Attempted access to unauthorised API version

khang · December 28, 2016, 11:17am

Hello there

I am making this request to local Tyk gateway

{
    "error": "Access to this API has been disallowed"
}```

From the log, it seems to be some versioning error
```time="Dec 28 11:15:48" level=info msg="Attempted access to unauthorised API version." api_found=true key=5860f3745841150001f7ff3db7c65d169cde465c6df2c99eab5ac2fa origin=172.19.0.1 path="/parcel/v1/" version_found=false
time="Dec 28 11:15:48" level=error msg="request error: Access to this API has been disallowed" api_id=6a0bb985b06d467243c78b6ab21d0826 org_id=5860f3745841150001f7ff3d path="/v1/" server_name="https://bruno.parcelperform.com" user_id="****c2fa" user_ip=172.19.0.1```

I couldn't figure out what was wrong with my following config.

```    "version_data": {
        "not_versioned": false,
        "versions": {
            "v1": {
                "name": "v1",
                "expires": "",
                "paths": {
                    "ignored": [],
                    "white_list": [],
                    "black_list": []
                },
                "use_extended_paths": true,
                "extended_paths": {
                    "virtual": [
                        {"response_function_name": "ParcelCRUDPost",
                         "function_source_type": "file",
                         "function_source_uri": "/opt/tyk-gateway/middleware/virtual_endpoints/ParcelCRUD_post.js",
                         "path": "",
                         "method": "POST",
                         "use_session": true}
                    ]
                },
                "global_headers": {},
                "global_headers_remove": [],
                "global_size_limit": 0,
                "override_target": ""
            }
        }
    }```

Martin · December 28, 2016, 11:28am

Does your token grant access to the apibversion v1? Can you share it please

khang · December 28, 2016, 11:58am

Hi Martin,

Here is how I am generating the access token

curl -X POST http://www.tyk-portal-test.com/auth/oauth/token/ -d "grant_type=client_credentials" -u a8535d2614af455f7c3cd429789646db:NDRlMDI2NDctMTlmMS00MzM2LTU1ODMtYWY5MDQ5ZWVjYjNl

I was planning to have one central API to issue all these access token. It has just occurred to me that the assumption might not have been correct?

Martin · December 28, 2016, 12:40pm

Yes you can do that, the client ID you are using to generate this token from will have a section that defines the policy to attach to tokens (this grants access rights) or alternatively you need to pass a key_rules request parameter that specifies the session object to use, there’s OAuth docs here that might clarify things a bit:

https://tyk.io/tyk-documentation/security/your-apis/oauth-2-0/

khang · December 28, 2016, 2:48pm

Haha this is a catastrophic failure. I have just realized the Add button in access right box is just an UI thing and doesn’t really save anything until the update button is clicked, a few scroll away. All good, just false alarm. Thanks Martin for the support.