The Tyk Cloud stack has now been updated to the latest version of the software, key changes that have been added in this version and to be aware of:
- Limited multi-target support on a per-version basis, you can see this in the versions section of your API. Round Robin LB and Service Discovery are not supported.
- Centralised JWT keys are now supported, you can now set a single shared secret on an API to validate inbound requests.
- Centralised JWT keys need an
identity field
that identifies the user within the Claims of the JWT, this will fallback tosub
if not found. This field forms the basis of a new “internal” token that gets used after validation, it means policy attributes are carried forward through Tyk for attribution purposes and throttling. - Centralised JWT keys also need a
policy field name
which sets the policy to apply to the internal key - JWT headers now support “Bearer xxxx”-style auth headers
- HMAC authentication now supports an alternate header (
x-aux-date
) for clients that do not provide a date header, this header is checked first before reverting to theDate
field - Added more default tags for better segmentation: key-{key-id}, org-{org-id} and api-{apiid} can now be used as tags to lock down the analytics filter in the dashboard.
- HMAC support re-written and updated to the latest spec (v5) - this is a potential breaking change as date headers are no longer base64 encoded
- HMAC:
request-target
now supported - HMAC:
headers
signature field is now supported (this meansDigest
can be included)
If you experience any issues with you Tyk Cloud configuration please let us know as soon as possible.
Martin & The Tyk Team.