I've looked into your account, and think I know what is wrong:
Your APIs are configured with very specific listen paths that are case sensitive, e.g.
/eventsrealtime/ in Tyk Cloud, which means your managed URLS would be:
- Or, if you have the NGinX settings enabled to handle URL rewrites in your hybrid agent (I wouldn't tackle this yet), then:
Now your swagger definitions are pointing directly at your API on your custom domain, under paths such as
/EventsFullNoGeo/, which I think is a real endpoint name: If I visit this URL directly (as specified by your Swagger), I get a Windows server response that is not being in any way protected by Tyk, but I still get a 403 status code because the response is not allowed (probably because it's not actually a public endpoint).
Your API Definitions all have
*.local targets, so the only way to reach them is with a hybrid agent, assuming you have hybrid running, then you should be able to target this API via:
(for testing, this is a good place to start).
This means that CORS is the least of your problems, since your routing is totally off at the moment. and those requests from the swagger interface will never work since the 403 response that the CORS pre-flight is complaining about is coming from IIS, and not Tyk (we do not run Windows servers), and since Tyk isn't managing that request, it can't inject the required CORS headers to allow the pre-flight to pass.
I hope that helps a bit, I think the overall routing configuration is the problem here, I'd suggest:
- Remove the Authentication from Tyk for now (for teting), less things to go wrong like wrong keys
- Ensure you have Hybrid running (see our quickstart for Hybrid, it shows you how to handle a demo request)
- Once you have requests working with postman or Curl, then come back here and we'll talk about setting up the built-in NginX host to allow for friendly URLs