Attempted administrative access with invalid or missing key

[When i use the Example to Create an API - Community Edition but fail]

[[email protected] ~]$ curl -v -H “x-tyk-authorization: 352d20ee67be67f6340b4c0605b044sf” -s -H “Content-Type: application/json” -X POST -d ‘{
“name”: “Test API”,
“slug”: “test-api”,
“api_id”: “1”,
“org_id”: “1”,
“auth”: {
“auth_header_name”: “Authorization”
“definition”: {
“location”: “header”,
“key”: “x-api-version”
“version_data”: {
“not_versioned”: true,
“versions”: {
“Default”: {
“name”: “Default”,
“use_extended_paths”: true
“proxy”: {
“listen_path”: “/test-api/”,
“target_url”: “”,
“strip_listen_path”: true
“active”: true
}’ | python -mjson.tool


  • About to connect() to port 8080 (#0)
  • Trying…
  • Connected to ( port 8080 (#0)

POST /tyk/apis/ HTTP/1.1
User-Agent: curl/7.29.0
Accept: /
x-tyk-authorization: 352d20ee67be67f6340b4c0605b044sf
Content-Type: application/json
Content-Length: 570

} [data not shown]

  • upload completely sent off: 570 out of 570 bytes
    < HTTP/1.1 403 Forbidden
    < Content-Type: application/json
    < Date: Mon, 22 Mar 2021 08:32:50 GMT
    < Content-Length: 92
    { [data not shown]
  • Connection #0 to host left intact
    “message”: “Attempted administrative access with invalid or missing key!”,
    “status”: “error”

You’re passing the auth header secret 352d20ee67be67f6340b4c0605b044sf to access the admin API.

Can you confirm that’s what the value in the tyk.conf secret field? or the env variables?

Ran into the same issue. You have to check two places:

The config (when using docker-compose it’s the tyk.standalone.conf by default) contains a secret.

However, this secret is overwritten by passing the environment variable TYK_GW_SECRET.
In the local docker-compose setup, the default password is “foo” (provided by the TYK_GW_SECRET env variable in the docker-compose file).