Unable to get the Key details after PUT request

dk1626 · July 20, 2017, 11:27pm

Hi Guys,

I’m getting a 400 error {“Status”:“Error”,“Message”:“Attempted access to non-owned key”,“Meta”:null} when using the dashboard API.

Here are the steps:

POST /api/apis/keys/basic/t3
{
“last_check”: 0,
“allowance”: 1000,
“rate”: 1000,
“per”: 60,
“expires”: 0,
“quota_max”: 10000,
“quota_renews”: 1424543479,
“quota_remaining”: 10000,
“quota_renewal_rate”: 2520000,
“access_rights”: {
“300eeb670c7e4f1173ccc974c30e6890”: {
“api_id”: “56021f64e67843fa4a0278eae158015f”,
“api_name”: “api1”,
“versions”: [
“Default”
]
}
},
“alias”: “t3”,
“basic_auth_data”: {
“password”: “test123”
}
}
Update the key

PUT /api/apis/e3f1bc6e448d474c6460466cb03b3138/keys/596680816b4baf0001780d52tr3

{
“allowance”: 1000,
“rate”: 1000,
“per”: 60,
“quota_max”: 10000,
“access_rights”: {
“e3f1bc6e448d474c6460466cb03b3138”: {
“api_id”: “e3f1bc6e448d474c6460466cb03b3138”,
“api_name”: “api1”,
“versions”: [
“Default”
]
}
}
}

The Key gets updated, but the subsequent requests on the Key fails.
Eg: I’m getting a 400 error {“Status”:“Error”,“Message”:“Attempted access to non-owned key”,“Meta”:null} when i query the key.

GET /api/apis/e3f1bc6e448d474c6460466cb03b3138/keys/596680816b4baf0001780d52tr3

Martin · July 20, 2017, 11:34pm

The issue is the actual object, what version of Tyk Gateway are you running?

dk1626 · July 21, 2017, 12:01am

I have V1.3.6 and V1.3.2 on 2 different instances

Martin · July 21, 2017, 7:38am

I’d suggest updating both to the latest version

dk1626 · July 21, 2017, 8:11pm

I updated it to 1.3.7. The issue still exist. When i add the acces_rights to the body of the PUT request, I get the 200 response, but the subsequent GET requests on the userkey fails.

dk1626 · July 21, 2017, 8:41pm

Tyk Gateway v2.3.7 and Tyk Dashboard v1.3.7

dk1626 · July 21, 2017, 9:06pm

So, after some trial and error, adding Org id to the request body, helped to fix the issue. Thanks for the pointer.
It appears that the PUT request is updating other fields as well that are not sent in the request. It fails my case where i am trying to update the api access only without changing other fields. But it changes other fields like password which is not desirable.

Martin · July 21, 2017, 10:09pm

Ah, I should have noticed that - the API requires the entire object to be sent back, not partial ones. :-/

dk1626 · July 25, 2017, 7:12pm

Thanks. Upgrading and passing in the fill object helps.