Tyk key hashing usage

Hi guys,

I tried Tyk, very useful, easy to config, love it!

I’m working with open source Tyk Gateway for a POC.
I’m using key hashing for better security, in combination with partitioned policies for fine-grained control over API keys.

I have an issue with key hashing that need help to clarify.

When creating an API key, I specify only “expires” field, traffic control config are enforced within partitioned policies (for rate limit, quota limit, and access control).

The issues are:

  1. Afaik, when using hashing keys, I can’t update them on the fly with those fields that are not enforced within partitioned policies

    E.g. I can’t update key’s “expires” field -> Please correct me if I’m wrong

  2. Assumed that I set “quota_renewal_rate” to be 1 year, then the first time I make an API call though Tyk, the “quota_renews” will be calculated as 1 year after that time.

    Now If I want to change the “quota_renewal_rate” to be 1 month period, I update the partitioned policy that enforced the quota limit, set it to be 1 month.

    The “quota_renewal_rate” field is updated as expected, but we’ll have to wait until the first reset (after 1 year) for the new quota setting to applied.

    Please suggest me some ways to overcome this issue.

  3. Due to 2 issues above, I may have to switch back to default API key mechanism (without hashing), so that I can update the key with Tyk Gateway API: PUT /tyk/keys/{keyID}

    We run Tyk in a secured environment (trust me we can consider it secured), so we might not be afraid of key compromising.

Please help me explain some pros and cons of key hashing based on your experience.

Many thanks,
Hino