Using Tyk to inject additional auth details

We have a set of legacy APIs that I’m trying to unite behind a single Tyk Gateway.

Each has its own set of authentication methods, with keys for each user.

What I’d like to be able to do is have a mechanism such as:

  1. Request comes in to the Gateway, Tyk authenticates.
  2. End-API key is looked up from storage
  3. Request is passed to the End-API using the key from storage

Is this something that Tyk is suited for, or am I trying to stretch it too far?

Hi

This is straightforward to do with Tyk - there a few different options depending on your implementation but something like a post-auth python plugin could do the job. We’ve got some docs around an example here https://tyk.io/docs/customise-tyk/plugins/rich-plugins/python/custom-auth-python-tutorial/

Thanks
Josh

Thanks Josh,

As a somewhat-related follow up, is it also possible to use middleware to alter the destination of the request itself?

For example, to use the value of a URL to decide which end-server the request goes to.

Eg:

/api/AB123456 -> ab.server/api/123456
/api/XY123456 -> xy.server/api/123456

Yes you can trigger url rewrite on a whole host of factors - the docs are here https://tyk.io/docs/transform-traffic/url-rewriting/

Thanks,

Can the two be combined? For example, using a Python library to specify how the query is rewritten?

You can expose the request variables to python plugins so yes you can easily alter the request in any way you want in the middleware.

Thanks. Regarding the library part, there is no mention of installing libraries in the doc - is there a way to do that by packaging them?

Using the basic Python that gets built with the binary I dont think so. gRPC used with a richer python plugin is likely the best way to this.

https://tyk.io/docs/customise-tyk/plugins/rich-plugins/grpc/

Just in case anybody else is searching, I was able to install libraries using pip in the container. This is mentioned here: