API Endpoint to manage developers


#1

I’ve been reading the documentation bug I can’t seem to find information about managing “developers”. I see details about user (/api/users).

How can I create a developer and create a key for him, via API?
Having a developer API Key, is there a way to access the details of that developer?
For example, The developer will do a call to an endpoint with his key, and I want to access his name. What endpoint could I use, to access the developer information, just having his key (because that’s what he did the request with)?

Marco


#2

It is possible, the developers API also takes a POST (though the docs seem to be missing), take a look at the PUT:

https://tyk.io/docs/tyk-dashboard-v1-0/dashboard-api/portal-developers/

Without the id you can post to that endpoint to create devs.

To assign a token, you need to generate a key request and then approve it:

https://tyk.io/docs/tyk-dashboard-v1-0/dashboard-api/manage-key-requests/


#3

@Martin thanks. And having just the token, is there an endpoint to know to which developer it belongs to and retrieve is data?


#4

I’m afraid not - Tyk assumes you are running in hashed token mode, so tokens are encoded and non-retrievable, they are listed within the developer object once the key request is approved.

However, you the key request will give you a developer ID and approving it will give you the access token. If you wish to track the two unencrypted components together, you can store this separately outside of Tyk.


#5

hmmm wouldn’t need to know the token. @Martin The use case would be, based on a Custom fields of that developer, do a specific task on the API.

Developer does request /task {“data”:“something”} -H “Auth: token-XYZ”
Tyk validates token, does metrics, whatever tyk does internally, and pass request to API and passing Auth token also
Internal API grabbs Auth Token from headers, and does a /developer -H “Auth: token-XYZ” , this would return the respective developer data like his name, custom fields. I would need access to one of those custom fields.

So it could be something like the developer retrieving him-self?

What would you recommend to achieve this?


#6

Yes this is totally, possible, in fact, the Develoepr portal does this for you in some way by embedding the developer’s sign-up meta-data in the actual token metadata so you can do a reverse lookup in the Tyk API.

So:

  1. A user signs up on portal and enrolls in API

  2. The portal generates a token

  3. Dev uses Token, it gets vcalidated by Tyk etc.

  4. Your service can then retrieve the raw token (the inbound Auth header value and in the meta_data field of the session object will get something like this:

    tyk_developer_id:xxxxxxxxxxx
    tyk_key_request_fields:{“App Description”:“Test”,“Use Case”:“Test”}
    tyk_user_fields:{“Country”:“UK”,“Name”:“Martin”,“Telephone”:“12345”}

So you don’t need to look up the dev (but you can if you like using the dev ID), because some of the data is actually embedded into the metadata of the token.

[edit] I should add that you can add your own metadata to a developer, or a token programatically too.


#7

Thanks!

So I would need to use a Transformation, and add to the Internal Headers the fields I want to access, like https://tyk.io/docs/tyk-api-gateway-v-2-0/api-management/transforms/

Or is the session object/headers already available to the internal API?

Regards


#8

Yes, if you don’t want to request the data using an introspection API call back to the gateway from your app, you can just filter them out of the header.

The session object is available via the REST API, so your service could grab the token header, then request the session, and from that the user (or toher metadata).

Both are feasible, it’s up to you, personally I prefer the first option because it saves you a round trip. But it depends on what data you want, only the users meta-data (the key request and sign-up additional fields) are embedded.


#9

So, I’m trying to follow the docs and request an API Key for a Developer

POST /api/portal/requests HTTP/1.1
Host: 127.0.0.1:3000 #URL For API
authorization:7a7b140f-2480-4d5a-4e78-24049e3ba7f8 #Token for admin API User

{
“by_user”: “57039e3a1f41370001000009”, # ID of developer
“date_created”: “2016-04-05T04:49:20.992-04:00”, # Random date
“fields”: {
“custom1”: “sdf”,
},
“for_plan”: “57039dfe1f41370001000008”, # Id of Policy
"version: “v2”
}

And i’m getting :
{“Status”:“Error”,“Message”:“Request body malformed”,“Meta”:null}

Is something missing?


#10

Also, you mention:

What would be the endpoint to request the session? trying to find that details on the docs, but can’t figure it out. sorry


#11

For one, your JSON isn’t valid, running it through a linter tells me that the comma after “sdf” needs to go (if you check the gateway logs, you would see the output of the json unmarshaller saying something similar):

Error: Parse error on line 5:
...	"custom1": "sdf",	},	"for_plan": "570
----------------------^
Expecting 'STRING', got '}'

Use the Dashboard API: https://tyk.io/docs/tyk-dashboard-v1-0/dashboard-api/api-tokens/
Under “Get a Specific Key”


#12

Regarding the json, you are right, my bad.

So I got the workflow working, I’m able, as a Admin to create a developer, request a token, approve token, and run a request on my API with the generated token.

Took me sometime to understand some of the concepts and usage details.

Thanks for your help @Martin we are really considering using tyk on our platform :smile: