Policy based body transform


#1

I am using Tyk 2.3.3. Tyk JWT authentication, rate limit, transforms are working fine for me.

What we have is an API services with an endpoints returning all possible information of our system. I need to return only specific information based on the user policy in the JWT.

Is there a way to get the JWT claim policy in the response transform? Using that i can multiplex my endpoint response or filter out endpoint response.


#2

Hi @sairam866,

I’m not entirely sure if this is possible. Have you considered creating a single API with multiple endpoints and creating a different policy for each one? I expect that you will probably want to write some middleware to handle this as well.

Kind regards,
Jess @ Tyk


#3

@jess
My consideration is I dont want to change my legacy API. Even if I could it would lead to redundant endpoint with just different (filtered or stripped) responses.

Say actual my end point returns

{
“key1”:“val1”,
“key2”:“val2”,
“key3”:“val3”
}

I have specific case where I need to return key1 and key2 for one customer, key2 and key3 for another and so.

I can assign different policy to each customer and based on the policy can I dynamically change the response body in production without having to do any change to my API. Tyk config change alone shall suffice.

Tyk body transform golang templates does the job for me. But I just need the policy to the available in the response chain back to the caller. Policy is available in the session. Can I get the session data in response chain to do the required transformation? Can I use some name space?

Also middleware doc says it works on the request chain? I think it cannot used for the response processing. Please correct me if I am wrong.


#4

Hi @sairam866,

I don’t think that you will be able to achieve this without making at least some changes to the endpoints listed in your API. In this case, the most straight forward option probably would be to create multiple endpoints that perform a different response body transformation on that particular JSON response and then to assign different policies to each endpoint.

Using middleware may actually overcomplicate matters somewhat so this probably isn’t the solution you’d want to attempt (apologies if my mentioning it earlier confused things). It may be possible to write middleware which, based on the policy used, could return a 301 redirect to a particular endpoint which would itself perform the correct body transform but this would simply add another step to the method I outlined earlier and isn’t a common approach.

I hope that helps somewhat and apologies if this isn’t exactly the solution you would have preferred.

Kind regards,
Jess @ Tyk