Hi Tyk Team,

As far as I know, ID extractor is used to cache the authentication / authorization process. And I can set a header value as key in the id_extractor config (in API config json file).

Currently we’re using Authorization header value as the key (which is set in api config file).

"id_extractor": {
  "extract_from": "header",
  "extract_with": "value",
  "extractor_config": {
    "header_name": "Authorization"
  }
}

But now we want to add a new header — say Origin. Both these two headers need to to be verified in custom authentication plugin. In this case, if we only set Authorization as key, the cache might have problem dealing with Origin header

Is there a way to do it (to use two keys or use a combination key)? Thanks!

I am thinking you could another API definition as a proxy. The API definition would be marked as internal and would handle the second header before finally forwarding the request upstream. This is just theory but I guess it should work. If I find any other approach I will reply on this thread.