KeyCloak + Tyk Pro


Im trying to integrate keycloak with tyk, created realm,client and user on keycloak and im able to get a token normally (using, but im having problems (and some questions) with configurations on tyk.

What i did on tyk:

  • Created an API (named Teste OpenId-KeyCloak) with OpenID Connect auth mode, issuer and policy.

  • Created a Policy with access to api


  • I need to create a key to the policy i’ve created?
  • Keys’ expiration must be the same as the token (from KeyCloak)?


  • Sometimes i get normal access to the api and sometimes I find the error “Key not authorised” and i dont know what makes it works and not works. Documentation and guides didn’t really helped me.

Hi @Marcos-Oleiro,

Thank you for reaching out and attaching the images to your inquiry.

I don’t have the answer at the moment for why you’re only sometimes receiving the “Key not authorised” error message. I’m going to try to recreate this on my end and will get back to you as soon as I find the answer for you.


1 Like

Hey @Marcos-Oleiro,

Here are the the steps on the Tyk side for protecting your API with Keycloak.

  1. Create API
  2. Set Authentication mode: Open ID Connect
  3. Create Policy with access Rights
  4. Edit your API to include your keycloak realm in the ‘Add issuers’ section. You then need to create a a client ID (user) on Keycloak and then point it to your policy which we created in step number 3.

Which it appears you have done based on the images you provided. The only other thing I can think of would be something to do with the keycloak set up.

Here’s a video that goes into a bit more detail on both the Tyk side as well as the Keycloak side:

  • One thing to note is that the Dashboard versioning is different at the time of the video versus now, however the process will still be the same *

Please let me know if this video helps with your question!


Didn’t helped 'cause i use this video to see the steps to do integration between keycloak and tyk gateway.

And my Keycloak its wokiing fine.

Hi @Marcos-Oleiro,

When do you get the error ‘Key not authorised’?

Does it show up in a routine, i.e after a certain timeframe or after a certain amount of calls? Or is it completely random?

I got this error when i try to use a token, always. I only got access when i create a key for policy.

Do you have the Gateway logs when this occurs?

It should have more information as to why we’re receiving the error. It’ll point us in the right direction whether JWT is valid or not.

I managed to make it work as expected, it must be some small detail that I ended up missing but when I configured again the procedure it worked. I didn’t find where to close the topic but it can be closed.

Hey @Marcos-Oleiro,

Im very happy to hear that! Thank you for letting me know. If you have any other questions in the future regarding Tyk please feel free to reach out at any time.


1 Like