I would like to evaluate if I can create an API for a data service. Actually, the data is now stored as simple JSON files on web-server with htaccess access restriction.
Is it possible to use tyk API for a modern data access, a so-called “REST API”?
Hi,
Tyk can definitely do what you want to and supports creation of fully RESTful APIs.
I’d advise taking some time to read over our docs at https://www.tyk.io/docs and maybe get started with a free cloud account to get a feel for things. 
Thanks
Josh
Good to hear, thanks.
@Josh : thank you for the link to the first steps and I’ve created a first API. I thought it would be simple, but it ends up in many hours of wasted time: API is not working. This is my case:
Source web server
path is secured with .htaccess
Correct username and
password grant access.
Tyk API
I’ve created a Tyk API with these parameters:
API Creation → Basic Auth ??? is this correct ??? - I don’t know
Keys → Access Rights
The only one access rule added.
Keys → Metadata
Username:Password
But checking with Postman provides errors:
a) GET without
Authorization provides error:
“error”: “Authorization field missing”
OK, now next.
b) GET with so-called “Bearer Token”. I suppose, that the “Bearer Token” is the token I received from Tyk while creating Key. Correct? But I get the following error:
“error”:“Attempted access with malformed header, values not in basic auth format”
c) Next trial: GET with Basic Auth
With same Username and Password that I use for .htaccess.
“error”:“User not authorised”
Until now, creating an API is a hassle for me. The problem is that there are so many
parameters and so many unclear definitions that leaves me completely confused.
Good Morning,
Basic auth is not the simplest authorization mode. If you choose “auth token” for your api then to access it send the “Authorization” header in postman with a key that has access rights for that API.
If you are using basic auth then you need to create a key that has the format Basic base64Encode(username:password) more detail for which you can find here.
However i would stick to the simplest type of auth while you are working things out.
The tutorials here are the best way to get started just in case you had missed them in the docs.
Thanks
Josh
Just to be sure: would you say that “auth token” the same as “bearer token” 
When I make a Postman request directly to my source, I get an response without errors. Okay. 
But when I make an GET - request on tyk-API, I still get the following error:
"error": "Attempted access with malformed header, values not in basic auth format"
I set the Token into the so-called “bearer token” and the GET is for https://NAME.cloud.tyk.io/API-NAME/FILENAME.json
Otherwise, when I remove the FILENAME.json and try to GET for https://NAME.cloud.tyk.io/API-NAME
then I get a different error:
404 page not found
Afterwords, I’ve changed the Authentication mode in API definition back to “Auth token”, but now I get the following error:
"error": "There was a problem proxying the request"
@Josh : Thanks, I’ve followed the instructions, but still receive the following error:
"error": "There was a problem proxying the request"
After hours of experiencing, I found the issue for this error:
The Base Configuration in API Creation must be a full Target URL:
subdomain.domain.com --> does not work 
http://subdomain.domain.com --> works 
Now, I’m happy that this first step works. 
@Josh : In the next step, I would like to make my source secure again. This means to activate .htaccess again. So I need to deposit the login credentials for the source, but I don’t know where. Is the “Endpoint designer” something that I should use?
There is a second consideration: Is it possible to define a MySQL database-source? If yes, where can I find this settings?
The endpoint designer should be what you need. If your server needs the basic auth in a header you can add it there either globally or per API. You should also be able to do URL rewrites if the auth needs to be in the URL.
Another option would be to open up your source and put it behind a firewall that will let the Tyk gateway through.
In terms of MySQL it’s not something i’ve ever heard done but perhaps it would be possible to write some middleware to transform reponses to enable interaction. Honestly though i’m not sure.
Thanks
Josh
So I’ve put my credentials into the Endpoint Designer like this:
Is this the right way?
But testing it with Postman does still not work:
“error”: “User not authorised” 
I’m completely desperated. What is wrong here? Is it possible to provide a step-by-step Guideline?
This is more an issue with what your apache server is expecting for its auth. You need to know exactly what to configure to give it, which unfortunately I don’t know.
You definitely would be adding plaintext username and password information in the headers like you have done. It is more likely to be something like “Authorization”: basic Base64Encoded(username:password).
Sorry I cant be any more help than that.
Does not work. Only when I delete your recommended Authorization, I can access the endpoint.
Can you provide a guide how to setup this accurate?
Result after 17 days: still not possible to make it working. Missing tutorial when endpoint needs Basic Auth.
So, under header name write “Authorization” and under header value write “Basic Base64Encoded(username:password)”
where you have actually base64 encoded your username:password combination.
I think you took me a bit too literally, sorry!
Josh
YES, Perfect !!! - Thank you very much for the appreciated support. Now I am able to access to endpoint.
The only thing that I have to find out now is how to access the end values.
So when I send this URL to tyk:
https://xyz.cloud.tyk.io/Product/ItemA/2017-11-01
the response just delivers
https://xyz.cloud.tyk.io/Product
Is this a URL rewriting issue or is there a option in the API designer that I have to activate?
Even this is solved now (due to a wrong call from postman).
Great Day! Thanks for all !
Glad to help! 
Thanks
Josh
