Mapping of apikeys to groups


I’m new to Tyk and have hit a slight problem, hoping someone maybe able to point me in the right direction.

I have an upstream API that I need to provide access to. I would like to provide varying levels of access to it, with per user apikeys controlled by Tyk

I need to somehow map the Tyk generated keys these to group apikeys for the upstream service.

For example, tyk has generated an apikey ‘user1’, this key will be granted read-only access to the upstream service, that access is provided via upstream apikey ‘rotest’

Can I map the apikey ‘12345’ to the upstream service apikey ‘rotest’, if so can I do this for multiple users, eg tyk generated apikeys ‘user1’, ‘user2’ and ‘user5’ map to upstream apikey ‘rotest’?

I’m looking for something like the add header functionality but having the header value based off some form of policy or key metadata

Perhaps I need to go down the virtual endpoint path and embed the mapping logic in there?



Hi there!

Using Policies you can define granular per path/method access. So you can have one API but multiple access levels (individual policies)

Thanks for the reply leon,

I can see how’d that work, unfortunately in our situation Tyk may be replacing an existing situation and we can’t easily change the request structure sent by the clients.

I’m not sure if fully understand what you mean by request structure. Does it means that you use SOAP or similar protocol, where route embed indo request body and not URL?

In any case, for more complex logic, you are feel free to write either middleware, which runes for all requests globally, or some virtual endpoint as you mentioned previously.

Not SOAP but the existing URL format and headers are fixed. Time explore virtual endpoints.