We have set up Tyk 2 but now we are having a hard time understanding how it is supposed to be used. I think the best way to make my point is starting by trying to explain how we would expect an API manager to work and then explain what gaps we find in Tyk. Maybe it's our misunderstanding or a misconfiguration, but certainly we need some clarification on some key usage scenarios.
As an API provider, I would expect to be able create APIs, configure their supported authentication methods (in our case we are trying to work with oauth2 client credentials grant), publish them to the public and monitor usage. All these things I can do, except we haven't been able to make the client credentials grant work.
As an API consumer, I would expect to register in the portal, register and manage my oauth clients for different available APIs and monitor my API usage.
Here comes most of our troubles, because It seems that developer accounts in the developer portal can't do much but view de documentation and test de API.
This arises some questions.
How can an API consumer user register oauth clients? Does it have to be done by the API provider admin through the dashboard?
How can an API consumer user monitor his usage? Does the API provider admin have to create a user on the dashboard with certain privileges to allow this use case? Is this even supported?
What is the API key the developer receives on sign up for? Where can he get a client id and secret to implement a client credentials flow?
Thanks in advance for your support!