On Create API page for Open Source (Tyk CE) there are two different examples and two different ways to specify auth_header_name
:
"org_id": "1",
"auth_configs": {
"authToken": {
"auth_header_name": "Authorization"
}
},
and,
"org_id": "1",
"auth": {
"auth_header_name": "Authorization"
},
I can create APIs using both. I can create API Keys for each, but, I cannot access either of the APIs. I get the error
{
"error": "There was a problem proxying the request"
}
Gateway API Docs for Tyk CE don’t show full schema. Where can I find full schema for creating API, and what does all this mean? auth
vs auth_configs
?
I even tried keyless:
{
"name": "Httpbin-Keyless2",
"slug": "httpbin-keyless2",
"api_id": "httpbin-keyless2",
"org_id": "1",
"use_keyless": true,
"definition": {
"location": "header",
"key": "x-api-version"
},
"version_data": {
"not_versioned": true,
"versions": {
"Default": {
"name": "Default",
"use_extended_paths": true
}
}
},
"proxy": {
"listen_path": "/httpbin-keyless2/",
"target_url": "http://localhost:8300",
"strip_listen_path": true
},
"active": true
}
I can access localhost:8300 httpbin:
% curl "http://localhost:8300/get"
{
"args": {},
"headers": {
"Accept": "*/*",
"Host": "localhost:8300",
"User-Agent": "curl/7.64.1"
},
"origin": "172.17.0.1",
"url": "http://localhost:8300/get"
}
I can say hello to Tyk CE:
% curl "http://127.0.0.1:8080/hello"
{"status":"pass","version":"v3.2.1","description":"Tyk GW","details":{"redis":{"status":"pass","componentType":"datastore","time":"2021-08-26T10:50:29Z"}}}
But I cannot access httpbin through Tyk CE:
% curl "http://127.0.0.1:8080/httpbin-keyless2/"
{
"error": "There was a problem proxying the request"
}
% curl "http://127.0.0.1:8080/httpbin-keyless2/get"
{
"error": "There was a problem proxying the request"
}
Yes, I have run tyk/reload
after each creation.
This is my Tyk-OSS set:
% kubectl get all -n tyk
NAME READY STATUS RESTARTS AGE
pod/gateway-tyk-ce-tyk-headless-nzwkd 1/1 Running 54 25h
pod/tyk-redis-master-0 1/1 Running 0 25h
pod/tyk-redis-replicas-0 1/1 Running 14 25h
pod/tyk-redis-replicas-1 1/1 Running 11 25h
pod/tyk-redis-replicas-2 1/1 Running 12 25h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/gateway-svc-tyk-ce-tyk-headless NodePort 10.110.208.142 <none> 443:32297/TCP 25h
service/tyk-redis-headless ClusterIP None <none> 6379/TCP 25h
service/tyk-redis-master ClusterIP 10.106.147.147 <none> 6379/TCP 25h
service/tyk-redis-replicas ClusterIP 10.107.182.136 <none> 6379/TCP 25h
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/gateway-tyk-ce-tyk-headless 1 1 1 1 1 <none> 25h
NAME READY AGE
statefulset.apps/tyk-redis-master 1/1 25h
statefulset.apps/tyk-redis-replicas 3/3 25h
And I run port-forward:
kubectl port-forward --namespace tyk service/gateway-svc-tyk-ce-tyk-headless 8080:443
And I can follow logs:
kubectl logs -n tyk -f pod/gateway-tyk-ce-tyk-headless-<HASH>
And I see:
time=“Aug 26 11:19:25” level=error msg=“http: proxy error: dial tcp 127.0.0.1:8300: connect: connection refused” api_id=httpbin-keyless2 api_name=Httpbin-Keyless2 mw=ReverseProxy org_id=1 prefix=proxy server_name=“localhost:8300” user_id=-- user_ip=127.0.0.1 user_name=
So that lead me to believe that from inside the pod I could not access localhost on the host machine.
Duh!!!
Solution
Get the IP for the minikube:
% minikube ssh 'grep host.minikube.internal /etc/hosts | cut -f1'
192.168.65.2
Then update the API and reload tyk (showing just updated part):
"proxy": {
"listen_path": "/httpbin-keyless2/",
"target_url": "http://192.168.65.2:8300",
"strip_listen_path": true
},
And viola:
% curl "http://127.0.0.1:8080/httpbin-keyless2/get"
{
"args": {},
"headers": {
"Accept": "*/*",
"Accept-Encoding": "gzip",
"Host": "192.168.65.2:8300",
"User-Agent": "curl/7.64.1"
},
"origin": "127.0.0.1",
"url": "http://192.168.65.2:8300/get"
}
If you have read this far, I am still interested in my original question:
Where can I find full schema for creating API, and what does all this mean?
auth
vsauth_configs
?