Ah - perhaps in other places, but not on keys provisioned for developers:
PUT http://tyk-dashboard:3000/api/portal/requests/approve/5b85c3133dda9100018400dd
authorization: ******************
200 OK
Access-Control-Allow-Credentials: true
Cache-Control: no-store, no-cache, private
Content-Security-Policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
Content-Type: application/json
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Date: Tue, 28 Aug 2018 21:48:03 GMT
Content-Length: 83
{
"Password": "",
"RawKey": "5b859c063dda910001fa1c09c8597d2433b0477dbe5aec571cbb0341"
}