Imported Google Group message. Original thread at: Redirecting to Google Groups Import Date: 2016-01-19 21:22:46 +0000.
Date:Monday, 7 September 2015 14:59:15 UTC+1.
We’ve released version 1.8.2 of Tyk and version 0.9.6.2 of the dashboard.
This update is small, but fixes a few bugs, but most importantly makes another feature a lot saner.
In previous versions of Tyk and the dashboard, Portal API Catalogue Entries were tied to single APIs and Policies. This made little sense, since Policies can grant access to multiple underlying services. It caused two problems:
You couldn’t create tiers where a developer had access to the same API with multiple keys but different tiers of access (not so important, but irritating)
Tracking what APIs a user had access to was unclear, since only a single API would be tracked in the developer record, since a policy could grant access to many, those other APIs would not be listable.
Because policies weren’t linked to key requests, managing key policies (specifically user upgrade paths, tier 1 → tier 2 → tier 3) became problematic without generating new tokens for users.
This version introduces a change to catalogue entries, the change does not break backwards compatibility, your old portal entries and key requests will continue to work. As of this version, key requests will be tagged as “v2”, and no longer be linked to an API ID, instead they will be aligned with a Policy ID. The same goes for catalogue entries, adding a new API to the catalogue no longer requires an explicit API link, but do require a policy link. All new catalogue entries will use this new format by default.
What this means in a practical sense is this:
You can now easily create multiple catalogue entries that grant tiered access to the same underlying APIs and developers can hold keys across all of those tiers (should you wish to allow that)
Developer profile pages now list all the APIs that their granted token policies give them access to (much better for reporting)
You can now list developers by subscribed policy or by subscribed API using the Tyk REST API
Most importantly, we have added an in-place upgrade path for developers to move from one policy to the next using the same key in a hashed (secure) system. This means that it is now possible to securely swap the policy ID in a hashed key using the dashboard, enabling API owners to easily move users from free, to paid access (for example) on the same key, without needing to know their raw API token.
This is subtle change, but creates a much more scalable API Management and on-boarding workflow for portal users.
Downloads are here: Release Tyk v1.8.2 and Dashboard v0.9.6.2 · TykTechnologies/tyk · GitHub and all the docker containers have built.
Any questions, issues, or bribes can be sent to me directly, enjoy!