So according to that log output, you have one API running under:
Which is protected using a token, so you'll need to generate a token and use that to access Resources that are proxies on the URL above (your 'app').
That token will likely need to be added as an Authorization header in order to allow the request through the gateway.
The logs also state that there's something wrong with the connection string for your policies as it's trying to load them from a file instead of from the dashboard, you'll need to address that if you want to use those.
The health check will need a special secret (which is in the Tyk.conf file), and use it for that api as an X-tyk-authorisation header.