I am using tyk cloud. I have a number of working API endpoints currently all set up through the dashboard. Each uses JWT authentication mode. I have a single policy set up and I can access these endpoints using postman without any errors, supplying a valid JWT token.
However, when I add a new API with the same configuration as the others and add that API to the existing policy and test with a new, valid JWT token with a sub value that has been used before then accessing that endpoint returns
“error”: “Access to this API has been disallowed”
I can access the old APIs with that token, just not the new one. If I generate a new JWT with a new sub, I get access.
It looks like sessions aren’t getting flushed correctly when the policy gets updated? Is this expected behaviour? Its definitely repeatable for me. I’ve tried this several times now using various JWTs and adding new endpoints.