I created my API in the Advanced API builder as well as within the Catalogue. My API has a swagger definition and all endpoints are accounted for within my Swagger documentation. I checked the portal documentation as well as the API Endpoint Designer to make sure the endpoint returning forbidden exists and is whitelisted; it does exist and is whitelisted. I am at a loss as to what else I can do to resolve my issue. I am sure this an issue from being new with Tyk. Are there reserved endpoint words I cannot use?
I will say the rest of my API is working great within my application using Tyk as the gateway.
It could just not be matching your API paths correctly, I assume your targets in the API designer all have a slash in front of them, try removing that.
I did this, but it did not work. I copied the entire content of my swagger.json output from my API into sublime and edited all endpoints to have no forwardslash at the beginning.
To test, I am using the Chrome extension âAdvanced Rest Clientâ. I am still seeing the same response.
{âerrorâ: âRequested endpoint is forbiddenâ}
You need to edit the endpoints in the API designer, not in your portal. Try just editing them manually instead of messing with the swagger file. Then you can just test a single endpoint.
Martin,
I have updated the API Endpoint within the API designer to have no forward slash on the specific endpoint I was having trouble with. It is now properly responding.
The white lists are extremely strict. So if the requests are different from what is defined they will be rejected. If the white lists need to handle variability, you will need to use curly braces to define them:
widgets/{id}
What are the differences between the requests being made?
Martin,
I did an export of the API and rebuilt it. I had some extraneous endpoints to clean up anyway. Since doing this, everything seems to be working as expected.
Martin,
I am using the Hybrid method for my API Gateway. I updated my API and imported my API documentation to my current version. I again had the issue of an endpoint claiming it was forbidden. After waiting some time and clicking update on the API (not updating anything though) it eventually worked again.
Just wanted to mention it. Was this due to a delay in the Proxy?
Potentially - your scenario is very difficult to replicate. I would suggest updating your hybrid container, weâve made many changes recently to improve it.
Is there any way for me to stay up-to-date with the changes being made to the hybrid container? Not the software updating itself, but notifications, etc?
It seems weird that it works for a GET, but not for a POST, so it is working, only not working properly.
Do you know what (configuration) could allow the GET, but reject the POST? (even when it is configured as POST and not a GET)?
Thanks,