Tyk Identity Broker integration with Keycloak and Tyk Community Edition


We are in the process of evaluating Tyk for our API gateway use cases. We are using Tyk community edition for our evaluation. One of our main requirements is to have SSO with Open ID Connect. We are using Keycloak as OpenID Connect provider in our environment. Going through the README content in the git repo of Tyk Identity Broker, we understand that TIB requires:

Tyk Gateway v1.9.1+
Tyk Dashboard v0.9.7.1+ (Only if you want to do SSO to Tyk Dashbaord UI or Tyk Developer Portal)

Tyk Dashboard being optional, we are assuming that Tyk Identity Broker could be leveraged along with Tyk Community Edition to fulfill our requirement. However, the Tyk documentation mentions that Internally the TIB uses the Dashboard SSO APIs for implementing Tyk Gateway API flows such as OAuth access tokens, and regular API tokens. Which are not available in the community edition.

Can we integrate Tyk Identity Broker with Tyk community edition? If yes, are there any limitations when compared to integration with Tyk Pro edition?

Thanks in advance,
Suresh Charan


If I’m understanding your post you’re just looking to authenticate APIs using OpenID Connect, and Keycloak is your IDP. In which case you don’t need to use the Tyk Identity broker. If you have a read specifically of this documentation: Tyk: Integrate with OIDC which has a diagram showing the auth/data flow, and neither the Dashboard or the Tyk Identity Broker are involved.

While I can’t say I personally have tested this (it is on my ToDo list thoough), I actually see no need for the Dashboard or TiB for pure API authentication.

Best Regards,


I have been trying to Authorize my apis using tyk gateway community edition and keycloak as our OIDC, i have followed up the documentation and there is a part where i need to link my policy ID to my client id, i have looked at the tyk gateway apis list and found no api for creating Tyk policies. could you elaborate the process of creating a policy using apis


There’s no API for this, but you can add policies to a json file to be loaded and then you can reference them by ID in your OpenID setup.

There’s a section on this in our documentation here, Tyk: Policies Guide, on the gateway config needed and adding policies to that text file.

Hope that helps!

Best Regards,