Hi all !
I face an issue while using JWT with our CE of Tyk Gateway.
As for today, we grant a single “pol” claim while generating the JWT on our IDP (custom idp).
That was fine until we were asked to customize rate-limiting for specific routes.
I’ve checked Tyk possibilities among multiple policies (with granular access rights) but I can’t face how to be able to specify different rate-limiting for routes under the same API
To be more clear :
- one api with /api path
- another api with /api2 path
- both proxyied by Tyk gateway to 2 different webapps
- one single policy for both apis, with in consequence one single rate-limiting policy
- policy is linked to token via “pol” claim in our JWT
the need :
- being able to setup specific rate-limiting to one /api/xxx route, all other routes under /api/… should benefit of current policy (pol claim)
I wander if it can be done
If yes, is it by calling Tyk gateway api to grant multiple policies to token dynamically ?
If so, how can I specify the token/key I want to address these policies, being done that api keys are not pushed to Tyk for the moment (Tyk only validating the JWT with specified certificate and redirects to corresponding webapp regarding the api path (and forwarding the bearer token as a header))
Thank you all for your help, and do not hesitate to correct me if I make any mistake or misunderstanding while using Tyk