Attempted Administrative access with invalid or missing key!


#1

Imported Google Group message. Original thread at: https://groups.google.com/forum/#!topic/tyk-community-support/RV6mmc1uyLA Import Date: 2016-01-19 21:13:45 +0000.
Sender:Ijlal EL HAZITI.
Date:Tuesday, 19 May 2015 14:12:20 UTC+1.

Hi team,
I’m a newbie to Tyk.
I’ve just installed it and the dashboard.
I created a keyless API but when I try to access to it using “localhost:5000/tyk/apis/my_API_Id” I get the error message “Attempted Administrative access with invalid or missing key!!” in the command line, and I get {“status”:“error”,“error”:“forbidden”} in the browser.

I don’t understand why is it a matter of key since I created a “keyless” API.!!!
Thank you for your help;


#2

Imported Google Group message.
Sender:Martin Buhr.
Date:Tuesday, 19 May 2015 14:15:30 UTC+1.

Hi,

Anything under /tyk/apis/ is tyk’s own REST API, it thinks you are trying to get or manipulate the API Definition for that ID. So it is behaving exactly as it should.

Your API will be here:

localhost:5000/api-id/

Assuming port 5000 is where you are running Tyk and not the portal.

Thanks,
Martin

  • show quoted text -

#3

Imported Google Group message.
Sender:Ijlal EL HAZITI.
Date:Tuesday, 19 May 2015 14:15:30 UTC+1.

Hi,

Anything under /tyk/apis/ is tyk’s own REST API, it thinks you are trying to get or manipulate the API Definition for that ID. So it is behaving exactly as it should.

Your API will be here:

localhost:5000/api-id/

Assuming port 5000 is where you are running Tyk and not the portal.

Thanks,
Martin

  • show quoted text -

#4

Imported Google Group message.
Sender:Martin Buhr.
Date:Tuesday, 19 May 2015 14:22:47 UTC+1.

Thank you
When I try “localhost:5000/api-id/”, I get a “404 page not found” in the browser , and the image attached as an output in the commande line.

Cheers,
Ijlal


#5

Imported Google Group message.
Sender:Ijlal EL HAZITI.
Date:Tuesday, 26 May 2015 00:16:49 UTC+1.

Try port 8888. that was the default port for me to access gateway.

  • show quoted text -

#6

May have to ressurect this post.

I have admin users, who are unable to create an API token via dashboard use,
Similarly, (via postman app) i am not able to create such api token, nor create new basic auth users/tokens

the gateway is complaining about the same
Attempted administrative access with invalid or missing key!

or via dashboard

{“Status”:“Error”,“Message”:“Failed to save new user object to Tyk”,“Meta”:null}

Where can i dig to get more logging on this? im seeing no other significant errors in tyk (gateway) --debug


#7

Hi pantsjj,

which package are you on ?

Can you share the request you are sending ?

Thanks,
Kos @ Tyk Support Team


#8

Sure,

I am getting the save whether using dashboard or API call with admin API key (tried a number of admin-type users too)

This is an example JSON Post i wanted to use to create API key (basic auth)
JSON
{
“last_check”: 0,
“allowance”: 1000,
“rate”: 1000,
“per”: 60,
“expires”: 0,
“quota_max”: 10000,
“quota_renews”: 1424543479,
“quota_remaining”: 10000,
“quota_renewal_rate”: 2520000,
“access_rights”: {
“bc2f8cfb7ab241504d9f3574fe407499”: {
“api_id”: “ff3f7b484a9b4dbc6f0ce1334a5c1906”,
“api_name”: “kevin”,
“versions”: [
“Default”
]
}
},
“basic_auth_data”: {
“password”: “test123”
}
}

-bash-4.1$ cat tyk_analytics.conf
{
“listen_port”: 3000,
“tyk_api_config”: {
“Host”: “http://myhost”,
“Port”: “8088”,
“Secret”: “”
},
“mongo_url”: “mongodb://localhost:27017/tyk”,
“page_size”: 10,
“admin_secret”: “athena12345”,
“shared_node_secret”: “452d20ee67be67f6340b4c0605b044b7”,
“redis_port”: 6379,
“redis_host”: “localhost”,
“redis_password”: “”,
“enable_cluster”: false,
“force_api_defaults”: false,
“notify_on_change”: false,
“license_key”: “eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhbGxvd2VkX25vZGVzIjoiMjhjZTYyMWItM2E4Yi00YjE0LTQ5NjQtMWUxZGIwYzdiZjczIiwiZXhwIjoxNTE4ODc1NDAyLCJvd25lciI6IjU4YWQ5NmNlNDVmOTJlNTQzMmNlMTY0MiJ9.ogYSSkaJDpqFDg23VjMYLHD_lpJZZZWQSv6RK8GBypD9EYeHU3zX5ibQiFa-R8cGHByUVsAgTHVyS0oiPYtZgc_oovAYZjRRl05TtJOAkyXwGIa460aA2wjLiecu9-1b2KqbKgsWQldAa6Yd3L9U9jgBqlB-Enguukh3HSu8B248sxM6lbnt5Su-c-doMHjIELvc9S4LyOnSc9y2f5WM8zsBp2QH7Bd4D5DDDTKDzwwqLi6nI7Csh_EVnSps-KD9ARThCnbIGZmo2FPKCOekHfK8mzh8SjZWOHkUvEb860m3r6WsfkCaMJsPWjfk4et2Rrrmjh42FmmeiKPraPTu_A”,
“redis_database”: 0,
“redis_hosts”: null,
“hash_keys”: false,
“email_backend”: {
“enable_email_notifications”: false,
“code”: “”,
“settings”: null,
“default_from_email”: “”,
“default_from_name”: “”
},
“hide_listen_path”: false,
“sentry_code”: “”,
“sentry_js_code”: “”,
“use_sentry”: false,
“enable_master_keys”: false,
“enable_duplicate_slugs”: false,
“show_org_id”: false,
“host_config”: {
“enable_host_names”: false,
“disable_org_slug_prefix”: false,
“hostname”: “”,
“override_hostname”: “”,
“portal_domains”: null,
“portal_root_path”: “”,
“generate_secure_paths”: false,
“use_strict_hostmatch”: false
},
“http_server_options”: {
“use_ssl”: false,
“certificates”: [{
“domain_name”: “myhost”,
“cert_file”: “/apps/myuser/myhost_certs/myhost.cer”,
“key_file”: “/apps/myuser/myhost_certs/myhost.key”
}],
“min_version”: “1.2”
},
“ui”: {
“languages”: null,
“hide_help”: false,
“default_lang”: “”,
“login_page”: null,
“nav”: null,
“uptime”: null,
“portal_section”: null,
“designer”: null,
“dont_show_admin_sockets”: false,
“dont_allow_license_management”: false,
“dont_allow_license_management_view”: false
},
“home_dir”: “/apps/myuser/tyk-dashboard”,
“identity_broker”: {
“enabled”: false,
“host”: {
“connection_string”: “”,
“secret”: “452d20ee67be67f6340b4c0605b044b7”
}
},
“tagging_options”: {
“tag_all_apis_by_org”: false
},
“use_sharded_analytics”: true,
“enable_aggregate_lookups”: true,
“enable_analytics_cache”: false,
“aggregate_lookup_cutoff”: “”,
“maintenance_mode”: false,
“allow_explicit_policy_id”: false,
“private_key_path”: “/apps/myuser/myhost_certs/myhost.key”,
“node_schema_path”: “”,
“oauth_redirect_uri_separator”: “”,
“statsd_connection_string”: “”,
“statsd_prefix”: “”
}

-bash-4.1$ cat tyk.conf
{
“listen_address”: “myhost”,
“listen_port”: 8088,
“secret”: “2452d20ee67be67f6340b4c0605b044b78”,
“node_secret”: “2452d20ee67be67f6340b4c0605b044b78”,
“template_path”: “./templates”,
“tyk_js_path”: “./js/tyk.js”,
“middleware_path”: “./middleware”,
“policies”: {
“policy_source”: “”,
“policy_connection_string”: “”,
“policy_record_name”: “”,
“allow_explicit_policy_id”: false
},
“use_db_app_configs”: true,
“db_app_conf_options”: {
“connection_string”: “http://myhost:3000”,
“node_is_segmented”: false,
“tags”: []
},
“disable_dashboard_zeroconf”: false,
“app_path”: “./apps/”,
“storage”: {
“type”: “redis”,
“host”: “localhost”,
“port”: 6379,
“hosts”: null,
“username”: “”,
“password”: “”,
“database”: 0,
“optimisation_max_idle”: 100,
“optimisation_max_active”: 0,
“enable_cluster”: false
},
“enable_separate_cache_store”: false,
“cache_storage”: {
“type”: “”,
“host”: “”,
“port”: 0,
“hosts”: null,
“username”: “”,
“password”: “”,
“database”: 0,
“optimisation_max_idle”: 0,
“optimisation_max_active”: 0,
“enable_cluster”: false
},
“enable_analytics”: false,
“analytics_config”: {
“type”: “”,
“ignored_ips”: [],
“enable_detailed_recording”: false,
“enable_geo_ip”: true,
“geo_ip_db_path”: “”,
“normalise_urls”: {
“enabled”: false,
“normalise_uuids”: false,
“normalise_numbers”: false,
“custom_patterns”: []
},
“pool_size”: 0
},
“health_check”: {
“enable_health_checks”: true,
“health_check_value_timeouts”: 60
},
“optimisations_use_async_session_write”: false,
“allow_master_keys”: false,
“hash_keys”: false,
“suppress_redis_signal_reload”: false,
“suppress_default_org_store”: false,
“use_redis_log”: false,
“sentry_code”: “”,
“use_sentry”: false,
“use_syslog”: false,
“use_graylog”: false,
“use_logstash”: false,
“graylog_network_addr”: “”,
“logstash_network_addr”: “”,
“syslog_transport”: “”,
“logstash_transport”: “”,
“syslog_network_addr”: “”,
“statsd_connection_string”: “”,
“statsd_prefix”: “”,
“enforce_org_data_age”: false,
“enforce_org_data_detail_logging”: false,
“enforce_org_quotas”: false,
“experimental_process_org_off_thread”: false,
“enable_non_transactional_rate_limiter”: false,
“enable_sentinel_rate_limiter”: false,
“enable_redis_rolling_limiter”: false,
“Monitor”: {
“enable_trigger_monitors”: false,
“configuration”: {
“method”: “”,
“target_path”: “”,
“template_path”: “”,
“header_map”: null,
“event_timeout”: 0
},
“global_trigger_limit”: 0,
“monitor_user_keys”: false,
“monitor_org_keys”: false
},
“oauth_refresh_token_expire”: 0,
“oauth_token_expire”: 0,
“oauth_redirect_uri_separator”: “”,
“slave_options”: {
“use_rpc”: false,
“connection_string”: “”,
“rpc_key”: “”,
“api_key”: “”,
“enable_rpc_cache”: false,
“bind_to_slugs”: false,
“disable_keyspace_sync”: false,
“group_id”: “”,
“call_timeout”: 30,
“ping_timeout”: 60
},
“disable_virtual_path_blobs”: false,
“local_session_cache”: {
“disable_cached_session_state”: false,
“cached_session_timeout”: 0,
“cached_session_eviction”: 0
},
“http_server_options”: {
“override_defaults”: false,
“read_timeout”: 0,
“write_timeout”: 0,
“use_ssl”: false,
“use_ssl_le”: false,
“enable_websockets”: false,
“min_version”: “1.2”,
“certificates”: [{
“domain_name”: “myhost”,
“cert_file”: “/apps/myuser/myhost_certs/myhost.cer”,
“key_file”: “/apps/myuser/myhost_certs/myhost.key”
}],
“flush_interval”: 0,
“skip_url_cleaning”: false
},
“service_discovery”: {
“default_cache_timeout”: 0
},
“close_connections”: false,
“auth_override”: {
“force_auth_provider”: false,
“auth_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: null
},
“force_session_provider”: false,
“session_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: null
}
},
“uptime_tests”: {
“disable”: false,
“config”: {
“failure_trigger_sample_size”: 0,
“time_wait”: 0,
“checker_pool_size”: 0,
“enable_uptime_analytics”: false
}
},
“hostname”: “myhost”,
“enable_api_segregation”: false,
“control_api_hostname”: “”,
“enable_custom_domains”: false,
“enable_jsvm”: false,
“coprocess_options”: {
“enable_coprocess”: false,
“coprocess_grpc_server”: “”
},
“hide_generator_header”: false,
“event_handlers”: {
“events”: {}
},
“event_trigers_defunct”: null,
“pid_file_location”: “/apps/myuser/tyk-gateway/var/run/gateway.pid”,
“allow_insecure_configs”: false,
“public_key_path”: “/apps/myuser/myhost_certs/myhost.key.pub”,
“close_idle_connections”: false,
“drl_notification_frequency”: 0,
“global_session_lifetime”: 0,
“force_global_session_lifetime”: false,
“bundle_base_url”: “”,
“enable_bundle_downloader”: false,
“allow_remote_config”: false,
“legacy_enable_allowance_countdown”: false,
“max_idle_connections_per_host”: 0,
“reload_wait_time”: 0
}


#9

Hi pantsjj,

I was able to replicate your issue,there are two things to note.

  1. inside your access_rights you should replace bc2f8cfb7ab241504d9f3574fe407499 with your api_id ->ff3f7b484a9b4dbc6f0ce1334a5c1906.
  2. Try curl -v -H "authorization: XXXX" -s -H "Content-Type: application/json" -X POST -d @basicAuthToken.json http://localhost:3000/api/apis/keys/basic/{username}
    The “authorization” value should be your “Tyk Dashboard API Access Credentials” which can be found under “Edit User”

and it should work.

Thanks,
Kos @ Tyk Support Team


#10

thanks

access_rights tweak makes no difference, the fact remains that authorisation still not allowed

even with the updated JSON
{
“last_check”: 0,
“allowance”: 1000,
“rate”: 1000,
“per”: 60,
“expires”: 0,
“quota_max”: 10000,
“quota_renews”: 1424543479,
“quota_remaining”: 10000,
“quota_renewal_rate”: 2520000,
“access_rights”: {
“ff3f7b484a9b4dbc6f0ce1334a5c1906”: {
“api_id”: “ff3f7b484a9b4dbc6f0ce1334a5c1906”,
“api_name”: “kevin”,
“versions”: [
“Default”
]
}
},
“basic_auth_data”: {
“password”: “test123”
}
}

{“Status”:“Error”,“Message”:“Not authorised”,“Meta”:null}

Also my Headers are checked for validity also

admin-auth:test12345 //default bootstrap admin basic authentication for local setup
authorization:b5cc8ac292c4408d6abee93cc85c032b //admin user account api
Content-Type:application/json

Also, again, this is same “not authorised” show stopping error in both Dashboard view/use as well as postman/curl use.

behaviour is the same across both.
not entirely sure where to go from here, but will attempt to rebuild this configuration again later.


#11

Hi pantsjj,

still trying to reproduce your error. Can you share your API definition ?
You could also try and update that API and see the Gateway for any logs, those might be useful as well.

Thanks,
Kos @ Tyk Support Team


#12

Hi Kos,
Thanks for quick response,
I am at a loss, not much in the logging on the matter beside this error mentioned.
Its a default bootstrapped install, with the simple default API definition - of http://httpbin.org/

Its the same issue throughout. Will aim to do a rebuild today in a fresh VM instance to see the difference, - where do i enable more debug on this subject matter to help diagnose this root cause?


#13

Hi pantsjj,

you can enable the debug flag.

Thanks,
Kos @ Tyk Support Team


#14

@pantsjj Have you tried just resetting the API Key for your admin user in the dashboard? It could be that the key is no longer valid because of a redis restart.