I noticed recently that there was some inconsistency with adding JWT keys to an API.
Here are the steps to reproduce (I have not been able to reproduce this consistently):
1. Create the key in Tyk and assign to desired API.
2. Used a valid JWT based off the Tyk key to hit an established route on the API.
3. Received a 403 "Key not authorized" error
4. Tried to proxy through a different API that was not assigned to the key, and it worked.
Also, the UI (key editing tab) does not accurately reflect the data - it says the key is associated to an API that it is not actually associated to; however, this is the API that I wanted it to be associated to when I created the key. To ensure that this was not a caching issue, I restarted both the gateway and the dashboard, but the UI still displayed the wrong API for the key.
I'm using the 0.9.7.2 version of the dashboard and a build of the gateway based off
Let me know if there's anymore information I need to provide. In practice, I don't think this bug will affect us, as we'll be adding all of our APIs to a key, but FYI.