API Definition - use_extended_paths not working as expected

Hi,

As per the doc: Extended paths allow you to control which upstream paths are to be handled in a specific way (ignored, as part of whitelist or black list) by both path and method.

I have an endpoint that requires different authentication based on the method. I have defined it as below but getting 403/Forbidden for the whitelist endpoint/method (GET). Any idea what is wrong?

“version_data”: {
“not_versioned”: true,
“versions”: {
“Default”: {
“name”: “Default”,
“expires”: “”,
“paths”: {
“ignored”: [],
“white_list”: [],
“black_list”: []
},
“use_extended_paths”: true,
“extended_paths”: {
“ignored”: [
{
“path”: “\A/token\z”,
“method_actions”: {
“POST”: {
“action”: “no_action”,
“code”: 200,
“data”: “”,
“headers”: {}
}
}
}
],
“white_list”: [
{
“path”: “\A/token\z”,
“method_actions”: {
“GET”: {
“action”: “no_action”,
“code”: 200,
“data”: “”,
“headers”: {}
}
}
}
],
“black_list”: [],
“cache”: [],
“transform”: [],
“transform_response”: [],
“transform_headers”: [],
“transform_response_headers”: [],
“hard_timeouts”: [],
“circuit_breakers”: [],
“url_rewrites”: [],
“virtual”: [],
“size_limits”: []
},
“global_headers”: {},
“global_headers_remove”: [],
“global_size_limit”: 0
}
}
},

Thanks,
Senthil

A white list sets a specific set of paths that are allowed to pass through the gateway, any deviation from these patterns will mean that the request gets bounced with the error you describe. So it’s working as it should.

Though I’m not sure what the path spec is there:

“path”: “\A/token\z”,

Why request are you trying to capture? You might just need to tweak the pattern.

Hi Martin,

I interpreted the doc that handling is based on by both path and method. So, expected POST to /token endpoint will be ignored and GET to /token endpoint will be handled by Tyk.

Thanks,
Senthil

1 Like