We are facing dashboard-url/api/apis/{api_id} not found while clicking on the synchronize button in the developer portal, also please let me know admin/providers/1/synchronize do developer portal apis need admin/ in the base path ? and how to auth it is it Authorization: Bearer token ?
Unable to use portal APIs as well.
Thanks,
Shahbaz Ali
Can you confirm that the API_ID is present within the dashboard? You can use the dashboard REST API to confirm.
No, they do not. The portal-api is the prefix. You can find out more here
Just the authorization token is fine. No need to add the Bearer prefix
Could you share the logs you observe? Try to strip out any sensitive info.
We have fixed that by removing a policy having that deleted API but we didn’t get how it was deleted from the dashboard and having reference in the policy ?
Thanks for the quick update. Glad to know the issue is resolved.
If you have audit logs enabled, then you may be able to find out
No I mean yes we deleted the API but how it was deleted while it was referenced to a policy or it’s default behavior ?
How did you delete the API definition? Via dashboard UI, REST API or Operator?
I don’t recall there being a built-in safety measure to check if an API definition that’s about to be deleted has a policy linked to it. However, you can use a custom OPA rule to enforce it
deny["Unsafe API Deletion - denied!"] {
# Checks the request intent is to delete the API
request_permission[_] == "apis"
request_intent == "delete"
# Get original API object, before delete
api := TykAPIGet(input.request.path)
# List all policies
policies := json.marshal(TykAPIGet("/api/portal/policies?p=0"))
# Simply checks if api_id found in policies string
# Is it possible that a policy could have the same id as api_id?
# Would be better to "walk" the json and check within the access_rights or access_rights_array
contains(policies, api.api_definition.api_id)
}