Integration with tyk cloud

Hello, we’re planning to use tyk to be our gateway and start off using the cloud version. Our app will allow users to generate API keys and regenerate keys. I’m wondering what the required steps for integrating this into tyk would look like.

The workflow I imagine is this:

  1. Create the API in tyk
  2. When a user requests API access we generate a new key
  3. When a user wants to regenerate a key we delete the current key and make a new one

Is there anything else we need to do? I see users, access controls, policies, etc… but really we just want to start off with allowing or blocking access.

Thanks,
Montana

Hi Montana,

That’s a pretty straight forward work-flow. For your requirements, I would suggest running through our quick-start, which will enable a demo of your flow.

The quickstart will take you through:

  1. Create a new API
  2. Create an access policy for this API
  3. Set up your portal
  4. Publish the API to your portal
  5. Users can enrol for API access

That should get you up and running with Cloud pretty quickly.

Cheers,
Martin

Hi Martin,

Thanks for the quick reply! So we actually don’t want to use the portal, we’ll just have a section in our app to enable API access and that will return the user an API key that tyk will generate. They can also regenerate the key from our app.

I’ve been looking at https://cloud.tyk.io/docs/api/api-keys/ but there’s no description of what a session object is. Through some trial-and-error we’ve got it returning a key but I’m not sure if I first need to create a user to associate the key with?

Best Regards,
Montana

You won;t need to create a user to associate with a token, tokens and users are separate things. If you want to have an identity attached to a developer, then you can do that to.

The simplest thing is to just produce keys, but you will need to keep track of them yourself.

If you create users and then attach keys, then you will have an identity → token link that can help manage users access and upgrade them easier but the flow is more complicated and involves key request objects.

But to get started, the simplest thing is:

  1. Use the create key API method to generate a key, the sessions object has an overview here
  2. When you create the key, give them access to a base API, and (this is quite important), use a policy ID so that you can manage the quotas across all your tokens really easily instead of one by one
  3. Provide the key to the end user

That should get you started.

Cheers,
Martin