Tyk REST API Security


#1

Imported Google Group message. Original thread at: https://groups.google.com/forum/#!topic/tyk-community-support/mN8FG6-5c5g Import Date: 2016-01-19 21:09:19 +0000.
Sender:Marcelo.
Date:Friday, 10 April 2015 03:31:02 UTC+1.

Hi everyone!

What’s the most practical approach to restrict access to Tyk REST API only to a specific ip address?

Example:

http://server:5000/API_ID/method -> public
http://server:5000/tyk/keys/ -> allow only with a specific IP address

How do you implemented? Any suggestions?

Thanks in advance!


#2

Imported Google Group message.
Sender:Martin Buhr.
Date:Friday, 10 April 2015 06:12:24 UTC+1.

NGinX is your friend here, if you are exposing your API via Tyk you’ll most likely want the gateway to run on a subdomain or something similar per API (so you don’t need to expose the API ID).

As part of the location record that handles the upstream proxy yu could put directives to block access to the REST API by IP.

Hope that helps,

Thanks,
Martin