Branch/Environment/Version v5.0.0
- Branch/Version: [e.g. Master/Release/Stable/Feature branch] GitHub - TykTechnologies/tyk at v5.0.0
- Environment: [e.g. On-prem/Hybrid/MDCB] On-Prem
Describe the bug
A clear and concise description of what the bug is.
We are running open-source Tyk Gateway to create/manage policies and keys. Also, we are using POST /tyk/keys/ API with "is_inactive": true if we need to block any Key.
However, we have noticed that if someone is continuously performing API Calls (in a while loop without any delays) and in-between Admin sends a request to deactivate a user (set "is_inactive": true) then the Key is not getting inactivated and user is still able to perform API Calls without any issues. The Admin API is not giving any error on the API Call
Further, if the requests received from user are not continuous then we are able to successfully deactivate the API Key.
Our Agenda is to deactivate an API Key on-the-fly but it’s not working for the above mentioned scenario.
Reproduction steps
Steps to reproduce the behaviour:
- Create a API (example:
dev-api) - Create a Key within that API
- Perform API Calls in infinite while loop
while [ true ]
do
echo "started"
curl --location 'http://localhost:9102/submit' --header 'Content-Type: application/json' --header 'Connection: close' --header 'Authorization: TOKEN'
echo "ended"
done
- Using Admin POST
/tyk/keys/<KEY>endpoint set"is_inactive": true - Using Admin GET
/tyk/keys/<KEY>endpoint checkis_inactivevalue in response - it will be still “false”
Actual behaviour
Currently, the API Key is not being deactivated once we set is_inactive=true
Expected behaviour
Ideally, the API Key should be deactivated once we set is_inactive=true
