Api definition - global_headers is not actually global?


I have an API definition which checks JWT access tokens using enable_jwt.

All endpoints in this api definition are defined under version_data.{version-name}.extended_paths

Some of those endpoints I do not wish to have the JWT check applied to, and so they have been placed in:

The rest are under

I then define global headers (version_data.{version-name}.global_headers) as:

  "global_headers": {
    "My-Header": "Blah"

I find that the global_headers are applied to the endpoints in the whitelist, but not those that are in the ignored list.

How can I add headers globally, to ALL requests in the API definition? Or another way of looking at it, how can I turn authentication off for some endpoints in the same api-definition without fully ‘ignoring’ the path and therefore losing the global headers?

I thought maybe I could add to version_data.{version-name}.extended_paths.transform_headers for every path separately, but this is also ignored.

Essentially, I just want to add a header to every request in my api-definition, but global_headers doesn’t do that if it’s in the ignored list of extended_paths (which I believe is necessary if I want to avoid the jwt check).

Any ideas on how I might go about for filling this requirement?

The documentation covering these features (//tyk.io/docs/tyk-gateway-api/api-definition-objects/) is particularly difficult to make sense of.

I dont think you can do it that way as ignore will bypass the whole middleware chain. You would be better putting all the non-jwt paths into a separate API definition.