I was following the tutorial here: https://tyk.io/docs/get-started/with-tyk-on-premise/tutorials/tyk-on-premise-community-edition/create-api/
I created both an API (definition at the very bottom) and a key to authenticate with. Now when I try requesting the proxied API route with the key, the client gets a Key not authorised error.
Can anybody see a mistake here? Thanks in advance!
Tyk logs this:
time="Jul 25 19:13:48" level=warning msg="JWT Invalid: Validation error. Jwt token validation failed."
time="Jul 25 19:13:48" level=warning msg="Attempted access with invalid key." key="[JWT]"
time="Jul 25 19:13:48" level=error msg="request error: Key not authorised" api_id=demoapi org_id=default path="/demoapi/" server_name="http://demoapi:5000/" user_id= user_ip=172.19.0.1
I created the key like this:
http post localhost:8080/tyk/keys/create $AUTH_HEADER \
org_id=default \
allowance:=1000 \
rate:=1000 \
per:=1 \
expires:=1 \
quota_max:=1 \
quota_renews:=1449051461 \
quota_remaining:=1 \
quota_renewal_rate:=60 \
access_rights:='{"demoapi": {"api_id": "demoapi", "api_name": "Demo API", "versions": ["Default"]}}' \
meta_data:={}
The result:
{
"action": "create",
"key": "default3bb47fd13e954d0d69e58758a1232597",
"status": "ok"
}
The full JSON data for the key stored in redis:
{
"last_check": 0,
"allowance": 1000,
"rate": 1000,
"per": 1,
"expires": 1,
"quota_max": 1,
"quota_renews": 1501010030,
"quota_remaining": 1,
"quota_renewal_rate": 60,
"access_rights": {
"demoapi": {
"api_name": "Demo API",
"api_id": "demoapi",
"versions": [
"Default"
],
"allowed_urls": null
}
},
"org_id": "default",
"oauth_client_id": "",
"oauth_keys": null,
"basic_auth_data": {
"password": "",
"hash_type": ""
},
"jwt_data": {
"secret": ""
},
"hmac_enabled": false,
"hmac_string": "",
"is_inactive": false,
"apply_policy_id": "",
"data_expires": 0,
"monitor": {
"trigger_limits": null
},
"enable_detail_recording": false,
"meta_data": {},
"tags": null,
"alias": "",
"last_updated": "1501009970",
"id_extractor_deadline": 0,
"session_lifetime": 0
}
The test request to authenticate with this key for the proxied API:
http get localhost:8080/demoapi/ 'Authorization:Bearer default3bb47fd13e954d0d69e58758a1232597'
HTTP/1.1 403 Forbidden
Connection: close
Content-Length: 38
Content-Type: application/json
Date: Tue, 25 Jul 2017 19:13:48 GMT
X-Generator: tyk.io
{
"error": "Key not authorised"
}
The API definition:
{
"id": "59777906914dc34201d094d5",
"name": "Demo API",
"slug": "demoapi",
"api_id": "demoapi",
"org_id": "default",
"use_keyless": false,
"use_oauth2": false,
"oauth_meta": {
"allowed_access_types": [],
"allowed_authorize_types": [],
"auth_login_redirect": ""
},
"auth": {
"use_param": false,
"use_cookie": false,
"auth_header_name": "Authorization"
},
"use_basic_auth": false,
"enable_jwt": false,
"jwt_signing_method": "",
"notifications": {
"shared_secret": "",
"oauth_on_keychange_url": ""
},
"enable_signature_checking": false,
"hmac_allowed_clock_skew": -1,
"definition": {
"location": "header",
"key": "x-api-version"
},
"version_data": {
"not_versioned": true,
"versions": {
"Default": {
"name": "Default",
"expires": "",
"paths": {
"ignored": [],
"white_list": [],
"black_list": []
},
"use_extended_paths": true,
"extended_paths": {
"ignored": [],
"white_list": [],
"black_list": [],
"cache": [],
"transform": [],
"transform_response": [],
"transform_headers": [],
"transform_response_headers": [],
"hard_timeouts": [],
"circuit_breakers": [],
"url_rewrites": [],
"virtual": [],
"size_limits": []
},
"global_headers": {},
"global_headers_remove": [],
"global_size_limit": 0
}
}
},
"uptime_tests": {
"check_list": [],
"config": {
"expire_utime_after": 0,
"service_discovery": {
"use_discovery_service": false,
"query_endpoint": "",
"use_nested_query": false,
"parent_data_path": "",
"data_path": "",
"port_data_path": "",
"use_target_list": false,
"cache_timeout": 0,
"endpoint_returns_list": false
},
"recheck_wait": 0
}
},
"proxy": {
"listen_path": "/demoapi/",
"target_url": "http://demoapi:5000/",
"strip_listen_path": true,
"enable_load_balancing": false,
"target_list": [],
"check_host_against_uptime_tests": false,
"service_discovery": {
"use_discovery_service": false,
"query_endpoint": "",
"use_nested_query": false,
"parent_data_path": "",
"data_path": "",
"port_data_path": "",
"use_target_list": false,
"cache_timeout": 0,
"endpoint_returns_list": false
}
},
"custom_middleware": {
"pre": [],
"post": [],
"response": []
},
"cache_options": {
"cache_timeout": 60,
"enable_cache": true,
"cache_all_safe_requests": false,
"enable_upstream_cache_control": false
},
"session_lifetime": 0,
"active": true,
"auth_provider": {
"name": "",
"storage_engine": "",
"meta": {}
},
"session_provider": {
"name": "",
"storage_engine": "",
"meta": null
},
"event_handlers": {
"events": {}
},
"enable_batch_request_support": false,
"enable_ip_whitelisting": false,
"allowed_ips": [],
"dont_set_quota_on_create": false,
"expire_analytics_after": 0,
"response_processors": [],
"CORS": {
"enable": false,
"allowed_origins": [],
"allowed_methods": [],
"allowed_headers": [],
"exposed_headers": [],
"allow_credentials": false,
"max_age": 0,
"options_passthrough": false,
"debug": false
},
"domain": "",
"tags": [],
"use_openid": true,
"openid_options": {
"providers": [
{
"issuer": "localhost:5556",
"client_ids": {
"ZXhhbXBsZS1hcHA=": "demoapipolicy"
}
}
],
"segregate_by_client": false
}
}