Hello,
I am trying to create and API where I expect that Headers should include X-API-Key but I do not care about value of X-API-Key cause my backend service checks it and if it is wrong request will be rejected.
What I found out in TYK is that I can register API which requires X-API-Key but then I should also create a key in order to access my API.
curl -v -H "x-tyk-authorization: foo" \
-s \
-H "Content-Type: application/json" \
-X POST \
-d '{
"name": "delivery-apikey",
"api_id": "delivery-apikey",
"org_id": "caruso-org-id-api-key",
"definition": {
"location": "header",
"key": "version"
},
"auth": {
"auth_header_name": "X-API-Key"
},
"use_keyless": false,
"enable_context_vars": true,
"version_data": {
"not_versioned": true,
"versions": {
"Default": {
"name": "Default",
"global_headers": {
"X-API-Key": "$tyk_context.headers_X_Api_Key"
}
}
}
},
"proxy": {
"listen_path": "/delivery",
"target_url": "http://localhost:32656/delivery",
"strip_listen_path": true
}
}' http://localhost:8080/tyk/apis | python3 -mjson.tool
curl localhost:8080/tyk/keys -X POST --header "x-tyk-authorization: foo" -d '
{
"quota_max": 0,
"rate": 3,
"per": 10,
"org_id": "org-id-api-key",
"access_rights": {
"delivery-apikey": {
"api_name": "delivery-apikey",
"api_id": "delivery-apikey",
"versions": [
"Default"
],
"allowed_urls": [],
"limit": null,
"allowance_scope": ""
}
}
}'
curl -X POST http://localhost:8080/delivery/v1/get -H "X-Api-Key:org-id-api-key76ac7bcbb1c94e328bd42bfa051359ad"
Is there a way to avoid key creation and just call my API with some random string just to bypass tyk-gateway?
curl -X POST http://localhost:8080/delivery/v1/get -H “X-Api-Key:some-not-registered-key-in-tyk”
Thanks