Why the list of keys for an api is always null?


#1

Imported Google Group message. Original thread at: https://groups.google.com/forum/#!topic/tyk-community-support/qiG_588LSNE Import Date: 2016-01-19 21:42:31 +0000.
Sender:Daniele Motta.
Date:Friday, 8 January 2016 09:51:59 UTC.

When I get the list of keys for a specific api it always return {“data”:{“keys”:[]},“pages”:0}. I’m using the Advanced Management API, but if I get details of key using /api/apis/{api-id}/keys/{key-id} it return key info.
That’s wrong?

Daniele


#2

Imported Google Group message.
Sender:Martin Buhr.
Date:Friday, 8 January 2016 10:50:12 UTC.

Hi Daniele,

The way Tyk creates keys is in a pattern: {OrgId}{UUIDv4}, the header is used to organise keys by organisation, key listing uses this header as a filter to pull active keys from Tyk. However, when keys are hashed (by default enabled in Tyk), then this header is obscured and a secure listing cannot be achieved, keys need to be queried independently (which is why the GUI doesn’t list keys in this mode, you must search).

To get it to work, you will need to switch to unhashed mode n both the gateway and the dashboard, and regenerate your keys. The keys will no longer be encrypted, but they will be listable.

It’s a trade-off. Even if they were listable in hashed mode, you would only see the hashes, since the actual key is only visible once: at creation.

Cheers,
Martin

Cheers,
Martin

  • show quoted text -