Getting HTTP 401 when accessing Policies API

Hi,

I’m getting HTTP 401 error when trying to access Policies API using Postman. I can list the Policies on the Tyk dashboard just fine.

The only difference I can see betwen the Policies API being called from the browser dashboard and from Postman is that in the case of browser dashboard, I see the following cookies being set.

Any idea what the problem might be? Is there any documentation on Policies API? I’m looking for the ability to create a Policy and specify my own human-readable policy id value instead of the UUID format returned by the Policy API.

Cookie:csrf_token=4PVkEPsIUQq6pjvyrNzVhD/u8Uh08DUSqT6GVD0NqP0=; authorisation=b15d2bf1-5a12-49f1-6102-7e0d4742cd03

Example:
GET /api/portal/policies HTTP/1.1
Host: localhost:3000
Authorization: Basic dGVzdEB0ZXN0LmNvbTp0ZXN0MTIz
Accept: application/json
Cache-Control: no-cache
Postman-Token: 96602a60-41ae-30cb-2570-c7e28744e2b9

Response:
{“Status”:“Error”,“Message”:“Not authorised”,“Meta”:null}

Thanks,
-Jeffrey

You don’t need to use basic auth header, just Authorization and the API key assigned to your user.

Hi Martin,

I’m still getting the same error even after using API key in place of “Basic dGVzdEB0ZXN0LmNvbTp0ZXN0MTIz”

GET /api/portal/policies HTTP/1.1
Host: localhost:3000
Authorization: 59de481c2e7f09000106f0b648197c79774e48d06731b2ac957cbb1e
Accept: application/json
Cache-Control: no-cache
Postman-Token: 3857c8a9-0d70-4082-3b20-6a5121d30a1e

Hi
That key length doesn’t look right, where are you getting that from?

Thanks
Josh

Hi,
On the Tyk dashboard, I went to Keys -> Add Keys -> Add apis/policies -> Click Create

-Jeffrey

I checked in mongoDB under tyk_analytics_users, the access key for the user is different. It is a3deb204957647f95d509b00865e3103. Using this key, I was able to access policies API.

Not sure why the key generated from the Tyk Dashboard is not valid. I just used the Dashboard and generated another key: 59de481c2e7f09000106f0b60d8f3f3939934a346599ef260b1780ec. I confirmed this new key was not stored in mongoDB.

No keys are stored in MongoDB, they are stored in redis. You only get a direct key reference in a developer object when you have unhashed (insecure) mode enabled