New to Tyk


#1

Imported Google Group message. Original thread at: https://groups.google.com/forum/#!topic/tyk-community-support/4aj1LJtMN24 Import Date: 2016-01-19 21:36:57 +0000.
Sender:John Brosan.
Date:Thursday, 17 December 2015 16:14:24 UTC.

Hello everyone,

I am currently evaluating Tyk for use in our organization. I am new to API Gateways and to pure API development as well. I was able to get Tyk up and running, and have it handle a small test API.
What I am interested in is having Tyk handle our user management such as login and access to our APIs. I know that this is possible, but I am unsure how to go about this. I’ve been reading around found information on organisations and users, but I am not clear if this is for allowing access to the API or just to the dashboard. Once I understand that, can I extend the User to include more information about the user?

I apologize since I am sure that this has been asked many times in the past. I must have missed it. Once I get a handle on it I would be more than happy to write up some documentation and provide it to Tyk.

Thanks in advance,
John


#2

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 17 December 2015 16:27:03 UTC.

Hi John,

Thanks for trying Tyk :slight_smile:

I think for your organisation, you will want to use the developer portal, this is a separate compoenent of the dashboard reserved for developers (in Tyk parlance, users=dashboard admins and developers=API users).

In Tyk, API Keys have no identity information, and there are ways of creating these links within your own software using our REST API, or you can use our developer portal, which lets you create a developer profile (identity), that is linked to tokens that have been generated based on your policies, as published to your API catalogue in the portal. Wit this setup you have an identity, mapped to tokens, mapped to access policies and rules, and those users can enrol themselves to get access to your APIs.

The relevant docs are:
https://tyk.io/dashboard-v0-9/portal/getting-started/

And the quickstarts:
https://tyk.io/v1.9/tutorial/set-up-first-api/
https://tyk.io/v1.9/tutorial/set-up-portal-api/

In terms of how this is all structured, Organisations and Users are admin-level structures - there’s quite a few, so you have:

  • A gateway-level API secret that can control everythin on a Tyk node (Tyk gateway REST API)
  • A super user style API secret that can perform admin actions on the dashboard / advanced API such as creating organisations
  • A super user dashboard user (and token) that can read all data on a system (this is a standard dashboard user and token that is not attached to an organisation)
  • An organisation - simply a few configuration parameters that define a tenant on a Tyk installation, orgs own APIs
  • A user - Users are tethered to Organisations, and can only control APIs, developers and other users in their org
  • A developer - tethered to an org and only able to access the portal
  • A token - these are linked to an org through naming convention and meta data usually a token in tyk is {ORGID}{UUID4}, strictly speaking tokens free-float and belong to nobody, but structure an ownership is enforced via the Dashboard API

Hope that helps :slight_smile:

Cheers,
Martin


#3

Imported Google Group message.
Sender:John Brosan.
Date:Thursday, 17 December 2015 16:40:27 UTC.

Hi Martin,

Thank you so much for clearing that up. It does sound like we want the developer portal. We will be exposing a set of APIs that our in house web apps and iOS Apps will be accessing. We want those users to be able to login with a user name and password. We also want to be able to manage those users. At this point we don’t really want to let anyone enroll themselves, we want to handle that part of it.

I will read up on the documentation you listed links for.

Thanks again for your help. I am sure I will need it again in the not too distant future! LOL

Cheers!
John

  • show quoted text -

#4

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 17 December 2015 16:59:55 UTC.

Hi John,

Glad that helped.

If you have developers making things, you can set up the portal in such a way that if a developer requests access to an API that is published there, the key request is actually put on hold and must then be approved by an administrator, so you can retain control of hat people can and can’t have access to.

Cheers,
Martin

  • show quoted text -

  • show quoted text -


You received this message because you are subscribed to the Google Groups “Tyk Community Support” group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion on the web, visit https://groups.google.com/d/msgid/tyk-community-support/dc126561-aecb-4b55-8ac2-451a11207fe6%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.