Have you reviewed these docs? Tyk APIs
I have thoroughly explored the contents in Tyk APIs.
Thanks for sharing the link, but what I’m trying to seek information about is the architecture of how the APIs, Keys and Policies work together. A holistic look on how they relate to each other in terms of Data structures.
Any insights would be of great help!
@selvamp you can check out our github repo everything about those structures will be in there.
Thanks @zaid for sharing the GitHub Repo link to Tyk.
If you may provide some links to Tyk docs, it would be easily for myself to comprehend.
Have a look in Key Concepts to begin with then a deeper dive from Security Policies and other sections within Security
Although it may seem basic, this guide can also be helpful, as it moves through the api/key/policy relationship. i.e. it shows how a policy is effectively a template that can apply to/override a key.
In fact, we always recommend following the ‘getting started’ tutorial from start to finish, as it introduces the concepts behind Tyk.
Thanks @Pete and @James for the reply.
I have extensively read all the docs pertaining to what you’ve shared in the previous posts.
The issue is that I’m not able to picture holistically as to how keys and policies are linked to each other or the relationship between them. Because, in the definition of Policies, there is a key “access_rights” wherein we can mention what all APIs need to be enforced with this Policy. Same is the case with Keys and APIs, but I’m unable to understand the link between Policies and Keys.
Hope you can provide some info on that. It would really help!
A key is either based on a policy or has its own access rights to APIs. Not both.
Policies are the templates that set the defaults for keys that are based on them. You can override the defauls in the key if you choose but the metadata, limits and quotas will be inherited from the policy or policies. The access rights to APIs are determined in the policy or policies attached to the key. This has the advantage of being able to update all the keys attached to a policy by updating the policy itself rather than each key individually.
You can also create keys that do not reference a policy and therefore you have to select the API they have access rights for. Nothing is inherited because there are no policies attached.
This gives me a brief idea on the relationship between the various entities.
Thanks and Regards,
Hi @selvamp, you might want to check this forum response Cannot make a Policy to rate limit an API - #11 by zaid.
There is a “apply_policies” property that a key can have.
This post will surely help me in figuring out the DS and relationship between Keys and Policies.
Thanks & Regards,