Upgrade from Tyk 1.7 to 2.1

Hello !

I’m evaluating the possibility to upgrade from Tyk 1.7 to 2.1. We are using tyk-gateway (no dashboard, no MongoDB, API definition in json file in the apps folder).

I read the following docs (https://tyk.io/docs/tyk-api-gateway-v1-9/upgrading-to-tyk-gateway-v1-9/ and https://tyk.io/docs/tyk-api-gateway-v-2-0/upgrading-to-tyk-v2-0/) and added “enable_jsvm”: true to my tyk.conf.

Tyk 2.1 is starting fine (no WARN or ERROR) but when I try to call the first API it doesn’t seem to check for the Authorization header:

with tyk 1.7:

curl -i 'http://localhost:8082/mobile/v1/devices'
HTTP/1.1 400 Bad Request
Content-Type: application/json
X-Generator: tyk.io
Date: Fri, 03 Jun 2016 08:16:25 GMT
Content-Length: 46

{
    "error": "Authorization field missing"
}

with tyk 2.1:

curl -i 'http://localhost:9082/mobile/v1/devices'
HTTP/1.1 404 Not Found
Content-Language: fr
Content-Length: 1039
Content-Type: text/html;charset=utf-8
Date: Fri, 03 Jun 2016 08:16:31 GMT
Server: Apache-Coyote/1.1
X-Ratelimit-Limit: 0
X-Ratelimit-Remaining: 0
X-Ratelimit-Reset: 0

<!DOCTYPE html><html><head><title>Apache Tomcat/8.0.33 - Rapport d''erreur</title>

This is my API definition:

{
    "name": "mobile_api_auth",
    "api_id": "1",
    "org_id": "",
    "definition": {
        "location": "header",
        "key": "version"
    },
    "auth": {
        "auth_header_name": "Authorization"
    },
    "version_data": {
        "not_versioned": true,
        "versions": {
            "Default": {
                "name": "Default",
                "expires": "3000-01-02 15:04",
                "use_extended_paths": true,
                "extended_paths": {
                    "ignored": [],
                    "white_list": [
                                {"path":"/users/mobiles","method_actions":{"GET":{"action":"no_action"},"PUT":{"action":"no_action"}}},                        
                                {"path":"/users/devices","method_actions":{"GET":{"action":"no_action"}}},                        
                                {"path":"/users/scripts","method_actions":{"GET":{"action":"no_action"}}},                        
                                {"path":"/users/peripherals","method_actions":{"GET":{"action":"no_action"}}},                        
                                {"path":"/scripts","method_actions":{"POST":{"action":"no_action"},"PUT":{"action":"no_action"},"DELETE":{"action":"no_action"}}},                        
                                {"path":"/peripherals","method_actions":{"POST":{"action":"no_action"},"PUT":{"action":"no_action"},"DELETE":{"action":"no_action"}}},                        
                                {"path":"/data/push","method_actions":{"POST":{"action":"no_action"}}},                        
                                {"path":"/devices","method_actions":{"GET":{"action":"no_action"},"PUT":{"action":"no_action"}}},                        
                                {"path":"/authentication/refreshToken","method_actions":{"POST":{"action":"no_action"}}}                        ],
                    "black_list": []
                }
            }
        }
    },
    "proxy": {
        "listen_path": "/mobile/v1/",
        "target_url": "http://med.dev.hub.docapost.io:8080/mediation-mobile/v1/",
        "strip_listen_path": true
    },
    
    "custom_middleware": {
        "post": [
            {
                "name": "getUserIdMiddleware",
                "path": "/USR/newtprod/tyk/middleware/getUserIdCCUMiddleware.js",
                "require_session": true
            }
        ]
    },
    
    "enable_batch_request_support": false
}

Any idea of what can be wrong here ?

Thank you !

Not that I can see - might be worth comparing it to the tutorial for CE, there’s a vanilla demo api definition there:

https://tyk.io/docs/tyk-api-gateway-v-2-0/tutorials/set-up-your-first-api/

They look very similar, so I’m not sure what could be causing the issue.

Yep, it’s based on that example !

I can’t understand why Tyk is forwarding my request without checking the header and without putting the good target_url.

What can I do to find more information (I tried --debug with no luck) ? Maybe removing the custom_middleware ?

What’s the tyk log output say when you start the tyk 2.1 process? When it loads it will tell you the security model it is using for each live API.

I removed all API description except one and it’s working with that one:

curl -i 'http://localhost:9082/mobile/v1/devices'
HTTP/1.1 400 Bad Request
Content-Type: application/json
X-Generator: tyk.io
Date: Fri, 03 Jun 2016 14:31:26 GMT
Content-Length: 46

{
    "error": "Authorization field missing"
}

And the log output:

[Jun  3 16:31:17]  INFO Connection dropped, connecting..
[Jun  3 16:31:17]  INFO host-check-mgr: Starting Poller
[Jun  3 16:31:18] DEBUG main: Enabling debug-level output
[Jun  3 16:31:18] DEBUG main: Initialising default org store
[Jun  3 16:31:18] DEBUG Connecting to redis cluster
[Jun  3 16:31:18] DEBUG Redis pool already INITIALISED
[Jun  3 16:31:18] DEBUG Connecting to redis cluster
[Jun  3 16:31:18] DEBUG Redis pool already INITIALISED
[Jun  3 16:31:18]  INFO main: Setting up Server
[Jun  3 16:31:18]  INFO main: --> Standard listener (http)
[Jun  3 16:31:18]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mobile_api_auth.json
[Jun  3 16:31:18] DEBUG Connecting to redis cluster
[Jun  3 16:31:18] DEBUG Redis pool already INITIALISED
[Jun  3 16:31:18] DEBUG Subscription started: tyk.cluster.notifications
[Jun  3 16:31:18] DEBUG INITIALISING EVENT HANDLERS
[Jun  3 16:31:18] DEBUG Checking for transform paths...
[Jun  3 16:31:18] DEBUG Checking for transform paths...
[Jun  3 16:31:18]  INFO main: Detected 1 APIs
[Jun  3 16:31:18] DEBUG main: Loading API configurations.
[Jun  3 16:31:18] DEBUG Connecting to redis cluster
[Jun  3 16:31:18] DEBUG Redis pool already INITIALISED
[Jun  3 16:31:18]  INFO main: --> Loading API: mobile_api_auth
[Jun  3 16:31:18]  INFO main: ----> Tracking: (no host)
[Jun  3 16:31:18] DEBUG Storage Engine already initialised...
[Jun  3 16:31:18] DEBUG Redis handles: 1
[Jun  3 16:31:18] DEBUG Storage Engine already initialised...
[Jun  3 16:31:18] DEBUG Redis handles: 1
[Jun  3 16:31:18] DEBUG Health Checker initialised.
[Jun  3 16:31:18] DEBUG Connecting to redis cluster
[Jun  3 16:31:18] DEBUG Redis pool already INITIALISED
[Jun  3 16:31:18] DEBUG Connecting to redis cluster
[Jun  3 16:31:18] DEBUG Redis pool already INITIALISED
[Jun  3 16:31:18] DEBUG main: ----> Loading Middleware
[Jun  3 16:31:18] DEBUG main: Loading custom POST-PROCESSOR middleware: getUserIdMiddleware
[Jun  3 16:31:18]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdCCUMiddleware.js
[Jun  3 16:31:18]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:31:18] DEBUG Connecting to redis cluster
[Jun  3 16:31:18] DEBUG Redis pool already INITIALISED
[Jun  3 16:31:18]  INFO main: ----> Checking security policy: Token
[Jun  3 16:31:18] DEBUG URL Rewrite enabled
[Jun  3 16:31:18] DEBUG main: ----> Custom middleware processed
[Jun  3 16:31:18] DEBUG main: ----> Rate limits available at: /mobile/v1/tyk/rate-limits/
[Jun  3 16:31:18] DEBUG main: ----> Setting Listen Path: /mobile/v1/
[Jun  3 16:31:18]  INFO host-check-mgr: Loading uptime tests...
[Jun  3 16:31:18] DEBUG host-check-mgr: --- Setting tracking list up
[Jun  3 16:31:18] DEBUG host-check-mgr: Reset initiated
[Jun  3 16:31:18] DEBUG [HOST CHECKER] Checker reset queued!
[Jun  3 16:31:18] DEBUG main: Loading policies
[Jun  3 16:31:18] DEBUG main: No policy record name defined, skipping...
[Jun  3 16:31:18]  INFO main: Gateway started (v2.1.0.2)
[Jun  3 16:31:18]  INFO main: --> Listening on port: 9082
[Jun  3 16:31:26] DEBUG Request size limiter active
[Jun  3 16:31:26] DEBUG Global limit is: 0
[Jun  3 16:31:26]  INFO Attempted access with malformed header, no auth header found. origin=[ path=/mobile/v1/devices
[Jun  3 16:31:26] DEBUG Returning error header
[Jun  3 16:31:26] DEBUG Adding Healthcheck to: 1.BlockedRequest
[Jun  3 16:31:26] DEBUG Val is: -1
[Jun  3 16:31:26] DEBUG Incrementing raw key: 1.BlockedRequest
[Jun  3 16:31:26] DEBUG keyName is: 1.BlockedRequest
[Jun  3 16:31:26] DEBUG Now is:2016-06-03 16:31:26.776404527 +0200 CEST
[Jun  3 16:31:26] DEBUG Then is: 2016-06-03 16:30:26.776404527 +0200 CEST
[Jun  3 16:31:26] DEBUG Returned: 0
[Jun  3 16:31:27] DEBUG [STORE] Getting WAS: PollerActiveInstanceID
[Jun  3 16:31:27] DEBUG Input key was: host-checker:PollerActiveInstanceID
[Jun  3 16:31:27] DEBUG [STORE] Getting: host-checker:PollerActiveInstanceID
[Jun  3 16:31:27] DEBUG Input key was: host-checker:PollerActiveInstanceID
[Jun  3 16:31:27] DEBUG host-check-mgr: Primary instance set, I am master
[Jun  3 16:31:27] DEBUG [STORE] SET Raw key is: PollerActiveInstanceID
[Jun  3 16:31:27] DEBUG Input key was: host-checker:PollerActiveInstanceID
[Jun  3 16:31:27] DEBUG [STORE] Setting key: host-checker:PollerActiveInstanceID
[Jun  3 16:31:27] DEBUG Input key was: host-checker:PollerActiveInstanceID
[Jun  3 16:31:27] DEBUG Input key was: host-checker:PollerActiveInstanceID
[Jun  3 16:31:29] DEBUG [HOST CHECKER] Host list reset
[Jun  3 16:31:37] DEBUG [STORE] Getting WAS: PollerActiveInstanceID
[Jun  3 16:31:37] DEBUG Input key was: host-checker:PollerActiveInstanceID
[Jun  3 16:31:37] DEBUG [STORE] Getting: host-checker:PollerActiveInstanceID
[Jun  3 16:31:37] DEBUG Input key was: host-checker:PollerActiveInstanceID
[Jun  3 16:31:37] DEBUG host-check-mgr: Primary instance set, I am master
[Jun  3 16:31:37] DEBUG [STORE] SET Raw key is: PollerActiveInstanceID
[Jun  3 16:31:37] DEBUG Input key was: host-checker:PollerActiveInstanceID
[Jun  3 16:31:37] DEBUG [STORE] Setting key: host-checker:PollerActiveInstanceID
[Jun  3 16:31:37] DEBUG Input key was: host-checker:PollerActiveInstanceID
[Jun  3 16:31:37] DEBUG Input key was: host-checker:PollerActiveInstanceID

But when I start with all my API definitions:

[Jun  3 16:34:44]  INFO Connection dropped, connecting..
[Jun  3 16:34:44]  INFO main: Setting up Server
[Jun  3 16:34:44]  INFO main: --> Standard listener (http)
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_adminhub_datastore_access_oauth2.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_adminhub_datastore_all_type_objects_oauth2.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_adminhub_datastore_devices_oauth2.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_adminhub_datastore_tokenApi_oauth2.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_adminhub_datastore_utilisateurs_devices_oauth2.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_adminhub_datastore_utilisateurs_oauth2.json
[Jun  3 16:34:44]  INFO host-check-mgr: Starting Poller
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_adminhub_mediation_external_action_oauth2.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_adminhub_mediation_external_data_oauth2.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_adminhub_provisioning_external_objects_oauth2.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_adminhub_provisioning_peripheriques_oauth2.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_api_docs_basic.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_api_external_authorize_oauth2.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_api_external_data_oauth2.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_api_external_objects_oauth2.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_dashboard_create_script_simple_auth.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_dashboard_update_script_simple_auth.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_dashboard_update_script_state_auth.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_datastore_all_type_objects_oauth2.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_datastore_conf_mobile_keyless.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_datastore_mgen_external_ndr_hmac.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_datastore_user_all_devices_auth.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_datastore_user_all_scripts_auth.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_datastore_user_mobile_auth.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_external_api_docs_basic.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_external_api_docs_mock_basic.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_external_api_mock_hmac.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_kibana_basic.json
[Jun  3 16:34:44]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_authentication_mobile_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_check_token_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_data_push2_auth.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_data_push_auth.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_external_action_oauth2.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_external_authorize_oauth2.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_external_data_oauth2.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_fitbit_callback_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_fitbit_push_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_image_push_auth.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_lora_push_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_mgen_tactio_push_hmac.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_monitor_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_myfox_push_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_myfoxhomealarm_callback_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_myfoxhomecontrol_callback_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_netatmo_callback_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_netatmo_push_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_partner_get_basic_basic.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_partner_push_basic.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_partner_push_hmac.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_philips_hue_callback_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_refresh_token_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_sigfox_push_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_withings_callback_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mediation_withings_push_keyless.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_mobile_api_auth.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_provisioning_api_auth.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_provisioning_eboutique_push_domino_user_addr_hmac.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_provisioning_external_objects_oauth2.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_provisioning_mgen_new_vivoptim_hmac.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_provisioning_mobile_devices_auth.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_provisioning_vsmp_cgu_hmac.json
[Jun  3 16:34:45]  INFO Loading API Specification from /tmp/tyk.linux.amd64-2.1.0.2/apps/app_provisioning_vsmp_contract_hmac.json
[Jun  3 16:34:45]  INFO main: Detected 61 APIs
[Jun  3 16:34:45]  INFO main: --> Loading API: adminhub_datastore_access_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: adminhub_datastore_all_type_objects_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: adminhub_datastore_devices_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: adminhub_datastore_tokenApi_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: adminhub_datastore_utilisateurs_devices_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: adminhub_datastore_utilisateurs_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: adminhub_mediation_external_action_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: adminhub_mediation_external_data_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: adminhub_provisioning_external_objects_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: adminhub_provisioning_peripheriques_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: api_docs_basic
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Basic
[Jun  3 16:34:45]  INFO main: --> Loading API: api_external_authorize_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: api_external_data_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: api_external_objects_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: dashboard_create_script_simple_auth
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdCCUMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Token
[Jun  3 16:34:45]  INFO main: --> Loading API: dashboard_update_script_simple_auth
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdCCUMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Token
[Jun  3 16:34:45]  INFO main: --> Loading API: dashboard_update_script_state_auth
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdCCUMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Token
[Jun  3 16:34:45]  INFO main: --> Loading API: datastore_all_type_objects_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: datastore_conf_mobile_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: datastore_mgen_external_ndr_hmac
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: HMAC
[Jun  3 16:34:45]  INFO main: --> Loading API: datastore_user_all_devices_auth
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdCCUMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Token
[Jun  3 16:34:45]  INFO main: --> Loading API: datastore_user_all_scripts_auth
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdCCUMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Token
[Jun  3 16:34:45]  INFO main: --> Loading API: datastore_user_mobile_auth
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdCCUMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Token
[Jun  3 16:34:45]  INFO main: --> Loading API: external_api_docs_basic
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Basic
[Jun  3 16:34:45]  INFO main: --> Loading API: external_api_docs_mock_basic
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Basic
[Jun  3 16:34:45]  INFO main: --> Loading API: external_api_mock_hmac
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: HMAC
[Jun  3 16:34:45]  INFO main: --> Loading API: kibana_basic
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Basic
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_authentication_mobile_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_check_token_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_data_push2_auth
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdCCUMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Token
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_data_push_auth
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdCCUMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Token
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_external_action_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_external_authorize_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_external_data_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_fitbit_callback_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_fitbit_push_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_image_push_auth
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdCCUMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Token
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_lora_push_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_mgen_tactio_push_hmac
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: HMAC
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_monitor_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_myfox_push_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_myfoxhomealarm_callback_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_myfoxhomecontrol_callback_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_netatmo_callback_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_netatmo_push_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_partner_get_basic_basic
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Basic
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_partner_push_basic
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Basic
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_partner_push_hmac
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: HMAC
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_philips_hue_callback_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_refresh_token_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_sigfox_push_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_withings_callback_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mediation_withings_push_keyless
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Open
[Jun  3 16:34:45]  INFO main: --> Loading API: mobile_api_auth
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdCCUMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Token
[Jun  3 16:34:45]  INFO main: --> Loading API: provisioning_api_auth
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Token
[Jun  3 16:34:45]  INFO main: --> Loading API: provisioning_eboutique_push_domino_user_addr_hmac
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: HMAC
[Jun  3 16:34:45]  INFO main: --> Loading API: provisioning_external_objects_oauth2
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: OAuth
[Jun  3 16:34:45]  INFO main: --> Loading API: provisioning_mgen_new_vivoptim_hmac
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: HMAC
[Jun  3 16:34:45]  INFO main: --> Loading API: provisioning_mobile_devices_auth
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdCCUMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: Token
[Jun  3 16:34:45]  INFO main: --> Loading API: provisioning_vsmp_cgu_hmac
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: HMAC
[Jun  3 16:34:45]  INFO main: --> Loading API: provisioning_vsmp_contract_hmac
[Jun  3 16:34:45]  INFO main: ----> Tracking: (no host)
[Jun  3 16:34:45]  INFO jsvm: Loading JS File: /USR/newtprod/tyk/middleware/getUserIdTykMiddleware.js
[Jun  3 16:34:45]  INFO jsvm-logmsg: GetUserId middleware initialised type=log-msg
[Jun  3 16:34:45]  INFO main: ----> Checking security policy: HMAC
[Jun  3 16:34:45]  INFO host-check-mgr: Loading uptime tests...
[Jun  3 16:34:45]  INFO main: Gateway started (v2.1.0.2)
[Jun  3 16:34:45]  INFO main: --> Listening on port: 9082

And :

curl -i 'http://localhost:9082/mobile/v1/devices'
HTTP/1.1 404 Not Found
Content-Language: fr
Content-Length: 1039
Content-Type: text/html;charset=utf-8
Date: Fri, 03 Jun 2016 14:34:50 GMT
Server: Apache-Coyote/1.1
X-Ratelimit-Limit: 0
X-Ratelimit-Remaining: 0
X-Ratelimit-Reset: 0

<!DOCTYPE html><html><head><title>Apache Tomcat/8.0.33 - Rapport d''erreur</title

Something is wrong with one of my files obviously.

Do you have any open APIs?

I have a feeling that the URL muxer is loosely matching an open API when you smarter your closed URL, if the listen paths are similar this can happen.

Yes I have some keyless API.

With almost the same listen path I have:

app_mediation_authentication_mobile_keyless.json:        "listen_path": "/mobile/v1/authentication/"
app_mobile_api_auth.json:        "listen_path": "/mobile/v1/"

And I’m trying to call the last one.

Try removing the open API to see if your auth header comes back - that will be what is causing the problem. You may need to re-order your API list to make sure that the other API loss first.

Ok I found the culprit !

When I add the following API definition it starts behaving strangely:

{
    "name": "mediation_monitor_keyless",
    "api_id": "1",
    "org_id": "",
    "definition": {
        "location": "header",
        "key": "version"
    },
    "use_keyless": true,
    "auth": {
    },
    "version_data": {
        "not_versioned": true,
        "versions": {
            "Default": {
                "name": "Default",
                "expires": "3000-01-02 15:04",
                "use_extended_paths": true,
                "extended_paths": {
                    "ignored": [],
                    "white_list": [],
                    "black_list": []
                }
            }
        }
    },
    "proxy": {
        "listen_path": "/",
        "target_url": "http://localhost:8080/",
        "strip_listen_path": true
    },
    "enable_batch_request_support": false
}

It looks like a severe issue to me (Tyk is not protecting my backend anymore). Do you want me to open an issue ? And maybe another for the packaging issue ?

This path is being matched first, which is causing the issue - yu will need to change the load order of the definitions so it comes last (try renaming the file)

We mediate against this with sort orders in pro, and you can manage lod order by just renaming the file in CE to be loaded last.

It’s a known issue - and it will only expose your keyless API, not your whole back end (notice the original request that got through returned a 404)

So we’re aware of it, but there’s no need for an issue to be raised because it’s not strictly a bug, and the packaging issue is already on our roadmap.

Ok but it’s definitively working differently than in 1.7 and it’s confusing to have to order our files (I’m pretty sure that I will forget that in a few months).

Thanks for helping me to sort it out !

Totally understand, It’s something we need to investigate more - we don’t sort by length of listen path by default, might be something we need to investigate kore

New day, new issue !

In 1.7:

curl -i -H 'Authorization: Bearer c782218c-40f1-4616-80a1-e96fcd190b63' 'http://localhost:8082/mobile/v1/users/mobiles'
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8

In 2.1:

curl -i -H 'Authorization: Bearer c782218c-40f1-4616-80a1-e96fcd190b63' 'http://localhost:9082/mobile/v1/users/mobiles'
HTTP/1.1 403 Forbidden
Content-Type: application/json
X-Generator: tyk.io
Date: Mon, 06 Jun 2016 09:24:30 GMT
Content-Length: 37

{
    "error": "Key not authorised"
}

I can see in logs that Tyk is stripping the “Bearer” at the start of the Authorization header:

1.7:
DEBU[0147] [STORE] Getting WAS: Bearer c782218c-40f1-4616-80a1-e96fcd190b63
DEBU[0147] Input key was: apikey-Bearer c782218c-40f1-4616-80a1-e96fcd190b63

2.1:
[Jun 6 11:11:25] DEBUG [STORE] Getting WAS: c782218c-40f1-4616-80a1-e96fcd190b63
[Jun 6 11:11:25] DEBUG Input key was: apikey-c782218c-40f1-4616-80a1-e96fcd190b63

Is there something that I can do about that ? How to upgrade without downtime ?

Hah - that’s actually a new feature, Tyk now works with bearer tokens as-is, you can’t switch this off unfortunately, it was a change to make Tyk’s standard bearer token similar to other bearer tokens, so Tyk will work with or without the bearer keyword.

When you created these tokens, did you create them with the bearer prefix?

You could re-create the tokens in Tyk without the bearer prefix, as it looks like they are custom anyway?

So to do it without downtime, you need to GET each token, then POST it to the key endpoint without the Bearer prefix, this will create a duplicate key with the same session settings.

That’s really the only solution I can think of.

M.

Yep we created these tokens with “Bearer”. We will create again the key without “Bearer” to ensure a proper migration.

Thanks for the confirmation !

1 Like

Me, again !

Today we had an issue with HMAC handling by Tyk. It looks like the algorithm has changed between 1.7 and 2.1.

Unfortunately it’s a showstopper for a fast migration towards Tyk 2.1, we can’t ask our customers to change their algorithm.

For reference that script worked on Tyk 1.7 but not in 2.1:

#!/bin/bash
function urlencode() {
  echo -n "$1" | perl -MURI::Escape -ne 'print uri_escape($_)' | sed "s/%20/+/g"
}

date="$(LC_ALL=C date -u +"%a, %d %b %Y %X %Z")"
encoded_date=`urlencode "${date}"`
signature=`echo -n "date:${encoded_date}" | openssl sha1 -binary -hmac "test"|base64`
url_encoded_signature=`urlencode "${signature}"`

echo "date: $date"
echo "encoded date: $encoded_date"
echo "signature: $signature"
echo "url_encoded_signature: $url_encoded_signature" 

The result:
date: Thu, 09 Jun 2016 15:20:42 UTC
encoded date: Thu%2C+09+Jun+2016+15%3A20%3A42+UTC
signature: UUQJMRAD1gPaoMUv234dOTzNRBw=
url_encoded_signature: UUQJMRAD1gPaoMUv234dOTzNRBw%3D

When I try the new function in Tyk (https://play.golang.org/p/8idLVPsgk7) I have:
EncodedString:QodkXbIMtNp4sykzvmtUofDOGuI=
Escaped String:QodkXbIMtNp4sykzvmtUofDOGuI%3D

This is correct, 2.0 introduced a much more RFC compliant algorithm:

http://tools.ietf.org/html/draft-cavage-http-signatures-05

:confounded:

So how can we migrate from 1.7 to 2.1 ?

Do you have any customer that have successfully migrate to Tyk 2.1 ?