I have created a TYK API end-point using TYK cloud. I want my TYK end-point to request data from a non-TYK API end-point which requires an authorisation token.
I have defined the non-TYK API end-point in the “Target Url” form in the “API designer” section. I thought that the authorisation data for the non-TYK API end-point could be included as payload somewhere in the TYK API end-point definition - e.g. from somewhere like in the “Advanced Options” within the “API designer” but doesn’t seem to be the case.
Is the above possible or does TYK cloud assume that target API URLs are only open?
If I am not wrong, authorization data are normally passed via the header. If you pass the required key and value through the tyk-gateway, then tyk will forward that accordingly to your non-tyk api endpoint.
Unless you perform some sort of transformation, it should just work as expected.
Hi @Olu, thanks for your reply and nice to be part of the TYK community!
If I understand this correctly your solution suggests to amend my existing TYK API end-point to include an authorisation key which is submitted by the client in the TYK API header during the request. Does this mean that the authorisation key in the non-TYK API end-point should match the TYK API authorisation key? That’s how I interpret it.
No, not necessarily. Unless they both have the same header key name and you are also performing an auth at the Tyk APIM layer.
If they don’t have the same header keys, then you can pass both at the client side. For example, supposing tyk auth key is Authorization and the backend auth key is x-api-key. The x-api-key will reach the target url. However, this would be exposing the upstream auth key at the client side.
However, if you simply just want to hardcode an auth data in the body somewhere in Tyk then you can use a Body Transformation plugin.
If the body transformation does not meet your requirement, then you could use a custom plugin to achieve your goal.