Issue with virtual endpoint

I was testing the virtual endpoint and the following are the steps but it is not working

API_DEFINITION:
{
“created_at”: “2022-04-22T04:23:18Z”,
“api_model”: {},
“api_definition”: {
“api_id”: “d50f6ae7742f4cad6f1ca8e6b72147e2”,
“jwt_issued_at_validation_skew”: 0,
“upstream_certificates”: {},
“use_keyless”: true,
“enable_coprocess_auth”: false,
“base_identity_provided_by”: “”,
“custom_middleware”: {
“pre”: [],
“post”: [],
“post_key_auth”: [],
“auth_check”: {
“name”: “”,
“path”: “”,
“require_session”: false,
“raw_body_only”: false
},
“response”: [],
“driver”: “”,
“id_extractor”: {
“extract_from”: “”,
“extract_with”: “”,
“extractor_config”: {}
}
},
“disable_quota”: false,
“custom_middleware_bundle”: “”,
“cache_options”: {
“cache_timeout”: 60,
“enable_cache”: true,
“cache_all_safe_requests”: false,
“cache_response_codes”: [],
“enable_upstream_cache_control”: false,
“cache_control_ttl_header”: “”,
“cache_by_headers”: []
},
“enable_ip_blacklisting”: false,
“tag_headers”: [],
“jwt_scope_to_policy_mapping”: {},
“pinned_public_keys”: {},
“expire_analytics_after”: 0,
“domain”: “”,
“openid_options”: {
“providers”: [],
“segregate_by_client”: false
},
“jwt_policy_field_name”: “”,
“enable_proxy_protocol”: false,
“jwt_default_policies”: [],
“active”: true,
“jwt_expires_at_validation_skew”: 0,
“config_data”: {},
“notifications”: {
“shared_secret”: “”,
“oauth_on_keychange_url”: “”
},
“jwt_client_base_field”: “”,
“auth”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“check_host_against_uptime_tests”: false,
“auth_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: {}
},
“blacklisted_ips”: [],
“graphql”: {
“schema”: “”,
“enabled”: false,
“engine”: {
“field_configs”: [],
“data_sources”: []
},
“type_field_configurations”: [],
“execution_mode”: “proxyOnly”,
“proxy”: {
“auth_headers”: {}
},
“subgraph”: {
“sdl”: “”
},
“supergraph”: {
“subgraphs”: [],
“merged_sdl”: “”,
“global_headers”: {}
},
“version”: “2”,
“playground”: {
“enabled”: false,
“path”: “”
}
},
“hmac_allowed_clock_skew”: -1,
“dont_set_quota_on_create”: false,
“uptime_tests”: {
“check_list”: [],
“config”: {
“expire_utime_after”: 0,
“service_discovery”: {
“use_discovery_service”: false,
“query_endpoint”: “”,
“use_nested_query”: false,
“parent_data_path”: “”,
“data_path”: “”,
“cache_timeout”: 60
},
“recheck_wait”: 0
}
},
“enable_jwt”: false,
“do_not_track”: false,
“name”: “virtual”,
“slug”: “virtual”,
“oauth_meta”: {
“allowed_access_types”: [],
“allowed_authorize_types”: [],
“auth_login_redirect”: “”
},
“CORS”: {
“enable”: false,
“max_age”: 24,
“allow_credentials”: false,
“exposed_headers”: [],
“allowed_headers”: [
“Origin”,
“Accept”,
“Content-Type”,
“X-Requested-With”,
“Authorization”
],
“options_passthrough”: false,
“debug”: false,
“allowed_origins”: [
“*”
],
“allowed_methods”: [
“GET”,
“POST”,
“HEAD”
]
},
“event_handlers”: {
“events”: {}
},
“proxy”: {
“target_url”: “http://httpbin.org/”,
“service_discovery”: {
“endpoint_returns_list”: false,
“cache_timeout”: 0,
“parent_data_path”: “”,
“query_endpoint”: “”,
“use_discovery_service”: false,
“_sd_show_port_path”: false,
“target_path”: “”,
“use_target_list”: false,
“use_nested_query”: false,
“data_path”: “”,
“port_data_path”: “”
},
“check_host_against_uptime_tests”: false,
“transport”: {
“ssl_insecure_skip_verify”: false,
“ssl_min_version”: 0,
“proxy_url”: “”,
“ssl_ciphers”: []
},
“target_list”: [],
“preserve_host_header”: false,
“strip_listen_path”: true,
“enable_load_balancing”: false,
“listen_path”: “/virtual/”,
“disable_strip_slash”: true
},
“client_certificates”: [],
“use_basic_auth”: false,
“version_data”: {
“not_versioned”: true,
“default_version”: “”,
“versions”: {
“Default”: {
“name”: “Default”,
“expires”: “”,
“paths”: {
“ignored”: [],
“white_list”: [],
“black_list”: []
},
“use_extended_paths”: true,
“global_headers”: {},
“global_headers_remove”: [],
“global_response_headers”: {},
“global_response_headers_remove”: [],
“ignore_endpoint_case”: false,
“global_size_limit”: 0,
“override_target”: “”,
“extended_paths”: {
“virtual”: [
{
“response_function_name”: “myUniqueFunctionName”,
“function_source_type”: “blob”,
“function_source_uri”: “ZnVuY3Rpb24gbXlVbmlxdWVGdW5jdGlvbk5hbWUocmVxdWVzdCwgc2Vzc2lvbiwgY29uZmlnKSB7CiAgdmFyIHJlc3BvbnNlT2JqZWN0ID0geyAKICAgIEJvZHk6ICJUSElTIElTIEEgIFZJUlRVQUwgUkVTUE9OU0UiLCAKICAgIENvZGU6IDIwMCAKICB9CiAgcmV0dXJuIFR5a0pzUmVzcG9uc2UocmVzcG9uc2VPYmplY3QsIHNlc3Npb24ubWV0YV9kYXRhKQp9”,
“path”: “/test”,
“method”: “GET”,
“use_session”: false,
“proxy_on_error”: false
}
]
}
}
}
},
“jwt_scope_claim_name”: “”,
“use_standard_auth”: false,
“session_lifetime”: 0,
“hmac_allowed_algorithms”: [],
“disable_rate_limit”: false,
“definition”: {
“location”: “header”,
“key”: “x-api-version”,
“strip_path”: false
},
“use_oauth2”: false,
“jwt_source”: “”,
“jwt_signing_method”: “”,
“jwt_not_before_validation_skew”: 0,
“use_go_plugin_auth”: false,
“jwt_identity_base_field”: “”,
“allowed_ips”: [],
“request_signing”: {
“is_enabled”: false,
“secret”: “”,
“key_id”: “”,
“algorithm”: “”,
“header_list”: [],
“certificate_id”: “”,
“signature_header”: “”
},
“org_id”: “62332e053cd0fe0001ee1dff”,
“enable_ip_whitelisting”: false,
“global_rate_limit”: {
“rate”: 0,
“per”: 0
},
“protocol”: “”,
“enable_context_vars”: false,
“tags”: [],
“basic_auth”: {
“disable_caching”: false,
“cache_ttl”: 0,
“extract_from_body”: false,
“body_user_regexp”: “”,
“body_password_regexp”: “”
},
“listen_port”: 0,
“session_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: {}
},
“auth_configs”: {
“authToken”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“basic”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“coprocess”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“hmac”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“jwt”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“oauth”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“oidc”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
}
},
“strip_auth_data”: false,
“id”: “62622db61b83350001963946”,
“certificates”: [],
“enable_signature_checking”: false,
“use_openid”: false,
“internal”: false,
“jwt_skip_kid”: false,
“enable_batch_request_support”: false,
“enable_detailed_recording”: false,
“response_processors”: [],
“use_mutual_tls_auth”: false
},
“hook_references”: [],
“is_site”: false,
“sort_by”: 0,
“user_group_owners”: [],
“user_owners”: []
}

and here is the response from the postman, not sure what is wrong here

Screenshot 2022-04-22 at 11.22.20 AM1062×768 33.7 KB

image of debugging report

Screenshot 2022-04-22 at 11.24.30 AM1146×461 43.1 KB

I see you are making the request/API call using the management endpoint - https://proper-xxxxxx-mgw.aws.apse1.cloud-ara.tyk.io. Please be aware that the management endpoint is not intended for anything but the management/administration of your service. Of course you can use it to quickly test out your APIs but it is not the recommended approach.

Can you try calling the API with the proxy / ingress / gateway endpoint instead? Let me know how it goes.

Hi @Olu, thanks for the help yes we are aware that no public request should come to above-mentioned endpoint…as for the test we adopted that endpoint. the issue is solved now
but the issue was related to tags and policy, tags weren’t mentioned and somehow the policies created from calling the tyk dashboard rest endpoint weren’t available by the id’s (this is the id we capture as a response when a policy is registered in tyk ) and hence apply_policies and apply_policy_id(being aware that it is deprecated) were not picking up the policy…and when tried with policy_name the policy was available.
So just want to ask are any other key values also to be passed to the request body while creating the policies other than the defaults.

Thanks
Parsenjit

I’m a bit unsure how policy and tags are related with Virtual Endpoint. I would like to understand what you are doing and the result you are ending up with. I assume the policy and tags issue is related to this thread: Is it possible to update quota after it is exhausted instead. If not, then could you help with some context?

So just want to ask are any other key values also to be passed to the request body while creating the policies other than the defaults.

This depends on what you want the policy to have. You can run Policy GET call to see the full properties of a policy. Which ever property you think is needed can be added at the creation/update of the policy via POST/PUT.

Thanks, @Olu for the reply, sure I would definitely seek some guidance,
(Our use case of Virtual Endpoint) assuming that creating the virtual endpoint is similar to a tyk API but with a route and a middleware to process existing tyk Apis as batch requests (which we pass in JS function as requests object) using the TykBatchRequests method, later aggregating the response and returning the response in a formatted way.

Hence, while creating this API tags are added such that analytics can be enabled, not sure but sometimes calling endpoints generated in tyk via ingress are not available if tags are missing for example path being: “steady-XXXXX-YY.aws-XXXX.cloud-XXX.tyk.io/listen-path” is not available.

after API is created to manage the quotas and limits a policy is created and a key is generated from that policy(here problem occurs where we don’t get a policy by its id and use policy_name instead) and VP API is added to that key as access_rights object into the key definition hence after this we have an endpoint with a key and this is our flow with the virtual endpoint.

Thanks
Parsenjit

I will try to summarize what I understood

• You are making multiple requests in the Virtual Endpoint like the Tyk Gateway Batch Request. The requests flow accordingly:

1. Dashboard POST/UPDATE /api/apis API to create API definition or update the segment tags of an API definition.

2. Dashboard POST /api/portal/policies/ API to create a policy. The result does not have an ID in the field to use in creating a key but you’ve used the unique policy name instead. This was the earlier issue but has now been resolved.

3. Dashboard POST /api/keys to create a key from the policy.

Correct…just that between and 2 and 3 the API is assigned to policy using policy name, such that a key can be used associated to api policy