How to push my own API keys to Tyk Dashboard


#1

I want to migrate an existed App to Tyk multi-cloud. Is it possible to push existed API Keys to Tyk? It seems the Dashboard API only has a “generate” method which works fine, but it’s not what I want. I want to be able to send API Keys and Secrets generated by my application, not Tyk. Is there a way to do it?

Thanks


#2

See this link https://tyk.io/docs/manage-multiple-environments/move-keys-between-environments/

Hope it helps!


#3

Thanks @leon. That will work. But it looks more like a workaround rather than a proper solution. As in case if I’m ok to migrate everyone to Tyk generated keys, but I don’t want to expire my old keys, I need to manage them separately outside of Tyk Dashboard scope. Which is not ideal as in this case it will be two places where we manage keys.

Also if I have my own legacy key/secret generation logic and for some reason, I want to keep using it. I can’t do it via Tyk dashboard.

I think it would be nice to add this feature in the future. I kow that some other API management platforms support BYO keys/secrets.


#4

Hi,

As in case if I’m ok to migrate everyone to Tyk generated keys, but I don’t want to expire my old keys, I need to manage them separately outside of Tyk Dashboard scope. Which is not ideal as in this case it will be two places where we manage keys.

The process you describe is possible, just through the Gateway API instead of the Dashboard API. The Gateway API provides endpoints for creating, reading, updating and deleting keys, whether they are custom or not. You can find out more on the Gateway API documentation.

If you want to manage the keys elsewhere, then the management system would need to integrate with the Tyk Gateway API to coordinate any changes with Tyk. Alternatively, you could write an authentication plugin which checks your custom API store for the key.

Also if I have my own legacy key/secret generation logic and for some reason, I want to keep using it. I can’t do it via Tyk dashboard.

Correct.

Regards,
Dave


#5

Thanks for your answer, David. It totally makes sense.

Just to clarify, the integration I would like to have is:

I don’t really need to write a plugin as the default HMAC authentication just works.

P.S. As I only can post one image in a post, I’ll send another message with the diagram of the solution which you propose.

Thanks!


#6

What you are proposing looks like this:

04%20pm


#7

Just to clarify, the integration I would like to have is:

Yes, that wouldn’t be possible right now since the Dashboard API works in the context of an organisation, so the keys format is constrained by this, hence why the Gateway API is needed. It may be feasible for the Dashboard Admin API to be extended to support this.

What you are proposing looks like this.

Yes, that would work. A slight variant would be for the legacy key management to target a single Gateway, if that is easier for you. Since the Gateway writes the key into Redis, any Gateway connected to the Redis will be able to read it, so you don’t need to push the key into each Gateway separately.