Mapping of apikeys to groups

hellosnail · August 21, 2018, 5:23am

Hi,

I’m new to Tyk and have hit a slight problem, hoping someone maybe able to point me in the right direction.

I have an upstream API that I need to provide access to. I would like to provide varying levels of access to it, with per user apikeys controlled by Tyk

I need to somehow map the Tyk generated keys these to group apikeys for the upstream service.

For example, tyk has generated an apikey ‘user1’, this key will be granted read-only access to the upstream service, that access is provided via upstream apikey ‘rotest’

Can I map the apikey ‘12345’ to the upstream service apikey ‘rotest’, if so can I do this for multiple users, eg tyk generated apikeys ‘user1’, ‘user2’ and ‘user5’ map to upstream apikey ‘rotest’?

I’m looking for something like the add header functionality but having the header value based off some form of policy or key metadata

Perhaps I need to go down the virtual endpoint path and embed the mapping logic in there?

Thanks,

Phil

leon · August 21, 2018, 5:36am

Hi there!

Using Policies you can define granular per path/method access. So you can have one API but multiple access levels (individual policies)

hellosnail · August 21, 2018, 5:55am

Thanks for the reply leon,

I can see how’d that work, unfortunately in our situation Tyk may be replacing an existing situation and we can’t easily change the request structure sent by the clients.

leon · August 21, 2018, 6:09am

I’m not sure if fully understand what you mean by request structure. Does it means that you use SOAP or similar protocol, where route embed indo request body and not URL?

In any case, for more complex logic, you are feel free to write either middleware, which runes for all requests globally, or some virtual endpoint as you mentioned previously.

hellosnail · August 22, 2018, 12:31am

Not SOAP but the existing URL format and headers are fixed. Time explore virtual endpoints.