Error in setting up Tyk Community Edition - version 2.9.3

I am trying to set up a couple of APIs with Tyk CE. One of the APIs uses a policy+key but the other one does not. I have followed the docs here.

So the APIs, policy, and key exist. Yet, I keep getting the error:

Key not authorized: no matching policy

I believe that somehow the policy is not being read. I feel this way because the only way to set policies is to add the file. I have seen that anything related to just dumping the files in the corresponding directories does not work. For example, I have to add APIs via /tyk/apis endpoint because dumping the files in apps/ directory does not work (it returns an empty list, that is, no APIs registered even though files exist).

I wonder if the same is true for the policies part?

Or here is what my policies/policies.json looks like

    "policy21": {
        "access_rights": {
            "21": {
                "allowed_urls": [],
                "api_id": "21",
                "api_name": "myapi",
                "versions": [
        "active": true,
        "name": "My Awesome Policy",
        "rate": 100,
        "per": 1,
        "quota_max": 10000,
        "quota_renewal_rate": 3600,
        "tags": ["Startup Users"]

    "default": {
	"rate": 1000,
	"per": 1,
	"quota_max": 100,
	"quota_renewal_rate": 60,
	"access_rights": {
	    "41433797848f41a558c1573d3e55a410": {
		"api_name": "My API",
		"api_id": "41433797848f41a558c1573d3e55a410",
		"versions": [
	"org_id": "54de205930c55e15bd000001",
	"hmac_enabled": false

And the API definition has

"openid_options": {
"segregate_by_client": false,
"providers": [
            "issuer": "<issuer url>",
            "client_ids": {
                "base64-client-id": "policy21"

Obviously, the API ID setup via the endpoint /tyk/apis is “21”.

I would really appreciate any help. Also, if there is a stepwise tutorial on how to move with Tyk CE, please point me to that.

Some more details about the steps I see in DEBUG log level:

  1. “Generated Session ID: …f396d5”
  2. Querying local cache
  3. Querying keystore
  4. Could not get session detail, key not found
  5. Querying authstore
  6. Error trying to get value:redis: nil
  7. Key not found in storage engine
  8. Key does not exist, creating
  9. Attempted access with invalid key key=“****96d5”
  10. EVENT FIRED: AuthFailure
  11. Could not find a valid policy to apply to this token!
  12. Key not authorized: no matching policy

I am not sure if this a key issue or a policy issue.

I have also seen that the session that Tyk creates is identical no matter how many times you install Tyk. Is that expected?

Thank you,

This has been resolved. You need to set app_path even though the docs say there is a default /opt/tyk-gateway/apps.