I would like to evaluate if I can create an API for a data service. Actually, the data is now stored as simple JSON files on web-server with htaccess access restriction.
Is it possible to use tyk API for a modern data access, a so-called “REST API”?
The user should be able to request API for a specific data, i.e “item 1” of “product 1”. The API should provide the requested data file. I would like to know if tyk is the right service to create such kind of service?
@Josh : thank you for the link to the first steps and I’ve created a first API. I thought it would be simple, but it ends up in many hours of wasted time: API is not working. This is my case:
Source web server
path is secured with .htaccess
Correct username and
password grant access.
Tyk API
I’ve created a Tyk API with these parameters:
API Creation → Basic Auth ??? is this correct ??? - I don’t know
Keys → Access Rights
The only one access rule added.
Keys → Metadata
Username:Password
But checking with Postman provides errors:
a) GET without
Authorization provides error:
“error”: “Authorization field missing”
OK, now next.
b) GET with so-called “Bearer Token”. I suppose, that the “Bearer Token” is the token I received from Tyk while creating Key. Correct? But I get the following error:
“error”:“Attempted access with malformed header, values not in basic auth format”
c) Next trial: GET with Basic Auth
With same Username and Password that I use for .htaccess.
“error”:“User not authorised”
Until now, creating an API is a hassle for me. The problem is that there are so many parameters and so many unclear definitions that leaves me completely confused.
Basic auth is not the simplest authorization mode. If you choose “auth token” for your api then to access it send the “Authorization” header in postman with a key that has access rights for that API.
If you are using basic auth then you need to create a key that has the format Basic base64Encode(username:password) more detail for which you can find here.
However i would stick to the simplest type of auth while you are working things out.
The tutorials here are the best way to get started just in case you had missed them in the docs.
Just to be sure: would you say that “auth token” the same as “bearer token” When I make a Postman request directly to my source, I get an response without errors. Okay.
But when I make an GET - request on tyk-API, I still get the following error: "error": "Attempted access with malformed header, values not in basic auth format"
I set the Token into the so-called “bearer token” and the GET is for https://NAME.cloud.tyk.io/API-NAME/FILENAME.json
Otherwise, when I remove the FILENAME.json and try to GET for https://NAME.cloud.tyk.io/API-NAME
then I get a different error: 404 page not found
Afterwords, I’ve changed the Authentication mode in API definition back to “Auth token”, but now I get the following error: "error": "There was a problem proxying the request"
After hours of experiencing, I found the issue for this error:
The Base Configuration in API Creation must be a full Target URL: subdomain.domain.com --> does not work http://subdomain.domain.com --> works
@Josh : In the next step, I would like to make my source secure again. This means to activate .htaccess again. So I need to deposit the login credentials for the source, but I don’t know where. Is the “Endpoint designer” something that I should use?
There is a second consideration: Is it possible to define a MySQL database-source? If yes, where can I find this settings?
The endpoint designer should be what you need. If your server needs the basic auth in a header you can add it there either globally or per API. You should also be able to do URL rewrites if the auth needs to be in the URL.
Another option would be to open up your source and put it behind a firewall that will let the Tyk gateway through.
In terms of MySQL it’s not something i’ve ever heard done but perhaps it would be possible to write some middleware to transform reponses to enable interaction. Honestly though i’m not sure.
This is more an issue with what your apache server is expecting for its auth. You need to know exactly what to configure to give it, which unfortunately I don’t know.
You definitely would be adding plaintext username and password information in the headers like you have done. It is more likely to be something like “Authorization”: basic Base64Encoded(username:password).