Few Questions on Tyk APIs

Swamy_M_S · December 12, 2023, 12:14pm

I have few questions regarding Tyk API definations

If we have multiple API definations is there any way to variable and use single/few templates so that Tyk can use that
eg: if i have 10 API, i need to create 10 json with just a change in plugins,listen_path and target_url
instead can we use a template and Tyk can once pick these plugins,listen_path and target_url from some mapping?

2)If thats not possible how Tyk dashboard will maintain large API jsons if we have thousands on APIs

3)suppose we are using s3fs and mounting all API definations to Tyk path, lets a new API gets created we have to restart the pod so that latest API will be synced from s3 is there any way like auto_sync or hoy reload?

for 3 cant we use tyk-sync when i try to use tyk-sync for authorized gitlab its not working we have token.txt in my local dir where i am running this command

Error reading token.txt for github key: open token.txt: no such file or directory
Error: authentication required

docker run -it --rm
tykio/tyk-sync:v1.4 sync
-g gateway-ing-url
-b “refs/heads/stage-relase”
–key “token.txt”
https://gitlab.dev/tyk-api-config.git

Swamy_M_S · December 12, 2023, 12:16pm

@Olu can you share some comments and documents on the same

Olu · December 14, 2023, 10:41am

No, we don’t have a feature like this but you could use jq to handle this. You still need to publish 10 APIs though.

The dashboard maintains the APIs individually the same as the gateway with the inclusion of database option. However, I am not sure I understand the question. It might be easier if you get a trial Self Managed license to experiment with. You can find out more information about our Self Managed offering on our docs.

Yes, we have a hot reload API call you can use

I hope I have answered this here Tyk-sync example - #9 by Swamy_M_S1

Swamy_M_S · December 20, 2023, 7:56am

thanks for the inputs @Olu and also how to restrict based on method type i tried below doc but there is no access_right key in api_Def object
https://tyk.io/docs/security/security-policies/secure-apis-method-path/

Olu · December 22, 2023, 6:58pm

It’s for API keys Key Level Security

Swamy_M_S · January 9, 2024, 2:17am

then lets say you want to restrict your API path for only POST calls how will you do that @Olu ?

Swamy_M_S · January 9, 2024, 9:07am

why i am asking this is @Olu lets say i have two APIs

1)v1/test/{test_path}
2)v1/test/test-url

url_rewrite for v1/test/{test_path}
“url_rewrites”: [
{
“path”: “/”,
“method”: “GET”,
“match_pattern”: “v1/files/(\??.)",
“rewrite_to”: “v1/files/$1$2”,
“triggers”: []
},
{
“path”: “/”,
“method”: “POST”,
“match_pattern”: "v1/test/(?!(?:[a-zA-Z_-]+(?:\?.)?$))([a-zA-Z0-9:-]+)(\?.*)?",
“rewrite_to”: “v1/test/$1$2”,
“triggers”: []
},
{
“path”: “/”,
“method”: “PATCH”,
“match_pattern”: "v1/test/(?!(?:[a-zA-Z-]+(?:\?.)?$))([a-zA-Z0-9:_-]+)(\?.)?”,
“rewrite_to”: “v1/test/$1$2”,
“triggers”:
},
{
“path”: “/”,
“method”: “DELETE”,
“match_pattern”: “v1/test/(?!(?:[a-zA-Z_-]+(?:\?.)?$))([a-zA-Z0-9:_-]+)(\?.)?”,
“rewrite_to”: “v1/test/$1$2”,
“triggers”:
},
{
“path”: “/”,
“method”: “PUT”,
“match_pattern”: “v1/test/(?![a-zA-Z-]+$)([a-zA-Z0-9:-]+)(\??.*)”,
“rewrite_to”: “v1/test/$1$2$3”,
“triggers”: [
]
}
],

now if i call v1/test/test-url call is going to v1/test/{path_param} because regex is matching

either we need to restric based on method or set some high priority for v1/test/test-url api we cant change the regex because its our path param this is just a sample url we have give we have 100 such apis with issue

Olu · January 10, 2024, 11:43am

You could use a middleware on the API or you could use allowed URLs via a key

Middleware: Allowlist/Whitelist

"extended_paths": {
            "white_list": [
              {
                "disabled": false,
                "path": "/{{sub_path/relative_path}}",
                "ignore_case": false,
                "method_actions": {
                  "GET": {
                    "action": "no_action",
                    "code": 200,
                    "headers": {}
                  }
                }
              }
            ]
          }

Key Definition: Allowed URLs. More information here

"allowed_urls": [
                {
                    "url": "/apidemo",
                    "methods": ["GET" ]
                },
                {
                    "url": "(/){1}$", // using golang regex to ensure root is only matched
                    "methods": ["GET", "POST", "PUT" ]
                }
            ]