Good day! We are currently using limit counters with this limiter. When using this limiter, a record is created in Redis with a key of the format “fixed-window + key (not hash!) + api_id + /unix_epoch_time”. In continuation of this topic, a question arose about how to copy the value of this counter to another key (we have a functionality for reissuing keys by the client if the key, for example, was compromised). The problem is that we do not store the key values ourselves, but only their hash, so we cannot find this record of the format “fixed-window + key (not hash!) + api_id + /unix_epoch_time” from Redis.
The question is, is there any way to get this counter somehow? I can only think of:
search all counters by the pattern “fixed-window--api _id”
calculate the hash for each, compare it with the hash saved in our database
get the value by the key, for which the calculated hash matches the hash from our database
And another question, why are these records stored in Redis in the format “fixed-window + key (not hash!) + api_id + /unix_epoch_time”, and not in the format “fixed-window + key_hash + api_id + /unix_epoch_time”? In other counters, the key hash is specified, for example “rate_limit + key_hash” in the RRL.
Could you let us know your version of gateway along with the gateway’s config/environment variables?
Also were you using a different version of Tyk previously? Did you upgrade at any point in time?
I am unable to replicate the fixed-window + key (not hash!) + api_id + /unix_epoch_time key in v5.6.1. I checked Redis and could not find a key prefixed with fixed-window. The only change I can see is with the rate limiter key where the /<UNIX_EPOCH_TIME> is appended e.g. rate-limit-<KEY HASH or KEY_ID>/1733746740000000000
I think providing a sample API definition to replicate would be helpful, as well as confirming if you are using the community edition/OSS version of the gateway?
Regarding the key not being hashed, you may simply just have key hashing is disabled
Hello! We are currently using Tyk OSS 5.3.2. The environment variables specified for this case are - hash_keys and enable_fixed_window_rate_limiter. The setting - enable_non_transactional_rate_limiter is also enabled. The limits are specified in the key defenition at the path: access_rights → api_id → limit → rate/per. As an example, with these settings, a record is formed in Redis in the following format: “fixed-window-8aaac54248024bf991b61ec089b46efc-e16b189a46e24621a5e72c58ba0de9ce/1733752100000000000”, where 8aaac54248024bf991b61ec089b46efc is the key (its hash is 77a4988c), e16b189a46e24621a5e72c58ba0de9ce is the api_id. If you disable enable_fixed_window_rate_limiter and enable enable_redis_rolling_limiter, then records will be formed in Redis according to the pattern you specified.
That’s a bit strange as the fixed window limiter was introduced in v5.4.0
I tried with this config and could not replicate the keys in Redis. If you could share the full config/environment variable then maybe I could get closer to reproducing it. You can provide it as a private message with sensitive info removed.
I asked internally and I am afraid we don’t have a key with the prefix "fixed-window". You may want to doule check Redis isn’t shared with another application