Multiple Authentication mechanisms in Tyk

Hi,
At the point of time when the post was written, multiple authentication mechanisms were unavailable in Tyk (Referring to Multiple auth schemes for single API definition).

My query: Does Tyk only allows one auth method per API definition? If not, how can I achieve both Basic Auth and Auth token authentication methods for a single API in Tyk.

Your insights would be of much help.
Thanks and regards,
Prashanth

Hello -

We can apply multiple Auth mechanisms in Tyk now - Multiple Auth

Relevant sections of the API Definition:

{
  "base_identity_provided_by": "auth_token",
  "use_basic_auth": true,
  "use_standard_auth": true,
  "auth_configs": {
    "authToken": {
      "use_param": false,
      "param_name": "",
      "use_cookie": false,
      "cookie_name": "",
      "auth_header_name": "AuthToken",
      "use_certificate": false,
      "validate_signature": false,
      "signature": {
        "algorithm": "",
        "header": "",
        "secret": "",
        "allowed_clock_skew": 0,
        "error_code": 0,
        "error_message": ""
      }
    },
    "basic": {
      "use_param": false,
      "param_name": "",
      "use_cookie": false,
      "cookie_name": "",
      "auth_header_name": "Authorization",
      "use_certificate": false,
      "validate_signature": false,
      "signature": {
        "algorithm": "",
        "header": "",
        "secret": "",
        "allowed_clock_skew": 0,
        "error_code": 0,
        "error_message": ""
      }
    }
  },
  "strip_auth_data": false
}

Thank @ahmet for the clarification.

Lets say that I use both Basic Auth and Auth Token as auth methods to secure my API, and I create Keys for the same. Can you tell me how I can access the API using the credentials (That i created via Keys tab in the dashboard). The website - Multiple Auth talks only about how to set up the API via Dashboard or via API definition, but not about how one can make a call to the API via a API Client (Like Postman or Thunder Client)?

Hey, the exact method depends on the client you are using.

For some guidance on postman, this thread below might be useful to you.

The postman support forums are a good place to find out more about using a client to access your api.

1 Like

Hi @James. The functionality seems to be working flawlessly. Thanks for the Support, as the Postman Support Forum and StackOverflow helped me to understand how the request is sent to Tyk Gateway for validation.
Steps followed:

  1. Select Auth Token as the Authentication method.
  2. Generate a Key for the API with Auth Token as the Authentication method.
  3. Store the Key ID somewhere for later use.
  4. Select Basic Auth as the Authentication method.
  5. Generate username and password for Basic Auth as the Authentication method.
  6. Encode both the values in the format (username:password) to obtain base64 value using https://www.base64encode.org/.
  7. Store the encoded base64 value somewhere for later use.
  8. Now Select Multiple Authentication mechanism as the Authentication method and choose Basic Auth and Auth Token as the methods.
  9. Rename the Authentication headers as Authentication1 and Authentication2 respectively and choose any one as the Base Identity Provider.
  10. Now open Postman or any other API Client and Include headers as Authentication1 and Authentication2 duly giving the values in the format: curl --location --request GET “http://127.0.0.1:8080/own-api/tasks” --header “Authentication1: Bearer eyJvcmciOiI2MTEwZDJjODU2YTJhYzAwMDE3YTZmMzEiLCJpZCI6IjgyZGNjMGJmYzM2ODQ1N2ZiNjdkMjQ5ODk5ZDhiMmM2IiwiaCI6Im11cm11cjY0In0=” --header "Authentication2: Basic cHJhc2hhbnRoOnF3ZXJ0eUAxMjM="

Hope this helps the community in the future.

Regards,
Prashanth