TIB - Use the same profile for many BaseAPIID

fmeriot · May 4, 2016, 8:47am

Hi,

Recently I have create my own custom authentication provider using Tyk Identity Brocker. I just add this new profile in profiles.json of my TIB endpoint :

{ "ActionType": "GenerateTemporaryAuthToken", "ID": "2", "OrgID": "123", "IdentityHandlerConfig": { "DashboardCredential": "xxxx", "DisableOneTokenPerAPI": false, "TokenAuth": { "BaseAPIID": "<MY-API-ID-1>" } }, "MatchedPolicyID":"<My-policy-id>", "ProviderConfig": { "AccessTokenField": "access_token", "ExtractUserNameFromBasicAuthHeader": false, "OKCode": 200, "OKRegex": "", "OKResponse": "", "ResponseIsJson": true, "TargetHost": "<my-custom-auth-endpoint>", "UsernameField": "user_name" }, "ProviderName": "ProxyProvider", "ReturnURL": "", "Type": "passthrough" }

Now that it works fine, i’d like to go on and add some other APIs but how can use this same profile?
Is there a way, when I add a new API, to assign it this TIB profile (id:2 here) ?

Or do I need to add one profile each time I add an API (that is not very nice) ??

Thank you

Martin · May 4, 2016, 10:16am

The BaseAPI is a fallback security setting for tokens that have policy references removed, so in your case, I would suggest to create a dummy API that proxies to nothing / example.com, and use this as your BaseAPI for your profile (just make sure it share the same authentication method as all your other APIs).

Now you create a security policy and set it’s ID as MatchedPolicyID, now when TIB creates a token, it will use the base dummy API as the foundation of the token, and add the matched policy to apply.

Now you can add all your APIs to the policy as and when they come online, and any tokens that have been generated with this profile and any new ones that are generated with this profile will get access instantly.

So use policies to manage access to APIs easily, and have a dummy API (or your first ever published API) as the base API ID.

Nope, but you will need one profile per policy though (sine a policy can encapsulate access to many APIs with set quotas).

fmeriot · May 4, 2016, 1:32pm

Ok, thank you Martin.