Disabled API still serves request in Tyk Gateway

Shivam_Gupta · June 14, 2022, 11:44am

Hey!

Simply I created a API, API payload has a property which disables the API (it shouldn’t serve request normally in that case) in Tyk Gateway

“active”: false

But even after setting this property to false API serves requests normally

API Definition

{
    "name": "ccApiContant",
    "slug": "",
    "listen_port": 0,
    "protocol": "",
    "enable_proxy_protocol": false,
    "api_id": "1ce22023-bdf0-4098-be61-6f8efc89790e",
    "org_id": "",
    "use_keyless": true,
    "use_oauth2": false,
    "use_openid": false,
    "openid_options": {
        "providers": null,
        "segregate_by_client": false
    },
    "oauth_meta": {
        "allowed_access_types": null,
        "allowed_authorize_types": null,
        "auth_login_redirect": ""
    },
    "auth": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "gateway-authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
            "algorithm": "",
            "header": "",
            "secret": "",
            "allowed_clock_skew": 0,
            "error_code": 0,
            "error_message": ""
        }
    },
    "auth_configs": null,
    "use_basic_auth": false,
    "basic_auth": {
        "disable_caching": false,
        "cache_ttl": 0,
        "extract_from_body": false,
        "body_user_regexp": "",
        "body_password_regexp": ""
    },
    "use_mutual_tls_auth": false,
    "client_certificates": null,
    "upstream_certificates": null,
    "pinned_public_keys": null,
    "enable_jwt": false,
    "use_standard_auth": false,
    "use_go_plugin_auth": false,
    "enable_coprocess_auth": false,
    "jwt_signing_method": "",
    "jwt_source": "",
    "jwt_identity_base_field": "",
    "jwt_client_base_field": "",
    "jwt_policy_field_name": "",
    "jwt_default_policies": null,
    "jwt_issued_at_validation_skew": 0,
    "jwt_expires_at_validation_skew": 0,
    "jwt_not_before_validation_skew": 0,
    "jwt_skip_kid": false,
    "jwt_scope_to_policy_mapping": null,
    "jwt_scope_claim_name": "",
    "notifications": {
        "shared_secret": "",
        "oauth_on_keychange_url": ""
    },
    "enable_signature_checking": false,
    "hmac_allowed_clock_skew": 0,
    "hmac_allowed_algorithms": null,
    "request_signing": {
        "is_enabled": false,
        "secret": "",
        "key_id": "",
        "algorithm": "",
        "header_list": null,
        "certificate_id": "",
        "signature_header": ""
    },
    "base_identity_provided_by": "",
    "definition": {
        "location": "",
        "key": "",
        "strip_path": true
    },
    "version_data": {
        "not_versioned": true,
        "default_version": "Default",
        "versions": {
            "Default": {
                "name": "Default",
                "expires": "",
                "paths": {
                    "ignored": null,
                    "white_list": null,
                    "black_list": null
                },
                "use_extended_paths": true,
                "extended_paths": {},
                "global_headers": {},
                "global_headers_remove": [],
                "global_response_headers": {},
                "global_response_headers_remove": [],
                "ignore_endpoint_case": false,
                "global_size_limit": 0,
                "override_target": ""
            }
        }
    },
    "uptime_tests": {
        "check_list": null,
        "config": {
            "expire_utime_after": 0,
            "service_discovery": {
                "use_discovery_service": false,
                "query_endpoint": "",
                "use_nested_query": false,
                "parent_data_path": "",
                "data_path": "",
                "port_data_path": "",
                "target_path": "",
                "use_target_list": false,
                "cache_timeout": 0,
                "endpoint_returns_list": false
            },
            "recheck_wait": 0
        }
    },
    "proxy": {
        "preserve_host_header": false,
        "listen_path": "/ccapicontant/",
        "target_url": "http://httpbin.org/get",
        "disable_strip_slash": false,
        "strip_listen_path": true,
        "enable_load_balancing": false,
        "target_list": [],
        "check_host_against_uptime_tests": false,
        "service_discovery": {
            "use_discovery_service": false,
            "query_endpoint": "",
            "use_nested_query": false,
            "parent_data_path": "",
            "data_path": "",
            "port_data_path": "",
            "target_path": "",
            "use_target_list": false,
            "cache_timeout": 0,
            "endpoint_returns_list": false
        },
        "transport": {
            "ssl_insecure_skip_verify": false,
            "ssl_ciphers": null,
            "ssl_min_version": 0,
            "ssl_max_version": 0,
            "ssl_force_common_name_check": false,
            "proxy_url": ""
        }
    },
    "disable_rate_limit": false,
    "disable_quota": false,
    "custom_middleware": {
        "pre": null,
        "post": null,
        "post_key_auth": null,
        "auth_check": {
            "name": "",
            "path": "",
            "require_session": false,
            "raw_body_only": false
        },
        "response": null,
        "driver": "",
        "id_extractor": {
            "extract_from": "",
            "extract_with": "",
            "extractor_config": null
        }
    },
    "custom_middleware_bundle": "",
    "cache_options": {
        "cache_timeout": 0,
        "enable_cache": false,
        "cache_all_safe_requests": false,
        "cache_response_codes": null,
        "enable_upstream_cache_control": false,
        "cache_control_ttl_header": "",
        "cache_by_headers": null
    },
    "session_lifetime": 0,
    "active": false,
    "internal": false,
    "auth_provider": {
        "name": "",
        "storage_engine": "",
        "meta": null
    },
    "session_provider": {
        "name": "",
        "storage_engine": "",
        "meta": null
    },
    "event_handlers": {
        "events": null
    },
    "enable_batch_request_support": false,
    "enable_ip_whitelisting": true,
    "allowed_ips": [],
    "enable_ip_blacklisting": true,
    "blacklisted_ips": [],
    "dont_set_quota_on_create": false,
    "expire_analytics_after": 0,
    "response_processors": null,
    "CORS": {
        "enable": false,
        "allowed_origins": [],
        "allowed_methods": [],
        "allowed_headers": [],
        "exposed_headers": [],
        "allow_credentials": false,
        "max_age": 0,
        "options_passthrough": false,
        "debug": false
    },
    "domain": "",
    "certificates": null,
    "do_not_track": false,
    "tags": null,
    "enable_context_vars": false,
    "config_data": null,
    "tag_headers": null,
    "global_rate_limit": {
        "rate": 0,
        "per": 0
    },
    "strip_auth_data": false,
    "enable_detailed_recording": false,
    "graphql": {
        "enabled": false,
        "execution_mode": "",
        "version": "",
        "schema": "",
        "type_field_configurations": null,
        "playground": {
            "enabled": false,
            "path": ""
        },
        "engine": {
            "field_configs": null,
            "data_sources": null
        }
    }
}

Is there any other way to Disable API ?

Olu · June 14, 2022, 12:04pm

Considering your upstream target is httpbin then you could simply delete it. However, you can mark an API as internal to restrict external access to the API. This means that only Tyk APIs can make a call to this API

“internal”: true

Just out of curiosity, are you using the Open Source offering or modifying the API definition with the gateway APIs? Because if you are, then you need to restart the gateway or call the hot reload API after changing any property of an API definition.

Hope this helps

Shivam_Gupta · June 14, 2022, 12:18pm

Thanks for your help
Actually this is just a testing API, I have configured this API just for testing this issue thus doesn’t have much in it.
But isn’t there any other way with which I can deactivate API which acts like as good as API doesn’t exists?

At the same time with just updating a property, the whole API serves request back as normal

Just out of curiosity I have one question, What is the use of that disable property?

Olu · June 14, 2022, 1:00pm

But isn’t there any other way with which I can deactivate API which acts like as good as API doesn’t exists?

Well if you are using the dashboard then, known way is to set the active field in the API definition.

On the other hand if you are using open source with file-based mode, then simply removing the file from the root should do the trick You can create a backup or disabled subfolder inside the app path and place all your disabled APIs there. If you need them, then just bring them back out to the root.

I don’t know any other way apart from the internal field if you are using OSS with Tyk Gateway API.

At the same time with just updating a property, the whole API serves request back as normal

Does the internal field not work for your use case?

Just out of curiosity I have one question, What is the use of that disable property?

It is used in combination with the dashboard to decide which paths or routes will be proxied. You can read more info here

Shivam_Gupta · June 14, 2022, 1:09pm

Okay got it.
Thanks for your constant help