Tyk does not validate OAS

odmehb · July 8, 2025, 9:09am

Hi,

I’m running into an issue where tyk is not willing to validate my request based on one of my OAS files, and I cannot figure out why.

This OAS file is the example specification of swagger. (My other OAS files are being processed correctly)

github.com

swagger-api/swagger-petstore/blob/master/src/main/resources/openapi.yaml

openapi: 3.0.4
info:
  title: Swagger Petstore - OpenAPI 3.0
  description: |-
    This is a sample Pet Store Server based on the OpenAPI 3.0 specification.  You can find out more about
    Swagger at [https://swagger.io](https://swagger.io). In the third iteration of the pet store, we've switched to the design first approach!
    You can now help us improve the API whether it's by making changes to the definition itself or to the code.
    That way, with time, we can improve the API in general, and expose some of the new features in OAS3.

    Some useful links:
    - [The Pet Store repository](https://github.com/swagger-api/swagger-petstore)
    - [The source API definition for the Pet Store](https://github.com/swagger-api/swagger-petstore/blob/master/src/main/resources/openapi.yaml)
  termsOfService: https://swagger.io/terms/
  contact:
    email: [email protected]
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0.html
  version: 1.0.27-SNAPSHOT
externalDocs:

This file has been truncated. show original

My API Config:

{
  "name": "apibin-test2",
  "slug": "apibin-test2",
  "listen_port": 0,
  "protocol": "",
  "enable_proxy_protocol": false,
  "api_id": "apibin-test2",
  "org_id": "",
  "use_keyless": true,
  "use_oauth2": false,
  "external_oauth": {
    "enabled": false,
    "providers": null
  },
  "use_openid": false,
  "openid_options": {
    "providers": null,
    "segregate_by_client": false
  },
  "oauth_meta": {
    "allowed_access_types": null,
    "allowed_authorize_types": null,
    "auth_login_redirect": ""
  },
  "auth": {
    "name": "",
    "use_param": false,
    "param_name": "",
    "use_cookie": false,
    "cookie_name": "",
    "disable_header": false,
    "auth_header_name": "Authorization",
    "use_certificate": false,
    "validate_signature": false,
    "signature": {
      "algorithm": "",
      "header": "",
      "use_param": false,
      "param_name": "",
      "secret": "",
      "allowed_clock_skew": 0,
      "error_code": 0,
      "error_message": ""
    }
  },
  "auth_configs": null,
  "use_basic_auth": false,
  "basic_auth": {
    "disable_caching": false,
    "cache_ttl": 0,
    "extract_from_body": false,
    "body_user_regexp": "",
    "body_password_regexp": ""
  },
  "use_mutual_tls_auth": false,
  "client_certificates": null,
  "upstream_certificates": null,
  "pinned_public_keys": null,
  "enable_jwt": false,
  "use_standard_auth": false,
  "use_go_plugin_auth": false,
  "enable_coprocess_auth": false,
  "custom_plugin_auth_enabled": false,
  "jwt_signing_method": "",
  "jwt_source": "",
  "jwt_identity_base_field": "",
  "jwt_client_base_field": "",
  "jwt_policy_field_name": "",
  "jwt_default_policies": null,
  "jwt_issued_at_validation_skew": 0,
  "jwt_expires_at_validation_skew": 0,
  "jwt_not_before_validation_skew": 0,
  "jwt_skip_kid": false,
  "scopes": {
    "jwt": {},
    "oidc": {}
  },
  "idp_client_id_mapping_disabled": false,
  "jwt_scope_to_policy_mapping": null,
  "jwt_scope_claim_name": "",
  "notifications": {
    "shared_secret": "",
    "oauth_on_keychange_url": ""
  },
  "enable_signature_checking": false,
  "hmac_allowed_clock_skew": 0,
  "hmac_allowed_algorithms": null,
  "request_signing": {
    "is_enabled": false,
    "secret": "",
    "key_id": "",
    "algorithm": "",
    "header_list": null,
    "certificate_id": "",
    "signature_header": ""
  },
  "base_identity_provided_by": "",
  "definition": {
    "enabled": false,
    "name": "",
    "default": "",
    "location": "",
    "key": "",
    "strip_path": false,
    "strip_versioning_data": false,
    "fallback_to_default": true,
    "versions": null
  },
  "version_data": {
    "not_versioned": true,
    "default_version": "",
    "versions": {
      "Default": {
        "name": "Default",
        "expires": "",
        "paths": {
          "ignored": null,
          "white_list": null,
          "black_list": null
        },
        "use_extended_paths": true,
        "extended_paths": {
          "persist_graphql": null,
          "size_limits": []
        },
        "global_headers": null,
        "global_headers_remove": null,
        "global_headers_disabled": false,
        "global_response_headers": null,
        "global_response_headers_remove": null,
        "global_response_headers_disabled": false,
        "ignore_endpoint_case": false,
        "global_size_limit": 0,
        "override_target": ""
      }
    }
  },
  "uptime_tests": {
    "check_list": null,
    "config": {
      "expire_utime_after": 0,
      "service_discovery": {
        "use_discovery_service": false,
        "query_endpoint": "",
        "use_nested_query": false,
        "parent_data_path": "",
        "data_path": "",
        "port_data_path": "",
        "target_path": "",
        "use_target_list": false,
        "cache_disabled": false,
        "cache_timeout": 0,
        "endpoint_returns_list": false
      },
      "recheck_wait": 0
    }
  },
  "proxy": {
    "preserve_host_header": false,
    "listen_path": "/apibin-test2/",
    "target_url": "https://petstore3.swagger.io/",
    "disable_strip_slash": false,
    "strip_listen_path": true,
    "enable_load_balancing": false,
    "target_list": null,
    "check_host_against_uptime_tests": false,
    "service_discovery": {
      "use_discovery_service": false,
      "query_endpoint": "",
      "use_nested_query": false,
      "parent_data_path": "",
      "data_path": "",
      "port_data_path": "",
      "target_path": "",
      "use_target_list": false,
      "cache_disabled": false,
      "cache_timeout": 0,
      "endpoint_returns_list": false
    },
    "transport": {
      "ssl_insecure_skip_verify": false,
      "ssl_ciphers": null,
      "ssl_min_version": 0,
      "ssl_max_version": 0,
      "ssl_force_common_name_check": false,
      "proxy_url": ""
    }
  },
  "disable_rate_limit": true,
  "disable_quota": true,
  "custom_middleware": {
    "pre": [
      {
        "name": "RequestLogger",
        "path": "",
        "require_session": false,
        "raw_body_only": false
      }
    ],
    "post": null,
    "post_key_auth": null,
    "auth_check": {
      "disabled": false,
      "name": "",
      "path": "",
      "require_session": false,
      "raw_body_only": false
    },
    "response": [
      {
        "name": "HttpResponseHook",
        "path": "",
        "require_session": false,
        "raw_body_only": false
      }
    ],
    "driver": "grpc",
    "id_extractor": {
      "disabled": false,
      "extract_from": "",
      "extract_with": "",
      "extractor_config": null
    }
  },
  "custom_middleware_bundle": "",
  "custom_middleware_bundle_disabled": false,
  "cache_options": {
    "cache_timeout": 0,
    "enable_cache": false,
    "cache_all_safe_requests": false,
    "cache_response_codes": null,
    "enable_upstream_cache_control": false,
    "cache_control_ttl_header": "",
    "cache_by_headers": null
  },
  "session_lifetime": 3600,
  "session_lifetime_respects_key_expiration": true,
  "active": true,
  "internal": false,
  "auth_provider": {
    "name": "",
    "storage_engine": "",
    "meta": null
  },
  "session_provider": {
    "name": "",
    "storage_engine": "",
    "meta": null
  },
  "event_handlers": {
    "events": null
  },
  "enable_batch_request_support": false,
  "enable_ip_whitelisting": false,
  "allowed_ips": null,
  "enable_ip_blacklisting": false,
  "blacklisted_ips": null,
  "dont_set_quota_on_create": true,
  "expire_analytics_after": 0,
  "response_processors": null,
  "CORS": {
    "enable": false,
    "allowed_origins": null,
    "allowed_methods": null,
    "allowed_headers": null,
    "exposed_headers": null,
    "allow_credentials": false,
    "max_age": 0,
    "options_passthrough": false,
    "debug": false
  },
  "domain": "",
  "certificates": null,
  "do_not_track": false,
  "enable_context_vars": false,
  "config_data": null,
  "config_data_disabled": false,
  "tag_headers": null,
  "global_rate_limit": {
    "disabled": true,
    "rate": 0,
    "per": 0
  },
  "strip_auth_data": false,
  "enable_detailed_recording": false,
  "graphql": {
    "enabled": false,
    "execution_mode": "",
    "version": "",
    "schema": "",
    "type_field_configurations": null,
    "playground": {
      "enabled": false,
      "path": ""
    },
    "engine": {
      "field_configs": null,
      "data_sources": null,
      "global_headers": null
    },
    "proxy": {
      "auth_headers": null,
      "request_headers": null,
      "use_response_extensions": {
        "on_error_forwarding": false
      }
    },
    "subgraph": {
      "sdl": ""
    },
    "supergraph": {
      "subgraphs": null,
      "merged_sdl": "",
      "global_headers": null,
      "disable_query_batching": false
    },
    "introspection": {
      "disabled": false
    }
  },
  "analytics_plugin": {},
  "tags": null,
  "detailed_tracing": false,
  "is_oas": true
}

My x-tyk-api-gateway addition at the end of my OAS file:

"x-tyk-api-gateway": {
    "info": {
      "id": "apibin-test2",
      "name": "apibin-test2",
      "state": {
        "active": true
      }
    },
    "upstream": {
      "url": "https://petstore3.swagger.io/"
    },
    "server": {
      "listenPath": {
        "value": "/apibin-test2/",
        "strip": true
      }
    },
    "middleware": {
      "operations": {
        "updatePet": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "addPet": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "findPetsByTags": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "getPetById": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "updatePetWithForm": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "deletePet": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "uploadFile": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "getInventory": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "placeOrder": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "getOrderById": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "deleteOrder": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "createUser": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "createUsersWithListInput": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "loginUser": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "logoutUser": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "getUserByName": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "updateUser": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        },
        "deleteUser": {
          "allow": {
            "enabled": true
          },
          "validateRequest": {
            "enabled": true,
            "errorResponseCode": 422
          }
        }
      }
    }
  }

Again, the rest of the OAS files with the same structure work just fine.
Please help me spot the error here.

Thanks,
Robert

Andres_Tubelleja_III · July 10, 2025, 8:58am

Hi Robert,

Welcome to the community! Thanks for posting this question and for sharing all the details.

Based on what you’ve shared, it looks like the API is still configured as a classic API, even though is_oas is set to true. Heads up: doing so doesn’t make it a Tyk OAS API.
It’s also possible that you’ve fetched this definition via GET /tyk/apis, so please let us know if we’re mistaken.
As such, to help us understand this better, could you explain what you’re trying to achieve here? We’d appreciate it if you could provide us with detailed steps to follow so we can also replicate it on our end.
Kindly include requests you’re making, errors you’re getting, logs showing these errors, or the responses being received, if available.

You also mentioned that other OAS files are working – would it be possible to share one full working spec that validates correctly? Seeing the complete definition (not just the extracted portions) would help us compare formatting and content with definitions that face errors.

Lastly, kindly indicate the versions you are using for Gateway and Dashboard.

Best,
Andres