
                                    "headers" : {}
                                }
                            }
                        }
                    ],
                    "black_list" : [],
                    "cache" : [],
                    "transform" : [],
                    "transform_response" : [],
                    "transform_headers" : [],
                    "transform_response_headers" : [],
                    "hard_timeouts" : [],
                    "circuit_breakers" : [],
                    "url_rewrites" : [],
                    "virtual" : [],
                    "size_limits" : [],
                    "method_transforms" : [],
                    "track_endpoints" : [],
                    "do_not_track_endpoints" : []
                },
                "global_headers" : {},
                "global_headers_remove" : [],
                "global_size_limit" : NumberLong(0),
                "override_target" : ""
            }
        }
    },
    "uptime_tests" : {
        "check_list" : [ 
            {
                "url" : "URL",
                "method" : "GET",
                "headers" : {},
                "body" : ""
            }
        ],
        "config" : {
            "expire_utime_after" : NumberLong(0),
            "service_discovery" : {
                "use_discovery_service" : false,
                "query_endpoint" : "",
                "use_nested_query" : false,
                "parent_data_path" : "",
                "data_path" : "",
                "port_data_path" : "",
                "target_path" : "",
                "use_target_list" : false,
                "cache_timeout" : NumberLong(0),
                "endpoint_returns_list" : false
            },
            "recheck_wait" : 0
        }
    },
    "proxy" : {
        "preserve_host_header" : false,
        "listen_path" : "/stock",
        "target_url" : "TARGETURL",
        "strip_listen_path" : false,
        "enable_load_balancing" : false,
        "target_list" : [],
        "check_host_against_uptime_tests" : false,
        "service_discovery" : {
            "use_discovery_service" : false,
            "query_endpoint" : "",
            "use_nested_query" : false,
            "parent_data_path" : "",
            "data_path" : "",
            "port_data_path" : "",
            "target_path" : "",
            "use_target_list" : false,
            "cache_timeout" : NumberLong(0),
            "endpoint_returns_list" : false
        }
    },
    "disable_rate_limit" : false,
    "disable_quota" : false,
    "custom_middleware" : {
        "pre" : [],
        "post" : [],
        "post_key_auth" : [],
        "auth_check" : {
            "name" : "",
            "path" : "",
            "require_session" : false
        },
        "response" : [],
        "driver" : "",
        "id_extractor" : {
            "extract_from" : "",
            "extract_with" : "",
            "extractor_config" : {}
        }
    },
    "custom_middleware_bundle" : "",
    "cache_options" : {
        "cache_timeout" : NumberLong(0),
        "enable_cache" : false,
        "cache_all_safe_requests" : false,
        "cache_response_codes" : [],
        "enable_upstream_cache_control" : false
    },
    "session_lifetime" : NumberLong(0),
    "active" : true,
    "auth_provider" : {
        "name" : "",
        "storage_engine" : "",
        "meta" : {}
    },
    "session_provider" : {
        "name" : "",
        "storage_engine" : "",
        "meta" : null
    },
    "event_handlers" : {
        "events" : {}
    },
    "enable_batch_request_support" : false,
    "enable_ip_whitelisting" : false,
    "allowed_ips" : [],
    "dont_set_quota_on_create" : false,
    "expire_analytics_after" : NumberLong(0),
    "response_processors" : [],
    "CORS" : {
        "enable" : true,
        "allowed_origins" : [],
        "allowed_methods" : [ 
            "GET", 
            "PUT", 
            "DELETE", 
            "POST"
        ],
        "allowed_headers" : [],
        "exposed_headers" : [],
        "allow_credentials" : false,
        "max_age" : 0,
        "options_passthrough" : false,
        "debug" : false
    },
    "domain" : "apim-dev.srv.steinweg.nl",
    "do_not_track" : false,
    "tags" : [],
    "enable_context_vars" : false,
    "hook_references" : [],
    "is_site" : false,
    "sort_by" : 0
}

timlansbergen · July 6, 2017, 1:57pm

{
    "_id" : ObjectId("594d3730b8763d5baa39c1c2"),
    "org_id" : "58924c7c660450026f755e09",
    "rate" : 1000.0,
    "per" : 60.0,
    "quota_max" : NumberLong(-1),
    "quota_renewal_rate" : NumberLong(60),
    "access_rights" : {
        "967231a0860f45f750aa3a59197b8436" : {
            "apiname" : "DEV - RTM - Steinweg Stock Core",
            "apiid" : "967231a0860f45f750aa3a59197b8436",
            "versions" : [ 
                "v1"
            ],
            "allowed_urls" : []
        }
    },
    "hmac_enabled" : false,
    "active" : true,
    "name" : "Default_stock-rtm",
    "is_inactive" : false,
    "date_created" : Date(-62135596800000),
    "tags" : [],
    "key_expires_in" : NumberLong(0),
    "partitions" : {
        "quota" : false,
        "rate_limit" : false,
        "acl" : false
    },
    "last_updated" : "1499178253"
}

{
    "_id" : ObjectId("58c3197ee12a86028c5b81c3"),
    "org_id" : "58924c7c660450026f755e09",
    "rate" : 100000.0,
    "per" : 60.0,
    "quota_max" : NumberLong(-1),
    "quota_renewal_rate" : NumberLong(60),
    "access_rights" : {
        "9d6b1c15966e45406877b4669cda103c" : {
            "apiname" : "DEV - Steinweg Stock Core",
            "apiid" : "9d6b1c15966e45406877b4669cda103c",
            "versions" : [ 
                "v1"
            ],
            "allowed_urls" : []
        }
    },
    "hmac_enabled" : false,
    "active" : true,
    "name" : "Default_Stock",
    "is_inactive" : false,
    "date_created" : Date(-62135596800000),
    "tags" : [],
    "key_expires_in" : NumberLong(0),
    "partitions" : {
        "quota" : false,
        "rate_limit" : false,
        "acl" : false
    },
    "last_updated" : "1498201686"
}

Martin · July 11, 2017, 9:26pm

This could be a known bug, the URL router is matching the shorter API name first, you could try changing the listen path of stock-rtm to something else (remove the stock prefix for example and just call it rtm)

danieldewitte · July 14, 2017, 8:58am

Hi there, thanks for your reply.
I’m a colleague of Tim (hes on vacation for a couple of weeks)
Removing the dash did not help, still the same error.

We noticed some strange behaviour however:
For example we deploy an API, multiple times, we lauch the same jar twice for separate databases, create 2 Tyk services to connect to each instance. This is running fine… most of the time.
Then we deploy a second service, also “twinned” and the first one stops working, second service both instances working fine.
We manually delete both instances of the second service… and both instances of the first service start working again… strange…
These services do not have much in common, other port, other path, except perhaps at the end of the path they have an identical named function “list-all-paged” in the following format:
service 1:
server-name:port1a/path1a/function-name
server-name:port1b/path1b/function-name
service 2:
server-name:port2a/path2a/function-name
server-name:port2b/path2b/function-name

Martin · July 14, 2017, 9:16am

What I was saying is that a shared prefix is the problem, not the slash.

Are you using the dashboard?

If not you could just try and number the json files in load order (so longest listen path first).

danieldewitte · July 14, 2017, 9:30am

dash (-) not slash (/), prefix is the part before the dash (-) right? in the path?
That’s what we tested at least… remove the dash(-) (not slash(/))

Martin · July 14, 2017, 8:02pm

I meant the dash, sorry.

The issue here is (I think) that the router is matching the shorter URL before the longer one, so you need to control the load order of your apis with the file name, or try giving then completely different names (no shared prefix like)

danieldewitte · July 25, 2017, 9:24am

Hi Martin,

I have been manually configuring our QA and Production environments and did not encounter this problem. (with the dashes included in the url’s and the part before that being the same)
I suspect our dev and test environment are broken, either by using the API to auto-configure services, or by separating dev and test services that once ran together on one server.
Or a corruption might have occurred.

We will get back to you if the problem persists after a reinstall/clean of those servers.
A reinstall will have to be timed properly so might take some time.

Thanks for your suggestions so far.

Regards,
Daniel

timlansbergen · August 3, 2017, 3:23pm

@Martin and @Kos,

I further investigated this issue and I checked the sequence of loading different API at startup of Tyk. It looks like there is a relation between the startup of Tyk and this bug. If the api with listen-path “stock” is loaded before the api with listen-path “stock-rtm”, it will result in an error: “Access to this API has been disallowed”.

I now changed the listen-path “stock” to “stock-swo” and this seems to fix the issue. It would be nice if you could fix this issue in Tyk. Are you planning to fix this issue on short term?

Kind regards,

Tim

Kos · August 3, 2017, 3:37pm

Hi Tim,

thanks for the info, I have passed this to our QA team and I will let you know once we have an update.

Thanks,
Kos @ Tyk Support Team

timlansbergen · August 2, 2018, 6:42am

Hi Kos,

Do you have an update about this issue for me? This topic is almost a year old. Could you please provide a hotfix for this problem on the short term?

Kind regards,

Tim

leon · August 3, 2018, 12:42pm

@timlansbergen can you confirm that it is still the issue for you on 2.7?

I checked the code, and at the moment it definitely sorts APIs by lengths of the slug https://github.com/TykTechnologies/tyk/blob/master/api_loader.go#L517

timlansbergen · August 3, 2018, 1:15pm

@leon I have tested it on version 2.6.2. The code that you are referring is also available in 2.6 release branch:
tyk/api_loader.go at release-2.6 · TykTechnologies/tyk · GitHub line 562.