Is the policies endpoint in the "advanced management API" documented?


#1

Imported Google Group message. Original thread at: https://groups.google.com/forum/#!topic/tyk-community-support/u8-xIg0mGRU Import Date: 2016-01-19 21:40:27 +0000.
Sender:Russ Egan.
Date:Tuesday, 5 January 2016 19:04:33 UTC.

I’ve found I can use the /api/policies endpoint to list and create policies, but I haven’t figured out how to add access rights correctly. If I nest them in the POST body when creating the policies, they get created, but the “apiid” field gets cleared.

Creating some base policies is part of our bootstrap procedure, which is why I’m trying to automate it.


API 2.0 does not have policy
#2

Imported Google Group message.
Sender:Russ Egan.
Date:Tuesday, 5 January 2016 19:15:10 UTC.

Sorry, I meant the /api/portal/policies endpoint

On Tuesday, January 5, 2016 at 2:04:33 PM UTC-5, Russ Egan wrote:
I’ve found I can use the /api/policies endpoint to list and create policies, but I haven’t figured out how to add access rights correctly. If I nest them in the POST body when creating the policies, they get created, but the “apiid” field gets cleared.

Creating some base policies is part of our bootstrap procedure, which is why I’m trying to automate it.


#3

Imported Google Group message.
Sender:Martin Buhr.
Date:Tuesday, 5 January 2016 20:02:29 UTC.

Hi Russ,

Here’s a request payload from the GUI using the same endpoint to Create and then update an API Policy Access Rights:

POST /api/portal/policies HTTP/1.1
Host: origin.origin.domain:3000
Connection: keep-alive
Content-Length: 660
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36
Origin: http://origin.origin.domain:3000
authorization: XXXXXXXXXXXXXXXXXXXXXXXXX
Accept: /

{
“last_check”: 0,
“allowance”: 0,
“rate”: 1000,
“per”: 60,
“expires”: 0,
“quota_max”: 10000,
“quota_renews”: 1452026960,
“quota_remaining”: 0,
“quota_renewal_rate”: 3600,
“access_rights”: {
“16daffbca6f3442e67b456dc452f9313”: {
“api_name”: “Test API”,
“api_id”: “16daffbca6f3442e67b456dc452f9313”,
“versions”: [“Default”],
“allowed_urls”: []
}
},
“name”: “New Policy”,
“is_inactive”: false,
“active”: true,
“hmac_enabled”: false,
“tags”: [“tag1”, “tag2”],
“key_expires_in”: 0
}

And then to update (we add 3 APIs):

PUT /api/portal/policies/568c1e7330c55e6480000005 HTTP/1.1
Host: origin.origin.domain:3000
Connection: keep-alive
Content-Length: 660
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36
Origin: http://origin.origin.domain:3000
authorization: XXXXXXXXXXXXXXXXXXXXXXXXX
Accept: /

{
“_id”: “568c1e7330c55e6480000005”,
“id”: “”,
“org_id”: “53ac07777cbb8c2d53000002”,
“rate”: 1000,
“per”: 60,
“quota_max”: 10000,
“quota_renewal_rate”: 3600,
“access_rights”: {
“16daffbca6f3442e67b456dc452f9313”: {
“api_name”: “Test API”,
“api_id”: “16daffbca6f3442e67b456dc452f9313”,
“versions”: [“Default”],
“allowed_urls”: []
},
“3f17de60b8444fe07f00aceca285ed2c”: {
“api_name”: “BA 2”,
“api_id”: “3f17de60b8444fe07f00aceca285ed2c”,
“versions”: [“Default”],
“allowed_urls”: []
},
“e1d21f942ec746ed416ab97fe1bf07e8”: {
“api_name”: “Closed”,
“api_id”: “e1d21f942ec746ed416ab97fe1bf07e8”,
“versions”: [“Default”],
“allowed_urls”: []
},
“2583f6ddd8c243b3664c8eb2bc0a3b2d”: {
“api_id”: “2583f6ddd8c243b3664c8eb2bc0a3b2d”,
“api_name”: “Oauth 1”,
“versions”: [“Default”]
}
},
“hmac_enabled”: false,
“active”: true,
“name”: “New Policy”,
“is_inactive”: false,
“date_created”: “0001-01-01T00:00:00Z”,
“tags”: [“tag1”, “tag2”],
“key_expires_in”: 0,
“quota_renews”: 1452027370
}

That works, because if the dashboard can do it, so can the API, they use the same endpoints (this is pretty much the mantra)

You might need to GET the created policy to update it.

Cheers,
Martin


#4

Imported Google Group message.
Sender:Russ Egan.
Date:Tuesday, 5 January 2016 20:59:25 UTC.

Ah, I see why I was having trouble. The body of the access_rights objects should have “api_id” and “api_name” fields. But if you list existing policies, those field names are “apiid” and “apiname” (missing the underscores).

  • show quoted text -

  • show quoted text -


You received this message because you are subscribed to a topic in the Google Groups “Tyk Community Support” group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tyk-community-support/u8-xIg0mGRU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to [email protected].
To view this discussion on the web, visit https://groups.google.com/d/msgid/tyk-community-support/117db88e-fa35-4487-b82c-15a9c2a972bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


#5

Imported Google Group message.
Sender:Martin Buhr.
Date:Tuesday, 5 January 2016 21:39:38 UTC.

Hi Russ,

Damn, you’re right… need to address that, will add it to the tracker.

Cheers,
Martin