We are using TYK with a specific listen_path, lets call it /foo. Now I would like to only allow a certain IP address range to access /foo/analytics/export-statistics endpoint and make use of the enable_ip_whitelisting: true feature for this. From my understanding of the docs this configuration is only possible on the ApiDefinition spec itself, so in my case if I would configure it on the ApiDefinition that has the listen_path of /foo, it would apply the allow list to everything.
Now I am thinking of adding a second ApiDefinition spec, that has listen_path: /foo/analytics/export-statistics and the enable_ip_whitelisting: true setting. Is this possible to overlap the listen_path in this way? Or is there a more elegant solution to this that does not require duplicating the ApiDefinition?
I think it depends on what you mean by overlap. You can achieve what you want by enabling strict routes on the gateway config. Tyk matches longest paths first when trying to find the appropriate route, so /foo/analytics/export-statistics would be checked before /foo
However, doing this duplication may be exhausting at scale.
If the IP whitelist middleware is what you really want to use, then I don’t see a way to bypass using multiple APIs.
