Attempted administrative access with invalid or missing key

[When i use the Example to Create an API - Community Edition but fail]

[leinao@GA041 ~]$ curl -v -H “x-tyk-authorization: 352d20ee67be67f6340b4c0605b044sf” -s -H “Content-Type: application/json” -X POST -d ‘{
“name”: “Test API”,
“slug”: “test-api”,
“api_id”: “1”,
“org_id”: “1”,
“auth”: {
“auth_header_name”: “Authorization”
“definition”: {
“location”: “header”,
“key”: “x-api-version”
“version_data”: {
“not_versioned”: true,
“versions”: {
“Default”: {
“name”: “Default”,
“use_extended_paths”: true
“proxy”: {
“listen_path”: “/test-api/”,
“target_url”: “”,
“strip_listen_path”: true
“active”: true
}’ | python -mjson.tool


  • About to connect() to port 8080 (#0)
  • Trying…
  • Connected to ( port 8080 (#0)

POST /tyk/apis/ HTTP/1.1
User-Agent: curl/7.29.0
Accept: /
x-tyk-authorization: 352d20ee67be67f6340b4c0605b044sf
Content-Type: application/json
Content-Length: 570

} [data not shown]

  • upload completely sent off: 570 out of 570 bytes
    < HTTP/1.1 403 Forbidden
    < Content-Type: application/json
    < Date: Mon, 22 Mar 2021 08:32:50 GMT
    < Content-Length: 92
    { [data not shown]
  • Connection #0 to host left intact
    “message”: “Attempted administrative access with invalid or missing key!”,
    “status”: “error”

You’re passing the auth header secret 352d20ee67be67f6340b4c0605b044sf to access the admin API.

Can you confirm that’s what the value in the tyk.conf secret field? or the env variables?

1 Like

Ran into the same issue. You have to check two places:

The config (when using docker-compose it’s the tyk.standalone.conf by default) contains a secret.

However, this secret is overwritten by passing the environment variable TYK_GW_SECRET.
In the local docker-compose setup, the default password is “foo” (provided by the TYK_GW_SECRET env variable in the docker-compose file).


Yeah @kevcodez , setting the ‘x-tyk-authorization’ to ‘foo’ worked for me.

1 Like

thanks for the solution… it worked