Imported Google Group message.
Sender:Martin Buhr.
Date:Saturday, 17 October 2015 18:06:59 UTC+1.
Hi Luis,
Tyk only uses the IP in open APIs, it will use the auth token instead in a closed API that uses any of the actual auth methods. You’ll need to take that into account for anything you are building.
How the cache string is built is all available in the source, I’d use that as a guide 
The IP is that of the nginx instance because you will need to change the configuration of the nginx instance (do this in the host manager templates) to also proxy real IPs (or not use the host manager and expose Tyk directly).
We haven’t tested this, and we might actually need to update Tyk to use forwarded headers, you can try this, but no guarantees it will change the behaviour:
As for the URL, it will always be the API ID as that is how Tyk handles inbound requests.
Cheers,
Martin