diff --git a/.github/workflows/lint-swagger.yml b/.github/workflows/lint-swagger.yml index 358e04c0033..efdacc3d415 100644 --- a/.github/workflows/lint-swagger.yml +++ b/.github/workflows/lint-swagger.yml @@ -1,17 +1,103 @@ +# yamllint disable rule:line-length rule:truthy +--- +name: "Lint swagger schema" + on: pull_request: - branches: - - master - - release-** + paths: + - 'swagger.yml' jobs: - test_swagger_editor_validator_remote: + redocly_validator: + runs-on: ubuntu-latest + name: Validate the swagger with redocly cli + + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + - name: Validate OpenAPI definition with redocly + run: | + npm install @redocly/cli -g + redocly lint swagger.yml --config=redocly.yml + + diff_swagger: + name: Diff swagger yaml for comment runs-on: ubuntu-latest - name: Swagger Editor Validator Remote steps: - - uses: actions/checkout@v2 - - name: Validate OpenAPI definition - uses: char0n/swagger-editor-validate@v1 + - name: Use GitHub Token + env: + TOKEN: ${{ secrets.ORG_GH_TOKEN }} + run: > + git config --global url."https://${TOKEN}@github.com".insteadOf "https://github.com" + + - name: Checkout repo + uses: TykTechnologies/github-actions/.github/actions/checkout-pr@main + with: + token: ${{ secrets.ORG_GH_TOKEN }} + + - name: Setup Golang + uses: actions/setup-go@v5 + with: + go-version: '1.22.x' + + - name: Install dyff binary + run: | + # this is the upstream, missing -w (trim whitespace) + # curl --silent --location https://git.io/JYfAY | bash + git clone --depth=1 https://github.com/aoktox/dyff + cd dyff && go install ./cmd/... + + - name: Set up comment author + run: | + git config --local user.email "github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + + - name: Collect + run: | + cp swagger.yml swagger-current.yml + + git checkout -- . + git fetch --depth=1 origin ${{ github.base_ref }} + git checkout ${{ github.base_ref }} + + cp swagger.yml swagger-prev.yml + + - name: Diff + id: api-check + run: | + set +e + dyff between -c on --ignore-whitespace-changes -i swagger-prev.yml swagger-current.yml + dyff between -c off --ignore-whitespace-changes -i swagger-prev.yml swagger-current.yml | egrep -v '^ . ' | sort > changes.txt + + LINE_COUNT=$(wc -l < changes.txt) + + echo "diff-output<> $GITHUB_OUTPUT + if [ $LINE_COUNT -gt 200 ]; then + echo "Changes in swagger.yml too large (line count ${LINE_COUNT}), check CI lint action for differences" >> $GITHUB_OUTPUT + else + cat changes.txt >> $GITHUB_OUTPUT + fi + echo "EOF" >> $GITHUB_OUTPUT + + - name: Find Comment + uses: peter-evans/find-comment@v2 + id: fc + with: + issue-number: ${{ github.event.pull_request.number }} + comment-author: 'github-actions[bot]' + body-includes: Swagger Changes + + - name: Create or update comment + uses: peter-evans/create-or-update-comment@v3 with: - definition-file: swagger.yml + comment-id: ${{ steps.fc.outputs.comment-id }} + issue-number: ${{ github.event.pull_request.number }} + body: | + Swagger Changes + ```diff + ${{ steps.api-check.outputs.diff-output || 'no api changes detected' }} + ``` + edit-mode: replace diff --git a/.redocly.lint-ignore.yaml b/.redocly.lint-ignore.yaml new file mode 100644 index 00000000000..a857f850644 --- /dev/null +++ b/.redocly.lint-ignore.yaml @@ -0,0 +1,42 @@ +# We have an external Swagger file that we use for Tyk OAs Endpoints this file ignores that external file +# We have ambiguous-paths that would require to change the endpoint that the gateway level. +#Those are also ignored (Currently only one of those exists) +swagger.yml: + no-ambiguous-paths: + - '#/paths/~1tyk~1apis~1oas~1{apiID}' + no-invalid-media-type-examples: + - >- + #/paths/~1tyk~1apis~1oas/get/responses/200/content/application~1json/schema + - '#/paths/~1tyk~1apis~1oas/post/requestBody/content/application~1json/schema' + - >- + #/paths/~1tyk~1apis~1oas~1{apiID}/get/responses/200/content/application~1json/schema + - >- + #/paths/~1tyk~1apis~1oas~1{apiID}/put/requestBody/content/application~1json/schema + - >- + #/paths/~1tyk~1apis~1oas~1{apiID}/patch/requestBody/content/application~1json/schema + - >- + #/paths/~1tyk~1apis~1oas~1import/post/requestBody/content/application~1json/schema +https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json: + spec: + - '#/id' + - '#/$schema' + - '#/patternProperties' + - '#/definitions' + - '#/definitions/Info/patternProperties' + - '#/definitions/Contact/patternProperties' + - '#/definitions/License/patternProperties' + - '#/definitions/ExternalDocumentation/patternProperties' + - '#/definitions/Server/patternProperties' + - '#/definitions/ServerVariable/patternProperties' + - '#/definitions/Tag/patternProperties' + - '#/definitions/Paths/patternProperties' + - '#/definitions/Components/patternProperties' + - '#/definitions/Components/properties/schemas/patternProperties' + - '#/definitions/Components/properties/responses/patternProperties' + - '#/definitions/Components/properties/parameters/patternProperties' + - '#/definitions/Components/properties/examples/patternProperties' + - '#/definitions/Components/properties/requestBodies/patternProperties' + - '#/definitions/Components/properties/headers/patternProperties' + - '#/definitions/Components/properties/securitySchemes/patternProperties' + - '#/definitions/Components/properties/links/patternProperties' + - '#/definitions/Components/properties/callbacks/patternProperties' diff --git a/docs/swagger.md b/docs/swagger.md new file mode 100644 index 00000000000..e7b85797b53 --- /dev/null +++ b/docs/swagger.md @@ -0,0 +1,34 @@ +# Tyk API Documentation + +The **Tyk API Documentation** is an OpenAPI specification that outlines the endpoints you can call on the gateway. + +## Notes + +The current OAS version is **v3.0.3**, generated from gateway **v5.6.0**. + +We are currently using OpenAPI Specification version **v3.0.3**. + +For linting the OAS, we use Redocly. You can install Redocly from [here](https://github.com/Redocly/redocly-cli). + +## How the OAS was generated + +We used the Go library [openapi-go](https://github.com/swaggest/openapi-go) because: +1. It supports generating OAS for version **v3.0.3** (there are not many Go libraries that produce OAS v3.0.3). +2. It is highly customizable, allowing you to define how each field is generated. +3. It lets you write the generation code as functions, making it easier to read and maintain. + +## How to generate the Swagger.yml file + +1. Ensure that Redocly is installed on your system. You can install Redocly from [here](https://github.com/Redocly/redocly-cli). +2. Clone the gateway repository and check out the branch [generate-swagger](https://github.com/TykTechnologies/tyk/tree/generate-swagger). +3. Navigate to the directory [swagger/cmd](https://github.com/TykTechnologies/tyk/tree/generate-swagger/swagger/cmd). This directory contains a Makefile with a rule (`generate`) used to generate the swagger.yml file. +4. Run the command `make generate` in this directory. +5. After running this command, a `swagger.yml` file containing all the gateway endpoints will be generated in the same directory. +6. What the `make generate` command does: + - The command is defined as: `rm -f swagger.yml && go run main.go && redocly lint swagger.yml`. + - It first removes the existing `swagger.yml` file (if any), generates a new `swagger.yml` file, and finally lints the file using Redocly. + +## File Structure + +1. In the Swagger folder, there is a file for each OAS tag (e.g., cache tag, key tag, etc.). If you want to add a new endpoint, add it to its specific tag. +2. The `cmd` directory contains the `main.go` file (used to call all the generation functions), a Makefile, and the generated `swagger.yml` file. diff --git a/redocly.yml b/redocly.yml new file mode 100644 index 00000000000..272922aee5d --- /dev/null +++ b/redocly.yml @@ -0,0 +1,56 @@ +rules: + #Special rules + no-unresolved-refs: error + no-unused-components: warn + security-defined: error + spec: error + spec-components-invalid-map-name: error #All the fixed fields declared below are objects that MUST use keys that match the regular expression + spec-strict-refs: error + #info + info-contact: warn + info-license: warn + info-license-url: warn + #Operations + operation-operationId: error + operation-operationId-unique: error + operation-operationId-url-safe: error + operation-summary: error + operation-2xx-response: error + operation-4xx-response: error + operation-description: error + #Parameters + no-invalid-parameter-examples: + severity: error + allowAdditionalProperties: false + operation-parameters-unique: error + #parameter-description: error #uncomment this + path-declaration-must-exist: error + path-parameters-defined: error + #path rules + no-ambiguous-paths: error + no-http-verbs-in-paths: + severity: warn + splitIntoWords: true + no-identical-paths: error + no-path-trailing-slash: error + + #Requests, Responses, and Schemas rules + no-enum-type-mismatch: error + no-example-value-and-externalValue: error + no-invalid-media-type-examples: + severity: error + allowAdditionalProperties: false + #scalar-property-missing-example: + #severity: warn + no-invalid-schema-examples: + severity: error + allowAdditionalProperties: false + #Server rules + no-empty-servers: error + no-server-trailing-slash: error + no-undefined-server-variable: error + #Tags rules + operation-singular-tag: error + #operation-tag-defined: error + + diff --git a/swagger.yml b/swagger.yml index 10d1b2c9629..a4a63660ff7 100644 --- a/swagger.yml +++ b/swagger.yml @@ -1,4053 +1,7856 @@ -openapi: 3.0.0 +openapi: 3.0.3 info: - title: Tyk Gateway API - version: 5.5.0 - description: |- + contact: + email: support@tyk.io + name: Tyk Technologies + url: https://tyk.io/contact + description: |+ The Tyk Gateway API is the primary means for integrating your application with the Tyk API Gateway system. This API is very small, and has no granular permissions system. It is intended to be used purely for internal automation and integration. **Warning: Under no circumstances should outside parties be granted access to this API.** The Tyk Gateway API is capable of: - * Managing session objects (key generation) - * Managing and listing policies - * Managing and listing API Definitions (only when not using the Dashboard) - * Hot reloads / reloading a cluster configuration - * OAuth client creation (only when not using the Dashboard) - + * Managing session objects (key generation). + * Managing and listing policies. + * Managing and listing API Definitions (only when not using the Tyk Dashboard). + * Hot reloads / reloading a cluster configuration. + * OAuth client creation (only when not using the Tyk Dashboard). - In order to use the Gateway API, you'll need to set the `secret` parameter in your tyk.conf file. + In order to use the Gateway API, you'll need to set the **secret** parameter in your tyk.conf file. The shared secret you set should then be sent along as a header with each Gateway API Request in order for it to be successful: - ``` - x-tyk-authorization: - ``` + **x-tyk-authorization: ***
+ The Tyk Gateway API is subsumed by the Tyk Dashboard API in Pro installations. + + license: + name: Mozilla Public License Version 2.0 + url: https://github.com/TykTechnologies/tyk/blob/master/LICENSE.md + title: Tyk Gateway API + version: 5.6.0 servers: - - url: 'http://localhost/' - - url: 'https://localhost/' +- url: https://{tenant} + variables: + tenant: + default: localhost:8080 + description: Your gateway host +security: +- api_key: [] tags: - - name: Keys - description: |- - All keys that are used to access services via Tyk correspond to a session object that informs Tyk about the context of this particular token, like access rules and rate/quota allowance. - - name: Policies - description: |- - A Tyk security policy incorporates several security options that can be applied to an API key. It acts as a template that can override individual sections of an API key (or identity) in Tyk. - - name: OAuth - description: |- - Manage OAuth clients, and manage their tokens - - name: Cache Invalidation - description: |- - Sometimes a cache might contain stale data, or it may just need to be cleared because of an invalid configuration. This call will purge all keys associated with a cache on an API-by-API basis. - - name: Hot Reload - description: - Force restart of the Gateway or whole cluster - - name: Health Checking - description: Check health status of the Gateway and loaded APIs - - name: Organisation Quotas - description: |- - It is possible to force API quota and rate limit across all keys that belong to a specific organisation ID. Rate limiting at an organisation level is useful for creating tiered access levels and trial accounts. - The Organisation rate limiting middleware works with both Quotas and Rate Limiters. In order to manage this functionality, a simple API has been put in place to manage these sessions. - Although the Organisation session-limiter uses the same session object, all other security keys are optional as they are not used. - -

Managing active status

- To disallow access to an entire group of keys without rate limiting the organisation, create a session object with the "is_inactive" key set to true. This will block access before any other middleware is executed. It is useful when managing subscriptions for an organisation group and access needs to be blocked because of non-payment. - - name: Batch requests - description: |- - Tyk supports batch requests, so a client makes a single request to the API but gets a compound response object back. - - This is especially handy if clients have complex requests that have multiple synchronous dependencies and do not wish to have the entire request / response cycle running for each event. - - To enable batch request support, set the `enable_batch_request_support` value to `true` - - This is especially handy if clients have complex requests that have multiple synchronous dependencies and do not wish to have the entire request / response cycle running for each event. - - Batch requests that come into Tyk are *run through the whole Tyk machinery* and *use a relative path to prevent spamming*. This means that a batch request to Tyk for three resources with the same API key will have three requests applied to their session quota and request limiting could become active if they are being throttled. - - Tyk reconstructs the API request based on the data in the batch request. This is to ensure that Tyk is not being used to proxy requests to other hosts outside of the upstream API being accessed. - - Batch requests are created by POSTing to the `/{listen_path}/tyk/batch/` endpoint. These requests **do not require a valid key**, but their request list does. - -

Sample Request

- - ```{json} - { - "requests": [ - { - "method": "GET", - "headers": { - "x-tyk-test": "1", - "x-tyk-version": "1.2", - "authorization": "1dbc83b9c431649d7698faa9797e2900f" - }, - "body": "", - "relative_url": "get" - }, - { - "method": "GET", - "headers": { - "x-tyk-test": "2", - "x-tyk-version": "1.2", - "authorization": "1dbc83b9c431649d7698faa9797e2900f" - }, - "body": "", - "relative_url": "get" - } - ], - "suppress_parallel_execution": false - } - ``` - - The response will will be a structured reply that encapsulates the responses for each of the outbound requests. If `suppress_parallel_execution` is set to `true`, requests will be made synchronously. If set to `false` then they will run in parallel and the response order is not guaranteed. +- description: | + **Note: Applies only to Tyk Gateway Community Edition**
-

Sample Response

+ API management is very simple using the Tyk Rest API: each update only affects the underlying file, and this endpoint will only work with disk based installations, not database-backed ones.
- ``` - [ - { - "relative_url": "get", - "code": 200, - "headers": { - "Access-Control-Allow-Credentials": [ - "true" - ], - "Access-Control-Allow-Origin": [ - "*" - ], - "Content-Length": [ - "497" - ], - "Content-Type": [ - "application/json" - ], - "Date": [ - "Wed, 12 Nov 2014 15:32:43 GMT" - ], - "Server": [ - "gunicorn/18.0" - ], - "Via": [ - "1.1 vegur" - ] - }, - "body": "{ - "args": {}, - "headers": { - "Accept-Encoding": "gzip", - "Authorization": "1dbc83b9c431649d7698faa9797e2900f", - "Connect-Time": "2", - "Connection": "close", - "Host": "httpbin.org", - "Total-Route-Time": "0", - "User-Agent": "Go 1.1 package http", - "Via": "1.1 vegur", - "X-Request-Id": "6a22499a-2776-4aa1-80c0-686581a8be4d", - "X-Tyk-Test": "2", - "X-Tyk-Version": "1.2" - }, - "origin": "127.0.0.1, 62.232.114.250", - "url": "http://httpbin.org/get" - }" - }, - { - "relative_url": "get", - "code": 200, - "headers": { - "Access-Control-Allow-Credentials": [ - "true" - ], - "Access-Control-Allow-Origin": [ - "*" - ], - "Content-Length": [ - "497" - ], - "Content-Type": [ - "application/json" - ], - "Date": [ - "Wed, 12 Nov 2014 15:32:43 GMT" - ], - "Server": [ - "gunicorn/18.0" - ], - "Via": [ - "1.1 vegur" - ] - }, - "body": "{ - "args": {}, - "headers": { - "Accept-Encoding": "gzip", - "Authorization": "1dbc83b9c431649d7698faa9797e2900f", - "Connect-Time": "7", - "Connection": "close", - "Host": "httpbin.org", - "Total-Route-Time": "0", - "User-Agent": "Go 1.1 package http", - "Via": "1.1 vegur", - "X-Request-Id": "1ab61f50-51ff-4828-a7e2-17240385a6d2", - "X-Tyk-Test": "1", - "X-Tyk-Version": "1.2" - }, - "origin": "127.0.0.1, 62.232.114.250", - "url": "http://httpbin.org/get" - }" - } - ] - ``` - With the body for each request string encoded in the `body` field. + APIs that are added this way are flushed to to disk into the app_path folder using the format: *{api-id}.json*. Updating existing APIs that use a different naming convention will cause those APIs to be added, which could subsequently lead to a loading error and crash if they use the same listen_path.
- * `expire_analytics_after`: If you are running a busy API, you may want to ensure that your MongoDB database does not overflow with old data. Set the `expire_analytics_after` value to the number of seconds you would like the data to last for. Setting this flag to anything above `0` will set an `expireAt` field for each record that is written to the database. + These methods only work on a single API node. If updating a cluster, it is important to ensure that all nodes are updated before initiating a reload.
+ name: APIs +- description: |+ + **Note: Applies only to Tyk Gateway Community Edition**
- **Important:** Tyk will not create the expiry index for you. In order to implement data expiry for your analytics data, ensure that the index is created This is easily achieved using the [MongoDB command line interface](https://docs.mongodb.com/getting-started/shell/client/). + name: Tyk OAS APIs +- description: | + All keys that are used to access services via Tyk correspond to a session object that informs Tyk about the context of this particular token, like access rules and rate/quota allowance. + name: Keys +- description: | + It is possible to force API quota and rate limit across all keys that belong to a specific organisation ID. Rate limiting at an organisation level is useful for creating tiered access levels and trial accounts.
- * `dont_set_quota_on_create`: This setting defaults to `false`, but if set to `true`, when the API is used to edit, create or add keys, the quota cache in Redis will not be re-set. By default, all updates or creates to Keys that have Quotas set will re-set the quota (This has been the default behaviour since 1.0). + The Organisation rate limiting middleware works with both Quotas and Rate Limiters. In order to manage this functionality, a simple API has been put in place to manage these sessions.
- This behaviour can be bypassed on a case-by-case basis by using the `suppress_reset` parameter when making a REST API request. This is the advised mode of operation as it allows for manual, granular control over key quotas and reset timings. + Although the Organisation session-limiter uses the same session object, all other security keys are optional as they are not used.
- * `cache_options`: This section enables you to configure the caching behaviour of Tyk and to enable or disable the caching middleware for your API. +

Managing active status


- * `cache_options.enable_cache`: Set this value to `true` if the cache should be enabled for this endpoint, setting it to false will stop all caching behaviour. - - * `cache_options.cache_timeout`: The amount of time, in seconds, to keep cached objects, defaults to `60` seconds. - - * `cache_options.cache_all_safe_requests`: Set this to `true` if you want all *safe* requests (GET, HEAD, OPTIONS) to be cached. This is a blanket setting for APIs where caching is required but you don't want to set individual paths up in the definition. - - * `cache_options.enable_upstream_cache_control`: Set this to `true` if you want your application to control the cache options for Tyk (TTL and whether to cache or not). See [Caching](/docs/basic-config-and-security/reduce-latency/caching/) for more details. - - * `response_processors`: Response processors need to be specifically defined so they are loaded on API creation, otherwise the middleware will not fire. In order to have the two main response middleware components fire, the following configuration object should be supplied. - - ```{json} - "response_processors": [ - { - "name": "header_injector", - "options": { - "add_headers": {"name": "value"}, - "remove_headers": ["name"] - } - }, - { - "name": "response_body_transform", - "options": {} - } - ] - ``` - The options for the `header_injector` are global, and will apply to all outbound requests. - - - - name: APIs - description: |- - **Note: Applies only to Tyk Gateway Community Edition** - - API Management is very simple using the Tyk REST API: each update only affects the underlying file, and this endpoint will only work with disk based installations, not Database-backed ones. - - APIs that are added this way are flushed to to disk into the app_path folder using the format: `{api-id}.json`. Updating existing APIs that use a different naming convention will cause those APIs to be added, which could subsequently lead to a loading error and crash if they use the same listen_path. - - These methods only work on a single API node. If updating a cluster, it is important to ensure that all nodes are updated before initiating a reload. + To disallow access to an entire group of keys without rate limiting the organisation, create a session object with the "is_inactive" key set to true. This will block access before any other middleware is executed. It is useful when managing subscriptions for an organisation group and access needs to be blocked because of non-payment.
+ name: Organisation Quotas +- description: | + Sometimes a cache might contain stale data, or it may just need to be cleared because of an invalid configuration. This call will purge all keys associated with a cache on an API-by-API basis. + name: Cache Invalidation +- description: Use the endpoints under this tag to manage your certificates. You can + add, delete and list certificates using these endpoints. + name: Certs +- description: | + Force restart of the Gateway or whole cluster. + name: Hot Reload +- description: | + Check health status of the Tyk Gateway and loaded APIs. + name: Health Checking +- description: | + A Tyk security policy incorporates several security options that can be applied to an API key. It acts as a template that can override individual sections of an API key (or identity) in Tyk. + name: Policies +- description: | + Manage OAuth clients, and manage their tokens + name: OAuth paths: - '/tyk/apis': + /hello: get: - description: |- - List APIs - Only if used without the Tyk Dashboard + description: From v2.7.5 you can now rename the `/hello` endpoint by using + the `health_check_endpoint_name` option. + operationId: hello + responses: + "200": + content: + application/json: + example: + description: Tyk GW + details: + redis: + componentType: datastore + status: pass + time: "2020-05-19T03:42:55+01:00" + status: pass + version: v5.5.0-dev + schema: + $ref: '#/components/schemas/HealthCheckResponse' + description: Success. + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "405": + content: + application/json: + example: + message: Method Not Allowed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Method Not Allowed + summary: Check the health of the Tyk Gateway. tags: - - APIs + - Health Checking + /tyk/apis: + get: + description: List APIs from Tyk Gateway operationId: listApis responses: - '200': - description: List of API definitions + "200": content: application/json: + example: + - api_id: b84fe1a04e5648927971c0557971565c + auth: + auth_header_name: authorization + definition: + key: version + location: header + name: Tyk Test API + org_id: 664a14650619d40001f1f00f + proxy: + listen_path: /tyk-api-test/ + strip_listen_path: true + target_url: https://httpbin.org + use_oauth2: true + version_data: + not_versioned: true + versions: + Default: + name: Default schema: - type: array items: $ref: '#/components/schemas/APIDefinition' + type: array + description: List of API definitions. + "403": + content: + application/json: example: - - name: "TestAPI" - use_keyless: true - active: true - proxy: - listen_path: "/test" - post: - description: |- - Create API - A single Tyk node can have its API Definitions queried, deleted and updated remotely. This functionality enables you to remotely update your Tyk definitions without having to manage the files manually. + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + summary: Get list of apis tags: - - APIs + - APIs + post: + description: Create API. A single Tyk node can have its API Definitions queried, + deleted and updated remotely. This functionality enables you to remotely update + your Tyk definitions without having to manage the files manually. operationId: createApi parameters: - - name: base_api_id - in: query - required: false - schema: - type: string - description: The base API which the new version will be linked to. - - name: base_api_version_name - in: query - required: false - schema: - type: string - description: The version name of the base API while creating the first version. This doesn't have to be sent for the next versions but if it is set, it will override base API version name. - - name: new_version_name - in: query - required: false - schema: - type: string - description: The version name of the created version. - - name: set_default - in: query - required: false - schema: - type: boolean - description: If true, the new version is set as default version. + - description: The base API which the new version will be linked to. + example: 663a4ed9b6be920001b191ae + in: query + name: base_api_id + required: false + schema: + type: string + - description: The version name of the base API while creating the first version. + This doesn't have to be sent for the next versions but if it is set, it + will override base API version name. + example: Default + in: query + name: base_api_version_name + required: false + schema: + type: string + - description: The version name of the created version. + example: v2 + in: query + name: new_version_name + required: false + schema: + type: string + - description: If true, the new version is set as default version. + example: true + in: query + name: set_default + required: false + schema: + type: boolean requestBody: content: application/json: - schema: - $ref: "#/components/schemas/APIDefinition" example: - name: "TestAPI" - use_keyless: true - active: true + api_id: b84fe1a04e5648927971c0557971565c + auth: + auth_header_name: authorization + definition: + key: version + location: header + name: Tyk Test API + org_id: 664a14650619d40001f1f00f proxy: - listen_path: "/test" + listen_path: /tyk-api-test/ + strip_listen_path: true + target_url: https://httpbin.org + use_oauth2: true + version_data: + not_versioned: true + versions: + Default: + name: Default + schema: + $ref: '#/components/schemas/APIDefinition' responses: - '200': - description: API created + "200": content: application/json: - schema: - $ref: "#/components/schemas/apiModifyKeySuccess" example: - status: "ok" - action: "created" - key: "{...API JSON definition...}" - '400': - description: Malformed data + action: added + key: b84fe1a04e5648927971c0557971565c + status: ok + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: API created. + "400": content: application/json: + example: + message: Request malformed + status: error schema: - $ref: "#/components/schemas/apiStatusMessage" + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": + content: + application/json: example: - status: "error" - message: "Malformed API data" - /tyk/apis/oas: - get: - description: |- - List all OAS format APIs, when used without the Tyk Dashboard. - tags: - - OAS APIs - operationId: listApisOAS - parameters: - - description: |- - Mode of OAS get, by default mode could be empty which means to get OAS spec including OAS Tyk extension. - When mode=public, OAS spec excluding Tyk extension will be returned in the response - name: mode - in: query - schema: - type: string - example: public - responses: - '200': - description: List of API definitions in OAS format + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "500": content: application/json: + example: + message: file object creation failed, write error + status: error schema: - type: array - items: - $ref: '#/components/schemas/OASSchemaResponse' - post: - description: |- - Create API with OAS format - A single Tyk node can have its API Definitions queried, deleted and updated remotely. This functionality enables you to remotely update your Tyk definitions without having to manage the files manually. + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Creat an API tags: - - OAS APIs - operationId: createApiOAS + - APIs + /tyk/apis/{apiID}: + delete: + description: Deleting an API definition will remove the file from the file store, + the API definition will NOT be unloaded, a separate reload request will need + to be made to disable the API endpoint. + operationId: deleteApi parameters: - - name: base_api_id - in: query - required: false - schema: - type: string - description: The base API which the new version will be linked to. - - name: base_api_version_name - in: query - required: false - schema: - type: string - description: The version name of the base API while creating the first version. This doesn't have to be sent for the next versions but if it is set, it will override base API version name. - - name: new_version_name - in: query - required: false - schema: - type: string - description: The version name of the created version. - - name: set_default - in: query - required: false - schema: - type: boolean - description: If true, the new version is set as default version. - requestBody: - content: - application/json: - schema: - $ref: "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json" + - description: The API ID. + example: 1bd5c61b0e694082902cf15ddcc9e6a7 + in: path + name: apiID + required: true + schema: + type: string responses: - '200': - description: API created + "200": content: application/json: + example: + action: deleted + key: 1bd5c61b0e694082902cf15ddcc9e6a7 + status: ok schema: - $ref: "#/components/schemas/apiModifyKeySuccess" + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: API deleted. + "403": + content: + application/json: example: - status: "ok" - action: "created" - key: "{...API JSON definition...}" - '400': - description: Malformed data + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": content: application/json: + example: + message: API not found + status: error schema: - $ref: "#/components/schemas/apiStatusMessage" + $ref: '#/components/schemas/ApiStatusMessage' + description: API not found. + "500": + content: + application/json: example: - status: "error" - message: "Malformed API data" - - '/tyk/apis/{apiID}': - parameters: - - description: The API ID - name: apiID + message: Delete failed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Deleting an API definition with ID. + tags: + - APIs + get: + description: Get API definition from Tyk Gateway. + operationId: getApi + parameters: + - description: The API ID. + example: keyless in: path + name: apiID required: true schema: type: string - get: - description: |- - Get API definition - Only if used without the Tyk Dashboard - tags: - - APIs - operationId: getApi responses: - '200': - description: API definition + "200": content: application/json: - schema: - $ref: "#/components/schemas/APIDefinition" example: - name: "TestAPI" - use_keyless: true - active: true + api_id: b84fe1a04e5648927971c0557971565c + auth: + auth_header_name: authorization + definition: + key: version + location: header + name: Tyk Test API + org_id: 664a14650619d40001f1f00f proxy: - listen_path: "/test" + listen_path: /tyk-api-test/ + strip_listen_path: true + target_url: https://httpbin.org + use_oauth2: true + version_data: + not_versioned: true + versions: + Default: + name: Default + schema: + $ref: '#/components/schemas/APIDefinition' + description: API definition. headers: x-tyk-base-api-id: + description: ID of the base API if the requested API is a version. schema: type: string - description: ID of the base API if the requested API is a version. + style: simple + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: API not found. + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: API not found. + summary: Get API definition with it's ID. + tags: + - APIs put: - description: | - Updating an API definition uses the same signature an object as a `POST`, however it will first ensure that the API ID that is being updated is the same as the one in the object being `PUT`. - + description: |- + Updating an API definition uses the same signature and object as a `POST`, however it will first ensure that the API ID that is being updated is the same as the one in the object being `PUT`. Updating will completely replace the file descriptor and will not change an API Definition that has already been loaded, the hot-reload endpoint will need to be called to push the new definition to live. - tags: - - APIs operationId: updateApi + parameters: + - description: The API ID. + example: 1bd5c61b0e694082902cf15ddcc9e6a7 + in: path + name: apiID + required: true + schema: + type: string requestBody: content: application/json: - schema: - $ref: "#/components/schemas/APIDefinition" example: - name: "TestAPI" - use_keyless: true - active: true + api_id: b84fe1a04e5648927971c0557971565c + auth: + auth_header_name: authorization + definition: + key: version + location: header + name: Update the API name sample + org_id: 664a14650619d40001f1f00f proxy: - listen_path: "/test" + listen_path: /update-listen-path + strip_listen_path: true + target_url: https://tyk.io/api + use_oauth2: true + version_data: + not_versioned: true + versions: + Default: + name: Default + schema: + $ref: '#/components/schemas/APIDefinition' responses: - '200': - description: API updated + "200": content: application/json: - schema: - $ref: "#/components/schemas/apiModifyKeySuccess" example: - status: "ok" - action: "updated" - key: "{...API JSON definition...}" - '400': - description: Malformed data + action: modified + key: 1bd5c61b0e694082902cf15ddcc9e6a7 + status: ok + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: API updated. + "400": content: application/json: - schema: - $ref: "#/components/schemas/apiStatusMessage" example: - status: "error" - message: "Malformed API data" - - delete: - description: |- - Deleting an API definition will remove the file from the file store, the API definition will NOT be unloaded, a separate reload request will need to be made to disable the API endpoint. - tags: - - APIs - operationId: deleteApi - responses: - '200': - description: API deleted + message: Request malformed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": content: application/json: - schema: - $ref: '#/components/schemas/apiStatusMessage' example: - message: API deleted - status: ok - '400': - description: No API ID specified + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": content: application/json: + example: + message: API not found + status: error schema: - $ref: '#/components/schemas/apiStatusMessage' + $ref: '#/components/schemas/ApiStatusMessage' + description: API not found. + "500": + content: + application/json: example: - message: API ID not specified + message: File object creation failed, write error. status: error - + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Updating an API definition with its ID. + tags: + - APIs /tyk/apis/{apiID}/versions: - parameters: - - description: The API ID - name: apiID - in: path - required: true - schema: - type: string get: - description: |- - Listing versions of an OAS API - tags: - - APIs + description: Listing versions of an API. operationId: listApiVersions parameters: - - $ref: '#/components/parameters/SearchText' - - $ref: '#/components/parameters/AccessType' - responses: - '200': - description: API version metas - content: - application/json: - schema: - properties: - apis: - type: array - items: - $ref: '#/components/schemas/APIVersionMeta' - - '/tyk/apis/oas/{apiID}': - parameters: - - description: The API ID - name: apiID + - description: The API ID. + example: keyless in: path + name: apiID required: true schema: type: string - get: - description: |- - Get API definition in OAS format - Only if used without the Tyk Dashboard - tags: - - OAS APIs - parameters: - - description: |- - Mode of OAS get, by default mode could be empty which means to get OAS spec including OAS Tyk extension. - When mode=public, OAS spec excluding Tyk extension will be returned in the response - name: mode - in: query - schema: - type: string - example: public - operationId: listApiOAS + - $ref: '#/components/parameters/SearchText' + - $ref: '#/components/parameters/AccessType' responses: - '200': - description: API definition + "200": content: application/json: + example: + apis: + - expirationDate: "" + id: keyless + internal: false + isDefaultVersion: false + name: Tyk Test Keyless API + versionName: "" + - expirationDate: "" + id: 1f20d5d2731d47ac9c79fddf826eda00 + internal: false + isDefaultVersion: true + name: Version three Api + versionName: v2 + status: success schema: - $ref: "#/components/schemas/OASSchemaResponse" - headers: - x-tyk-base-api-id: - schema: - type: string - description: ID of the base API if the requested API is a version. - put: - description: | - Updating an API definition uses the same signature an object as a `POST`, however it will first ensure that the API ID that is being updated is the same as the one in the object being `PUT`. - - - Updating will completely replace the file descriptor and will not change an API Definition that has already been loaded, the hot-reload endpoint will need to be called to push the new definition to live. - tags: - - OAS APIs - operationId: updateApiOAS - requestBody: - content: - application/json: - schema: - $ref: "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json" - responses: - '200': - description: API updated + $ref: '#/components/schemas/VersionMetas' + description: API version metas. + "403": content: application/json: - schema: - $ref: "#/components/schemas/apiModifyKeySuccess" example: - status: "ok" - action: "updated" - key: "{...API JSON definition...}" - '400': - description: Malformed data + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": content: application/json: - schema: - $ref: "#/components/schemas/apiStatusMessage" example: - status: "error" - message: "Malformed API data" - patch: - summary: Patch a single OAS API by ID - description: |- - Update API with OAS format. You can use this endpoint to update OAS part of the tyk API definition. - This endpoint allows you to configure tyk OAS extension based on query params provided(similar to import) + message: API not found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: API not found. + summary: Listing versions of an API. tags: - - OAS APIs - operationId: patchApiOAS + - APIs + /tyk/apis/oas: + get: + description: List all APIs in Tyk OAS API format, from Tyk Gateway. + operationId: listApisOAS parameters: - - $ref: '#/components/parameters/UpstreamURL' - - $ref: '#/components/parameters/ListenPath' - - $ref: '#/components/parameters/CustomDomain' - - $ref: '#/components/parameters/ValidateRequest' - - $ref: '#/components/parameters/AllowList' - - $ref: '#/components/parameters/MockResponse' - - $ref: '#/components/parameters/Authentication' - requestBody: - content: - application/json: - schema: - $ref: "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json" + - description: "By default mode is empty which means it will return the Tyk + API OAS spec including the x-tyk-api-gateway part. \n When mode=public, + the Tyk OAS API spec will exclude the x-tyk-api-gateway part in the response." + example: public + in: query + name: mode + required: false + schema: + enum: + - public + type: string responses: - '200': - description: API patched + "200": content: application/json: + examples: + oasExampleList: + $ref: '#/components/examples/oasExampleList' schema: - $ref: "#/components/schemas/apiModifyKeySuccess" - example: - status: "ok" - action: "modified" - key: "{updated APIID}" - '400': - description: Bad request + items: + allOf: + - $ref: https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json + - $ref: '#/components/schemas/XTykAPIGateway' + type: array + description: List of API definitions in Tyk OAS format. + "403": content: application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error schema: - $ref: "#/components/schemas/apiStatusMessage" - examples: - malformedBody: - summary: When the request body is malformed - value: - message: "Request malformed" - status: "error" - missingAPIID: - summary: When the request is missing APIID in query Param - value: - message: "Must specify an apiID to patch" - status: "error" - nonExistingAPIID: - summary: When the client sends and APIID which doesn't exists in tyk gw - value: - message: "No API found for APIID {APIID}" - status: "error" - invalidUpstreamURL: - summary: When the client sends query param upstreamURL which isn't valid - value: - message: "invalid upstream URL" - status: "error" - 500: - description: When patch request is send while using dashboard app configs - content: - application/json: - schema: - $ref: "#/components/schemas/apiStatusMessage" - example: - summary: dashboard app configs is used for tyk api definitions - value: - message: "Due to enabled use_db_app_configs, please use the Dashboard API" - status: "error" - delete: - description: |- - Deleting an API definition will remove the file from the file store, the API definition will NOT be unloaded, a separate reload request will need to be made to disable the API endpoint. + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + summary: List all APIs in Tyk OAS API format. tags: - - OAS APIs - operationId: deleteOASApi + - Tyk OAS APIs + post: + description: Create an API with Tyk OAS API format on the Tyk Gateway. + operationId: createApiOAS + parameters: + - description: The base API which the new version will be linked to. + example: 663a4ed9b6be920001b191ae + in: query + name: base_api_id + required: false + schema: + type: string + - description: The version name of the base API while creating the first version. + This doesn't have to be sent for the next versions but if it is set, it + will override base API version name. + example: Default + in: query + name: base_api_version_name + required: false + schema: + type: string + - description: The version name of the created version. + example: v2 + in: query + name: new_version_name + required: false + schema: + type: string + - description: If true, the new version is set as default version. + example: true + in: query + name: set_default + required: false + schema: + type: boolean + requestBody: + content: + application/json: + example: + components: + securitySchemes: + bearerAuth: + description: The API Access Credentials + scheme: bearer + type: http + info: + description: This is a sample OAS. + title: OAS Sample + version: 1.0.0 + openapi: 3.0.3 + paths: + /api/sample/users: + get: + operationId: getUsers + responses: + "200": + content: + application/json: + schema: + items: + properties: + name: + type: string + type: object + type: array + description: fetched users + summary: Get users + tags: + - users + security: + - bearerAuth: [] + servers: + - url: https://localhost:8080 + x-tyk-api-gateway: + info: + name: user + state: + active: true + server: + listenPath: + strip: true + value: /user-test/ + upstream: + url: https://localhost:8080 + schema: + allOf: + - $ref: https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json + - $ref: '#/components/schemas/XTykAPIGateway' responses: - '200': - description: API deleted + "200": content: application/json: - schema: - $ref: '#/components/schemas/apiStatusMessage' example: - message: API deleted + action: added + key: e30bee13ad4248c3b529a4c58bb7be4e status: ok - '400': - description: No API ID specified + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: API created. + "400": content: application/json: + example: + message: the payload should contain x-tyk-api-gateway + status: error schema: - $ref: '#/components/schemas/apiStatusMessage' + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": + content: + application/json: example: - message: API ID not specified + message: Attempted administrative access with invalid or missing key! status: error - - /tyk/apis/oas/{apiID}/versions: - parameters: - - description: The API ID - name: apiID - in: path - required: true - schema: - type: string - get: - description: |- - Listing versions of an OAS API - tags: - - OASAPIs - operationId: listOASApiVersions - parameters: - - $ref: '#/components/parameters/SearchText' - - $ref: '#/components/parameters/AccessType' - responses: - '200': - description: API version metas + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "500": content: application/json: + example: + message: file object creation failed, write error + status: error schema: - properties: - apis: - type: array - items: - $ref: '#/components/schemas/APIVersionMeta' - - - '/tyk/apis/oas/{apiID}/export': - parameters: - - description: The API ID - name: apiID + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Create an API with Tyk OAS format. + tags: + - Tyk OAS APIs + /tyk/apis/oas/{apiID}: + delete: + description: Deleting an API definition will remove the file from the file store, + the API definition will not be unloaded, a separate reload request will need + to be made to disable the API endpoint. + operationId: deleteOASApi + parameters: + - description: The API ID. + example: 1bd5c61b0e694082902cf15ddcc9e6a7 in: path + name: apiID required: true schema: type: string - get: - description: |- - Download all OAS format APIs, when used without the Tyk Dashboard. - tags: - - OAS APIs - operationId: downloadApiOASPublic - parameters: - - description: |- - Mode of OAS export, by default mode could be empty which means to export OAS spec including OAS Tyk extension. - When mode=public, OAS spec excluding Tyk extension is exported - name: mode - in: query - schema: - type: string - example: public responses: - '200': - description: API definition + "200": content: application/json: + example: + action: deleted + key: 1bd5c61b0e694082902cf15ddcc9e6a7 + status: ok schema: - $ref: "#/components/schemas/OASSchemaResponse" - /tyk/apis/oas/export: - get: - description: |- - Download all OAS format APIs, when used without the Tyk Dashboard. - tags: - - OAS APIs - operationId: downloadApisOASPublic - parameters: - - description: |- - The mode of OAS export. By default the mode is not set which means the OAS spec is exported including the OAS Tyk extension. - If the mode is set to public, the OAS spec excluding the Tyk extension is exported. - name: mode - in: query - schema: - type: string - example: public - responses: - '200': - description: API definition + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: API deleted + "400": content: application/json: + example: + message: Must specify an apiID to delete + status: error schema: - type: array - items: - $ref: '#/components/schemas/OASSchemaResponse' - /tyk/apis/oas/import: - post: - description: |- - Create a new OAS format API, without x-tyk-gateway. - For use with an existing OAS API that you want to expose via your Tyk Gateway. (New) - tags: - - OAS APIs - operationId: importOAS - parameters: - - $ref: '#/components/parameters/UpstreamURL' - - $ref: '#/components/parameters/ListenPath' - - $ref: '#/components/parameters/CustomDomain' - - $ref: '#/components/parameters/ApiID' - - $ref: '#/components/parameters/AllowList' - - $ref: '#/components/parameters/MockResponse' - - $ref: '#/components/parameters/ValidateRequest' - - $ref: '#/components/parameters/Authentication' - requestBody: - content: - application/json: - schema: - $ref: "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json" - responses: - '200': - description: API definition created + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": content: application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error schema: - $ref: "#/components/schemas/apiModifyKeySuccess" + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: example: - status: "ok" - action: "added" - key: "{created APIID}" - '400': - description: Bad request + message: API not found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: API not found. + "500": content: application/json: + example: + message: Delete failed + status: error schema: - $ref: "#/components/schemas/apiStatusMessage" - examples: - malformedBody: - summary: When the request body is malformed - value: - message: "Request malformed" - status: "error" - invalidUpstreamURL: - summary: When the client sends a query param upstreamURL which isn't valid - value: - message: "invalid upstream URL" - status: "error" - 500: - description: When an import request is sent using your Tyk Dashboard app configs - content: - application/json: - schema: - $ref: "#/components/schemas/apiStatusMessage" - example: - summary: Tyk Dashboard app configs are being used for Tyk API definitions - value: - message: "Due to enabled use_db_app_configs, please use the Dashboard API" - status: "error" - '/tyk/cache/{apiID}': - parameters: - - description: The API ID - name: apiID + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Deleting a Tyk OAS API. + tags: + - Tyk OAS APIs + get: + description: Get Tyk OAS API definition using an API ID. + operationId: getOASApi + parameters: + - description: "By default mode is empty which means it will return the Tyk + API OAS spec including the x-tyk-api-gateway part. \n When mode=public, + the Tyk OAS API spec will exclude the x-tyk-api-gateway part in the response." + example: public + in: query + name: mode + required: false + schema: + enum: + - public + type: string + - description: ID of the API you want to fetch + example: 4c1c0d8fc885401053ddac4e39ef676b in: path + name: apiID required: true schema: type: string - delete: - summary: Invalidate cache - description: Invalidate cache for the given API - tags: - - Cache Invalidation - operationId: invalidateCache responses: - '200': - description: Invalidate cache + "200": content: application/json: + examples: + oasExample: + $ref: '#/components/examples/oasExample' schema: - $ref: '#/components/schemas/apiStatusMessage' - example: - message: cache invalidated - status: ok - '/tyk/reload/': - get: - summary: Hot-reload a single node - description: Tyk is capable of reloading configurations without having to stop serving requests. This means that API configurations can be added at runtime, or even modified at runtime and those rules applied immediately without any downtime. - parameters: - - description: Block a response until the reload is performed. This can be useful in scripting environments like CI/CD workflows. - name: block - in: query - required: false - schema: - type: boolean - enum: [true] - tags: - - Hot Reload - operationId: hotReload - responses: - '200': - description: Reload gateway + allOf: + - $ref: https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json + - $ref: '#/components/schemas/XTykAPIGateway' + description: OK + headers: + x-tyk-base-api-id: + description: ID of the base API if the requested API is a version. + schema: + type: string + style: simple + "400": content: application/json: - schema: - $ref: '#/components/schemas/apiStatusMessage' example: - status: ok - '/tyk/reload/group': - get: - summary: Hot-reload a Tyk group - description: To reload a whole group of Tyk nodes (without using the Dashboard or host manager). You can send an API request to a single node, this node will then send a notification through the pub/sub infrastructure to all other listening nodes (including the host manager if it is being used to manage NginX) which will then trigger a global reload. - tags: - - Hot Reload - operationId: hotReloadGroup - responses: - '200': - description: Reload the Tyk Gateway + message: the requested API definition is in Tyk classic format, please + use old API endpoint + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": content: application/json: - schema: - $ref: '#/components/schemas/apiStatusMessage' example: - status: ok - '/tyk/hello': - get: - summary: Check the Health of the Tyk Gateway - description: | - From v2.7.5 you can now rename the `/hello` endpoint by using the `health_check_endpoint_name` option - - Returns 200 response in case of success - tags: - - Health Checking - operationId: hello - responses: - '200': - description: Success - content: - text/html: + message: Attempted administrative access with invalid or missing key! + status: error schema: - type: string - example: "Hello Tiki" - '/tyk/certs': - get: - parameters: - - description: Organisation ID to list the certificates - in: query - name: org_id - required: true - schema: - type: string - - description: Mode to list the certificate details - name: mode - in: query - required: false - schema: - type: string - example: 'detailed' - - description: Comma separated list of certificates to list - name: certID - in: query - required: false - schema: - type: string - example: 'e6ce2b49-3e31-44de-95a7-12f054724283,234a37ac-28d1-4f12-b936-ffb4211b79f1' - summary: List Certificates - description: List All Certificates in the Tyk Gateway - tags: - - Certs - operationId: listCerts - responses: - '200': - description: List of all Certificates + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": content: application/json: + example: + message: API not found + status: error schema: - oneOf: - - $ref: '#/components/schemas/APIAllCertificates' - - $ref: '#/components/schemas/APIAllCertificateBasics' - - type: array - items: - $ref: '#/components/schemas/CertificateMeta' - post: - summary: Add a certificate - description: Add a certificate to the Tyk Gateway + $ref: '#/components/schemas/ApiStatusMessage' + description: API not found. + summary: Get a Tyk OAS API definition. tags: - - Certs - operationId: addCert + - Tyk OAS APIs + patch: + description: |- + You can use this endpoint to update Tyk OAS part of the Tyk API definition. + This endpoint allows you to configure Tyk OAS extension based on query params provided(similar to import). + operationId: patchApiOAS parameters: - - description: Organisation ID to list the certificates - in: query - name: org_id - required: true - schema: - type: string + - description: ID of the API you want to fetch. + example: 4c1c0d8fc885401053ddac4e39ef676b + in: path + name: apiID + required: true + schema: + type: string + - $ref: '#/components/parameters/UpstreamURL' + - $ref: '#/components/parameters/ListenPath' + - $ref: '#/components/parameters/CustomDomain' + - $ref: '#/components/parameters/AllowList' + - $ref: '#/components/parameters/ValidateRequest' + - $ref: '#/components/parameters/MockResponse' + - $ref: '#/components/parameters/Authentication' requestBody: content: - text/plain: + application/json: + example: + components: + securitySchemes: + bearerAuth: + description: The API Access Credentials + scheme: bearer + type: http + info: + description: This is a sample OAS. + title: OAS Sample + version: 1.0.0 + openapi: 3.0.3 + paths: + /api/sample/users: + get: + operationId: getUsers + responses: + "200": + content: + application/json: + schema: + items: + properties: + name: + type: string + type: object + type: array + description: fetched users + summary: Get users + tags: + - users + security: + - bearerAuth: [] + servers: + - url: https://localhost:8080 + x-tyk-api-gateway: + info: + name: user + state: + active: true + server: + listenPath: + strip: true + value: /user-test/ + upstream: + url: https://localhost:8080 schema: - type: string + $ref: https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json responses: - '200': - description: New Key added + "200": content: application/json: schema: - $ref: '#/components/schemas/APICertificateStatusMessage' - example: - id: 'e6ce2b49-3e31-44de-95a7-12f054724283' - message: 'Certificate added' - status: ok - '403': - description: Malformed data + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: API patched. + "400": content: application/json: - schema: - $ref: '#/components/schemas/apiStatusMessage' example: - message: Malformed cert data + message: Must specify an apiID to patch status: error - delete: - parameters: - - description: Certifiicate ID to be deleted - in: query - name: certID - required: true - schema: - type: string - - description: Organisation ID to list the certificates - in: query - name: org_id - required: true - schema: - type: string - summary: Delete Certificate - description: Delete certificate by id - tags: - - Certs - operationId: deleteCerts - responses: - '200': - description: Deleted certificate + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": content: application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error schema: - $ref: '#/components/schemas/apiStatusMessage' + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: example: - message: removed - status: ok - - '/tyk/keys': - get: - summary: List Keys - description: You can retrieve all the keys in your Tyk instance. Returns an array of Key IDs. - tags: - - Keys - operationId: listKeys - responses: - '200': - description: List of all API keys + message: API not found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: API not found. + "500": content: application/json: + example: + message: file object creation failed, write error + status: error schema: - $ref: "#/components/schemas/apiAllKeys" - post: - summary: Create a key - description: |- - Tyk will generate the access token based on the OrgID specified in the API Definition and a random UUID. This ensures that keys can be "owned" by different API Owners should segmentation be needed at an organisational level. -

- API keys without access_rights data will be written to all APIs on the system (this also means that they will be created across all SessionHandlers and StorageHandlers, it is recommended to always embed access_rights data in a key to ensure that only targeted APIs and their back-ends are written to. + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Patch API in Tyk OAS format. tags: - - Keys - operationId: addKey + - Tyk OAS APIs + put: + description: |- + Updating an API definition uses the same signature an object as a `POST`, however it will first ensure that the API ID that is being updated is the same as the one in the object being `PUT`. + + + Updating will completely replace the file descriptor and will not change an API Definition that has already been loaded, the hot-reload endpoint will need to be called to push the new definition to live. + operationId: updateApiOAS + parameters: + - description: ID of the API you want to fetch + example: 4c1c0d8fc885401053ddac4e39ef676b + in: path + name: apiID + required: true + schema: + type: string requestBody: content: application/json: - schema: - $ref: "#/components/schemas/SessionState" example: - quota_max: 60 - quota_renews: 1406121006 - quota_renewal_rate: 60 - allowance: 100 - rate: 100 - per: 5 - org_id: 53ac07777cbb8c2d53000002 + components: + securitySchemes: + bearerAuth: + description: The API Access Credentials + scheme: bearer + type: http + info: + description: This is a sample OAS. + title: OAS Sample + version: 1.0.0 + openapi: 3.0.3 + paths: + /api/sample/users: + get: + operationId: getUsers + responses: + "200": + content: + application/json: + schema: + items: + properties: + name: + type: string + type: object + type: array + description: fetched users + summary: Get users + tags: + - users + security: + - bearerAuth: [] + servers: + - url: https://localhost:8080 + x-tyk-api-gateway: + info: + name: user + state: + active: true + server: + listenPath: + strip: true + value: /user-test/ + upstream: + url: https://localhost:8080 + schema: + allOf: + - $ref: https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json + - $ref: '#/components/schemas/XTykAPIGateway' responses: - '200': - description: New Key added + "200": content: application/json: - schema: - $ref: '#/components/schemas/apiModifyKeySuccess' example: - action: created - key: '{...KEY JSON definition...}' + action: modified + key: e30bee13ad4248c3b529a4c58bb7be4e status: ok - '400': - description: Malformed data + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: API updated + "400": content: application/json: + example: + message: Request APIID does not match that in Definition! For Update + operations these must match. + status: error schema: - $ref: '#/components/schemas/apiStatusMessage' + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": + content: + application/json: example: - message: Malformed Key data + message: Attempted administrative access with invalid or missing key! status: error - '/tyk/keys/{keyID}': - parameters: - - description: The Key ID - name: keyID - in: path - required: true - schema: - type: string - - description: Use the hash of the key as input instead of the full key - name: hashed - in: query - required: false - schema: - type: boolean - get: - summary: Get a Key - description: Get session info about the specified key. Should return up to date rate limit and quota usage numbers. - tags: - - Keys - operationId: getKey - responses: - '200': - description: Key object + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": content: application/json: + example: + message: API not found + status: error schema: - $ref: '#/components/schemas/SessionState' + $ref: '#/components/schemas/ApiStatusMessage' + description: API not found + "500": + content: + application/json: example: - quota_max: 60 - quota_renews: 1406121006 - quota_renewal_rate: 60 - allowance: 100 - rate: 100 - per: 5 - org_id: 53ac07777cbb8c2d53000002 - put: - summary: Update Key - description: |- - You can also manually add keys to Tyk using your own key-generation algorithm. It is recommended if using this approach to ensure that the OrgID being used in the API Definition and the key data is blank so that Tyk does not try to prepend or manage the key in any way. + message: file object creation failed, write error + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Update a Tyk OAS API definition. tags: - - Keys - operationId: updateKey - requestBody: - content: - application/json: - schema: - $ref: "#/components/schemas/SessionState" - example: - quota_max: 60 - quota_renews: 1406121006 - quota_renewal_rate: 60 - allowance: 100 - rate: 100 - per: 5 - org_id: 53ac07777cbb8c2d53000002 + - Tyk OAS APIs + /tyk/apis/oas/{apiID}/export: + get: + description: Use the mode query parameter to specify if you want the x-tyk-api-gateway + stripped out. + operationId: downloadApiOASPublic parameters: - - description: |- - Adding the suppress_reset parameter and setting it to 1, will cause Tyk not to reset the quota limit that is in the current live quota manager. By default Tyk will reset the quota in the live quota manager (initialising it) when adding a key. Adding the `suppress_reset` flag to the URL parameters will avoid this behaviour. - name: suppress_reset - in: query - required: false - schema: - type: string - enum: ["1"] + - description: ID of the API you want to fetch. + example: 4c1c0d8fc885401053ddac4e39ef676b + in: path + name: apiID + required: true + schema: + type: string + - description: "By default mode is empty which means it will return the Tyk + API OAS spec including the x-tyk-api-gateway part. \n When mode=public, + the Tyk OAS API spec will exclude the x-tyk-api-gateway part in the response." + example: public + in: query + name: mode + required: false + schema: + enum: + - public + type: string responses: - '200': - description: Key updated + "200": + content: + application/octet-stream: + schema: + format: binary + type: string + description: Exported API definition file + "400": content: application/json: + example: + message: requesting API definition that is in Tyk classic format + status: error schema: - $ref: '#/components/schemas/apiModifyKeySuccess' + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": + content: + application/json: example: - action: updated - status: ok - '400': - description: No or incorrect Key ID specified + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": content: application/json: + example: + message: API not found + status: error schema: - $ref: '#/components/schemas/apiStatusMessage' + $ref: '#/components/schemas/ApiStatusMessage' + description: Not Found + "500": + content: + application/json: example: - message: Key ID not specified + message: Unexpected error status: error - post: - summary: Create Custom Key / Import Key - description: |- - You can use the `POST /tyk/keys/{KEY_ID}` endpoint as defined below to import existing keys into Tyk. - - This example uses standard `authorization` header authentication, and assumes that the Gateway is located at `127.0.0.1:8080` and the Tyk secret is `352d20ee67be67f6340b4c0605b044b7` - update these as necessary to match your environment. - - To import a key called `mycustomkey`, save the JSON contents as `token.json` (see example below), then run the following Curl command. - - ``` - curl http://127.0.0.1:8080/tyk/keys/mycustomkey -H 'x-tyk-authorization: 352d20ee67be67f6340b4c0605b044b7' -H 'Content-Type: application/json' -d @token.json - ``` - - The following request will fail as the key doesn't exist. - - ``` - curl http://127.0.0.1:8080/quickstart/headers -H 'Authorization. invalid123' - ``` - - But this request will now work, using the imported key. - - ``` - curl http://127.0.0.1:8080/quickstart/headers -H 'Authorization: mycustomkey' - ``` - -

Example token.json file

- - ``` - { - "allowance": 1000, - "rate": 1000, - "per": 60, - "expires": -1, - "quota_max": -1, - "quota_renews": 1406121006, - "quota_remaining": 0, - "quota_renewal_rate": 60, - "access_rights": { - "3": { - "api_name": "Tyk Test API", - "api_id": "3" - } - }, - "org_id": "53ac07777cbb8c2d53000002", - "basic_auth_data": { - "password": "", - "hash_type": "" - }, - "hmac_enabled": false, - "hmac_string": "", - "is_inactive": false, - "apply_policy_id": "", - "apply_policies": [ - "59672779fa4387000129507d", - "53222349fa4387004324324e", - "543534s9fa4387004324324d" - ], - "monitor": { - "trigger_limits": [] - } - } - ``` + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Download a Tyk OAS format API. tags: - - Keys - operationId: createCustomKey - requestBody: - content: - application/json: - schema: - $ref: "#/components/schemas/SessionState" - example: - quota_max: 60 - quota_renews: 1406121006 - quota_renewal_rate: 60 - allowance: 100 - rate: 100 - per: 5 - org_id: 53ac07777cbb8c2d53000002 + - Tyk OAS APIs + /tyk/apis/oas/{apiID}/versions: + get: + description: Listing versions of a Tyk OAS API. + operationId: listOASApiVersions parameters: - - description: |- - Adding the suppress_reset parameter and setting it to 1, will cause Tyk not to reset the quota limit that is in the current live quota manager. By default Tyk will reset the quota in the live quota manager (initialising it) when adding a key. Adding the `suppress_reset` flag to the URL parameters will avoid this behaviour. - name: suppress_reset - in: query - required: false - schema: - type: string - enum: ["1"] + - description: ID of the API you want to fetch. + example: 4c1c0d8fc885401053ddac4e39ef676b + in: path + name: apiID + required: true + schema: + type: string + - $ref: '#/components/parameters/SearchText' + - $ref: '#/components/parameters/AccessType' responses: - '200': - description: Key updated + "200": content: application/json: - schema: - $ref: '#/components/schemas/apiModifyKeySuccess' example: - action: updated - status: ok - '400': - description: No or incorrect Key ID specified + apis: + - expirationDate: "" + id: keyless + internal: false + isDefaultVersion: false + name: Tyk Test Keyless API + versionName: "" + - expirationDate: "" + id: 1f20d5d2731d47ac9c79fddf826eda00 + internal: false + isDefaultVersion: true + name: Version three Api + versionName: v2 + status: success + schema: + $ref: '#/components/schemas/VersionMetas' + description: API version metas. + "403": content: application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error schema: - $ref: '#/components/schemas/apiStatusMessage' + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: example: - message: Key ID not specified + message: API not found. status: error - delete: - summary: Delete Key - description: Deleting a key will remove it permanently from the system, however analytics relating to that key will still be available. + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: API not found + summary: Listing versions of a Tyk OAS API. tags: - - Keys - operationId: deleteKey + - Tyk OAS APIs + /tyk/apis/oas/export: + get: + description: Download all Tyk OAS format APIs, from the Gateway. + operationId: downloadApisOASPublic + parameters: + - description: "By default mode is empty which means it will return the Tyk + API OAS spec including the x-tyk-api-gateway part. \n When mode=public, + the Tyk OAS API spec will exclude the x-tyk-api-gateway part in the response." + example: public + in: query + name: mode + required: false + schema: + enum: + - public + type: string responses: - '200': - description: Key deleted + "200": content: - application/json: + application/octet-stream: schema: - $ref: '#/components/schemas/apiStatusMessage' + format: binary + type: string + description: Get a list of Tyk OAS APIs definitions. + "403": + content: + application/json: example: - action: Key deleted - status: ok - '/tyk/policies': - get: - summary: List Policies - description: You can retrieve all the policies in your Tyk instance. Returns an array policies. - tags: - - Policies - operationId: listPolicies - responses: - '200': - description: List of all policies + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "500": content: application/json: + example: + message: Unexpected error + status: error schema: - type: array - items: - $ref: "#/components/schemas/Policy" - post: - summary: Create a Policy - description: You can create a Policy in your Tyk Instance + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Download all Tyk OAS format APIs. tags: - - Policies - operationId: addPolicy + - Tyk OAS APIs + /tyk/apis/oas/import: + post: + description: |- + Import an Tyk OAS format API without x-tyk-gateway. + For use with an existing Tyk OAS API that you want to expose via your Tyk Gateway. + operationId: importOAS + parameters: + - $ref: '#/components/parameters/UpstreamURL' + - $ref: '#/components/parameters/ListenPath' + - $ref: '#/components/parameters/CustomDomain' + - $ref: '#/components/parameters/AllowList' + - $ref: '#/components/parameters/ValidateRequest' + - $ref: '#/components/parameters/MockResponse' + - $ref: '#/components/parameters/Authentication' + - description: The base API which the new version will be linked to. + example: 663a4ed9b6be920001b191ae + in: query + name: base_api_id + required: false + schema: + type: string + - description: The version name of the base API while creating the first version. + This doesn't have to be sent for the next versions but if it is set, it + will override base API version name. + example: Default + in: query + name: base_api_version_name + required: false + schema: + type: string + - description: The version name of the created version. + example: v2 + in: query + name: new_version_name + required: false + schema: + type: string + - description: If true, the new version is set as default version. + example: true + in: query + name: set_default + required: false + schema: + type: boolean requestBody: content: application/json: - schema: - $ref: "#/components/schemas/Policy" example: - name: new policy - quota_max: 60 - quota_renewal_rate: 60 - allowance: 100 - rate: 100 - per: 5 - org_id: 53ac07777cbb8c2d53000002 + components: + securitySchemes: + bearerAuth: + description: The API Access Credentials + scheme: bearer + type: http + info: + description: This is a sample OAS. + title: OAS Sample + version: 1.0.0 + openapi: 3.0.3 + paths: + /api/sample/users: + get: + operationId: getUsers + responses: + "200": + content: + application/json: + schema: + items: + properties: + name: + type: string + type: object + type: array + description: fetched users + summary: Get users + tags: + - users + security: + - bearerAuth: [] + servers: + - url: https://localhost:8080 + schema: + $ref: https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json responses: - '200': - description: Policy created + "200": content: application/json: - schema: - $ref: '#/components/schemas/apiModifyKeySuccess' example: - action: created + action: added + key: e30bee13ad4248c3b529a4c58bb7be4e status: ok - '400': - description: Bad Request + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: API imported. + "400": content: application/json: - schema: - $ref: '#/components/schemas/apiStatusMessage' example: - message: Request malformed + message: the import payload should not contain x-tyk-api-gateway status: error - '500': - description: Internal server error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": content: application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error schema: - $ref: '#/components/schemas/apiStatusMessage' + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "500": + content: + application/json: example: - message: Failed to create file! + message: file object creation failed, write error status: error - '/tyk/policies/{polID}': - parameters: - - description: The policy ID - name: polID + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Import an API in Tyk OAS format. + tags: + - Tyk OAS APIs + /tyk/cache/{apiID}: + delete: + description: Invalidate cache for the given API. + operationId: invalidateCache + parameters: + - description: The API ID. + example: ae67bb862a3241a49117508e0f9ee839 in: path + name: apiID required: true schema: type: string - get: - summary: Get a Policy - description: You can retrieve details of a single policy by ID in your Tyk instance. Returns an array policies. - tags: - - Policies - operationId: getPolicy responses: - '200': - description: Get details of a single Policy + "200": content: application/json: + example: + message: cache invalidated + status: ok schema: - $ref: "#/components/schemas/Policy" - '404': - description: Policy not found + $ref: '#/components/schemas/ApiStatusMessage' + description: Cache invalidated. + "403": content: application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error schema: - $ref: '#/components/schemas/apiStatusMessage' + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "500": + content: + application/json: example: - message: Policy not found + message: Cache invalidation failed. status: error - put: - summary: Update a Policy - description: You can update a Policy in your Tyk Instance by ID + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Invalidate cache. tags: - - Policies - operationId: updatePolicy + - Cache Invalidation + /tyk/certs: + get: + description: List all certificates in the Tyk Gateway. + operationId: listCerts + parameters: + - description: Organisation ID to list the certificates. + example: 5e9d9544a1dcd60001d0ed20 + in: query + name: org_id + required: false + schema: + type: string + - description: Mode to list the certificate details. + example: detailed + in: query + name: mode + required: false + schema: + enum: + - detailed + type: string + responses: + "200": + content: + application/json: + examples: + certIdList: + $ref: '#/components/examples/certIdList' + certificateBasicList: + $ref: '#/components/examples/certificateBasicList' + schema: + oneOf: + - $ref: '#/components/schemas/APIAllCertificateBasics' + - $ref: '#/components/schemas/APIAllCertificates' + description: OK + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + summary: List certificates. + tags: + - Certs + post: + description: Add a certificate to the Tyk Gateway. + operationId: addCert + parameters: + - description: Organisation ID to add the certificate to. + example: 5e9d9544a1dcd60001d0ed20 + in: query + name: org_id + required: false + schema: + type: string requestBody: content: - application/json: + text/plain: schema: - $ref: "#/components/schemas/Policy" - example: - name: new policy - quota_max: 60 - quota_renewal_rate: 60 - allowance: 100 - rate: 100 - per: 5 - org_id: 53ac07777cbb8c2d53000002 + type: string responses: - '200': - description: Policy updated + "200": content: application/json: - schema: - $ref: '#/components/schemas/apiModifyKeySuccess' example: - action: updated + id: 5e9d9544a1dcd60001d0ed207c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90 + message: Certificate added status: ok - '400': - description: Bad Request + schema: + $ref: '#/components/schemas/APICertificateStatusMessage' + description: New certificate added. + "403": content: application/json: - schema: - $ref: '#/components/schemas/apiStatusMessage' example: - message: PUT operation on different IDs + message: Certificate with ID already exists. status: error - '500': - description: Internal server error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: When certificates you send already exist in the gateway. + "405": content: application/json: - schema: - $ref: '#/components/schemas/apiStatusMessage' example: - message: Failed to create file! + message: Malformed request body status: error - delete: - summary: Delete a Policy - description: Delete a policy by ID in your Tyk instance. + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Malformed request body. + summary: Add a certificate. tags: - - Policies - operationId: deletePolicy + - Certs + /tyk/certs/{certID}: + delete: + description: Delete certificate by ID. + operationId: deleteCerts + parameters: + - description: Certificate ID to be deleted. + example: 5e9d9544a1dcd60001d0ed20a6ab77653d5da938f452bb8cc9b55b0630a6743dabd8dc92bfb025abb09ce035 + in: path + name: certID + required: true + schema: + type: string + - description: Organisation ID to delete the certificates from. + example: 5e9d9544a1dcd60001d0ed20 + in: query + name: org_id + required: false + schema: + type: string responses: - '200': - description: Delete policy by ID + "200": content: application/json: - schema: - $ref: '#/components/schemas/apiModifyKeySuccess' example: - action: deleted + message: removed status: ok - '500': - description: Internal server error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Deleted certificate. + "403": content: application/json: - schema: - $ref: '#/components/schemas/apiStatusMessage' example: - message: Delete failed + message: Attempted administrative access with invalid or missing key! status: error - '/tyk/oauth/clients/create': - post: - summary: Create new OAuth client - description: Any OAuth keys must be generated with the help of a client ID. These need to be pre-registered with Tyk before they can be used (in a similar vein to how you would register your app with Twitter before attempting to ask user permissions using their API). -

-

Creating OAuth clients with Access to Multiple APIs

- New from Tyk Gateway 2.6.0 is the ability to create OAuth clients with access to more than one API. If you provide the api_id it works the same as in previous releases. If you don't provide the api_id the request uses policy access rights and enumerates APIs from their setting in the newly created OAuth-client. - - + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + summary: Delete certificate. tags: - - OAuth - operationId: createOAuthClient - requestBody: - content: - application/json: - schema: - $ref: "#/components/schemas/NewClientRequest" - example: - client_id: test - api_id: id - policy_id: policy + - Certs + get: + description: |- + Note that the certID path parameter can take a list of certIDs separated with commas (e.g /tyk/certs/certIDOne,certIDTwo). + If you send a single certID it will return a single CertificateMeta object otherwise if you send more than two certIDs is will return an array of certificateMeta objects. + operationId: listCertsWithIDs + parameters: + - description: Comma separated list of certificates to list. + example: e6ce2b49-3e31-44de-95a7-12f054724283,5e9d9544a1dcd60001d0ed20a6ab77653d5da938f452bb8cc9b55b0630a6743dabd8dc92bfb025abb09ce035 + in: path + name: certID + required: true + schema: + type: string responses: - '200': - description: Client created + "200": content: application/json: + examples: + certificateMetaExample: + $ref: '#/components/examples/certificateMetaExample' + certificateMetaListExample: + $ref: '#/components/examples/certificateMetaListExample' schema: - $ref: '#/components/schemas/NewClientRequest' - example: - client_id: test - api_id: id - policy_id: policy - '/tyk/oauth/clients/{apiID}': - put: - summary: Update OAuth metadata and Policy ID - description: Allows you to update the metadata and Policy ID for an OAuth client. - tags: - - OAuth - operationId: updateoAuthClient - parameters: - - description: The API ID - name: apiID - in: path - required: true - schema: - type: string - responses: - '200': - description: OAuth client metadata updated + oneOf: + - $ref: '#/components/schemas/CertsCertificateMeta' + - items: + $ref: '#/components/schemas/CertsCertificateMeta' + nullable: true + type: array + description: OK + "403": content: application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error schema: - type: array - items: - $ref: '#/components/schemas/NewClientRequest' - get: - summary: List oAuth clients - description: OAuth Clients are organised by API ID, and therefore are queried as such. - tags: - - OAuth - operationId: listOAuthClients - parameters: - - description: The API ID - name: apiID - in: path - required: true - schema: - type: string - responses: - '200': - description: Get OAuth client details or a list of OAuth clients + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": content: application/json: + example: + message: Certificate with given SHA256 fingerprint not found. + status: error schema: - type: array - items: - $ref: '#/components/schemas/NewClientRequest' - '/tyk/oauth/clients/{apiID}/{keyName}': - get: - summary: Get OAuth client + $ref: '#/components/schemas/ApiStatusMessage' + description: Not Found + summary: Return one certificate or list multiple certificates in the Tyk Gateway + given a comma separated list of cert IDs. tags: - - OAuth - operationId: getOAuthClient - parameters: - - description: The API ID - name: apiID - in: path - required: true - schema: - type: string - minimum: 1 - - description: The Client ID - name: keyName - in: path - required: true - schema: - type: string + - CertsTag + /tyk/debug: + post: + description: Used to test API definition by sending sample request and analysing + output of both response and logs. + operationId: debugApiDefinition + requestBody: + content: + application/json: + example: + request: + method: GET + path: /update-listen-path + spec: + api_id: b84fe1a04e5648927971c0557971565c + auth: + auth_header_name: authorization + definition: + key: version + location: header + name: Tyk Test API + org_id: 664a14650619d40001f1f00f + proxy: + listen_path: /tyk-api-test/ + strip_listen_path: true + target_url: https://httpbin.org + use_oauth2: true + version_data: + not_versioned: true + versions: + Default: + name: Default + schema: + $ref: '#/components/schemas/TraceRequest' responses: - '200': - description: Get OAuth client details or a list of OAuth clients + "200": content: application/json: - schema: - $ref: '#/components/schemas/NewClientRequest' example: - client_id: test - api_id: id - policy_id: policy - delete: - summary: Delete OAuth client - description: Please note that tokens issued with the client ID will still be valid until they expire. - tags: - - OAuth - operationId: deleteOAuthClient - parameters: - - description: The API ID - name: apiID - in: path - required: true - schema: - type: string - minimum: 1 - - description: The Client ID - name: keyName - in: path - required: true - schema: - type: string - responses: - '200': - description: OAuth client deleted + logs: '{"level":"warning","msg":"Legacy path detected! Upgrade to + extended....' + message: ok + response: "====== Request ======\nGET / HTTP/1.1\r\nHost: httpbin.org\r\n\r\n\n====== + Response..." + schema: + $ref: '#/components/schemas/TraceResponse' + description: Success tracing request. + "400": content: application/json: - schema: - $ref: '#/components/schemas/apiModifyKeySuccess' example: - action: deleted - status: ok - '/tyk/oauth/clients/{apiID}/{keyName}/tokens': - get: - summary: List tokens - description: This endpoint allows you to retrieve a list of all current tokens and their expiry date for a provided API ID and OAuth-client ID in the following format. This endpoint will work only for newly created tokens. -
-
- You can control how long you want to store expired tokens in this list using `oauth_token_expired_retain_period` gateway option, which specifies retain period for expired tokens stored in Redis. By default expired token not get removed. See here for more details. - tags: - - OAuth - operationId: getOAuthClientTokens - parameters: - - description: The API ID - name: apiID - in: path - required: true - schema: - type: string - minimum: 1 - - description: The Client ID - name: keyName - in: path - required: true - schema: - type: string - responses: - '200': - description: Get a list of tokens + message: Request malformed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": content: application/json: - schema: - type: array - items: - type: string example: - - "tok1" - - "tok2" - '/tyk/oauth/revoke': - post: - description: revoke a single token - summary: revoke token - requestBody: - required: true - content: - application/x-www-form-urlencoded: - schema: - type: object - properties: - token: - description: token to be revoked - type: string - client_id: - description: id of oauth client - type: string - token_type_hint: - description: type of token to be revoked, if sent then the accepted values are access_token and refresh_token. String value and optional, of not provided then it will attempt to remove access and refresh tokens that matchs - type: string - example: - token: eyJvcmciOiI1ZTIwOTFjNGQ0YWVmY2U2MGMwNGZiOTIiLCJpZCI6ImJlMjlhYjVkODc1OTRhZDJhYTBhNjAwNzFlNzE1ZmQxIiwiaCI6Im11cm11cjY0In0= - client_id: 411f0800957c4a3e81fe181141dbc22a - tags: - - OAuth - operationId: revokeSingleToken - responses: - '200': - description: Succesful response - '/tyk/oauth/revoke_all': - post: - description: revoke all the tokens for a given oauth client - summary: revoke all client's tokens - requestBody: - required: true - content: - application/x-www-form-urlencoded: - schema: - type: object - properties: - client_id: - description: id of oauth client - type: string - client_secret: - description: OAuth client secret to ensure that its a valid operation - type: string - example: - client_id: 411f0800957c4a3e81fe181141dbc22a - client_secret: N2Y0YjgzMjctMTEwNi00YWExLWJjM2MtYjg1NWZhM2M1NmNj - tags: - - OAuth - operationId: revokeAllTokens - responses: - '200': - description: Succesful response - '400': - description: Bad request, form malformed or client secret and client id doesn't match - '404': - description: oauth client doesn't have any api related - - '/tyk/oauth/refresh/{keyName}': - delete: - summary: Invalidate OAuth refresh token - description: It is possible to invalidate refresh tokens in order to manage OAuth client access more robustly. - tags: - - OAuth - operationId: invalidateOAuthRefresh - parameters: - - description: The API id - name: api_id - in: query - required: true - schema: - type: string - - description: Refresh token - name: keyName - in: path - required: true - schema: - type: string - responses: - '200': - description: Deleted + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "500": content: application/json: + example: + message: 'Unexpected failure:' + status: error schema: - $ref: '#/components/schemas/apiModifyKeySuccess' - '/tyk/oauth/authorize-client/': - post: - description: With the OAuth flow you will need to create authorisation or access tokens for your clients, in order to do this, Tyk provides a private API endpoint for your application to generate these codes and redirect the end-user back to the API Client. - summary: Authorize client - requestBody: - required: true - content: - application/x-www-form-urlencoded: - schema: - type: object - properties: - response_type: - description: Should be provided by requesting client as part of authorisation request, this should be either `code` or `token` depending on the methods you have specified for the API. - type: string - client_id: - description: Should be provided by requesting client as part of authorisation request. The Client ID that is making the request. - type: string - redirect_uri: - description: Should be provided by requesting client as part of authorisation request. Must match with the record stored with Tyk. - type: string - key_rules: - description: A string representation of a Session Object (form-encoded). This should be provided by your application in order to apply any quotas or rules to the key. - type: string - example: - response_type: code - client_id: 21e2baf424674f6461faca6d45285bbb - redirect_uri: http%3A%2F%2Foauth.com%2Fredirect - key_rules: '%7B+++++%22allowance%22%3A+999%2C+++++%22rate%22%3A+1000%2C+++++%22per%22%3A+60%2C+++++%22expires%22%3A+0%2C+++++%22quota_max%22%3A+-1%2C+++++%22quota_renews%22%3A+1406121006%2C+++++%22quota_remaining%22%3A+0%2C+++++%22quota_renewal_rate%22%3A+60%2C+++++%22access_rights%22%3A+%7B+++++++++%22528a67c1ac9940964f9a41ae79235fcc%22%3A+%7B+++++++++++++%22api_name%22%3A+%22OAuth+Test+API%22%2C+++++++++++++%22api_id%22%3A+%22528a67c1ac9940964f9a41ae79235fcc%22%2C+++++++++++++%22versions%22%3A+%5B+++++++++++++++++%22Default%22+++++++++++++%5D+++++++++%7D+++++%7D%2C+++++%22org_id%22%3A+%2253ac07777cbb8c2d53000002%22+%7D' + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Test an an API definition. tags: - - OAuth - operationId: authorizeClient + - Debug + /tyk/keys: + get: + description: List all the API keys. + operationId: listKeys responses: - '200': - description: Succesful response + "200": content: application/json: schema: - type: object - example: - code: MWY0ZDRkMzktOTYwNi00NDRiLTk2YmQtOWQxOGQ3Mjc5Yzdk - redirect_to: 'http://client-app.com/oauth-redirect/?code=MWY0ZDRkMzktOTYwNi00NDRiLTk2YmQtOWQxOGQ3Mjc5Yzdk' - '/tyk/org/keys': - get: - summary: List Organisation Keys - description: |- - You can now set rate limits at the organisation level by using the following fields - allowance and rate. These are the number of allowed requests for the specified per value, and need to be set to the same value. If you don't want to have organisation level rate limiting, set 'rate' or 'per' to zero, or don't add them to your request. - tags: - - Organisation Quotas - operationId: listOrgKeys - responses: - '200': - description: List of all API keys + $ref: '#/components/schemas/ApiAllKeys' + description: List of all API keys. + "403": content: application/json: schema: - type: object - properties: - keys: - type: array - items: - type: string - example: - keys: - - "key1" - - "key2" - '/tyk/org/keys/{keyID}': - parameters: - - description: The Key ID - name: keyID - in: path - required: true - schema: - type: string - get: - summary: Get an Organisation Key - description: Get session info about specified orgnanisation key. Should return up to date rate limit and quota usage numbers. - tags: - - Organisation Quotas - operationId: getOrgKey - responses: - '200': - description: Key object + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": content: application/json: schema: - $ref: '#/components/schemas/SessionState' + $ref: '#/components/schemas/ApiStatusMessage' + description: Disabled hashed key listing. + summary: List keys. + tags: + - Keys post: - summary: Create an organisation key description: |- - This work similar to Keys API except that Key ID is always equals Organisation ID - tags: - - Organisation Quotas - operationId: addOrgKey + Tyk will generate the access token based on the OrgID specified in the API Definition and a random UUID. This ensures that keys can be owned by different API Owners should segmentation be needed at an organisational level. +

+ API keys without access_rights data will be written to all APIs on the system (this also means that they will be created across all SessionHandlers and StorageHandlers, it is recommended to always embed access_rights data in a key to ensure that only targeted APIs and their back-ends are written to. + operationId: addKey + parameters: + - description: When set to true the key_hash returned will be similar to the + un-hashed key name. + example: true + in: query + name: hashed + required: false + schema: + enum: + - true + - false + type: boolean requestBody: content: application/json: - schema: - $ref: "#/components/schemas/SessionState" example: - quota_max: 60 - quota_renews: 1406121006 - quota_renewal_rate: 60 - allowance: 100 - rate: 100 - per: 5 - org_id: 53ac07777cbb8c2d53000002 + access_rights: + itachi-api: + allowed_urls: + - methods: + - GET + url: /users + api_id: 8ddd91f3cda9453442c477b06c4e2da4 + api_name: Itachi api + limit: + per: 60 + quota_max: 10000 + quota_remaining: 10000 + quota_renewal_rate: 3600 + rate: 1000 + throttle_interval: 10 + throttle_retry_limit: 10 + versions: + - Default + alias: portal-key + allowance: 1000 + apply_policies: + - 5ead7120575961000181867e + date_created: "2024-08-09T14:40:34.87614+03:00" + enable_detailed_recording: true + last_updated: "1723203634" + meta_data: + new-update-key-sample: update-key-sample + tyk_developer_id: 62b3fb9a1d5e4f00017226f5 + update: sample policy update + user_type: mobile_user + org_id: 5e9d9544a1dcd60001d0ed20 + per: 60 + quota_max: 10000 + quota_renewal_rate: 3600 + quota_renews: 1.723207234e+09 + rate: 1000 + tags: + - security + - edge + - edge-eu + throttle_interval: 10 + throttle_retry_limit: 10 + schema: + $ref: '#/components/schemas/SessionState' responses: - '200': - description: New Key added + "200": content: application/json: - schema: - $ref: '#/components/schemas/apiModifyKeySuccess' example: - action: created - key: '{...KEY JSON definition...}' + action: added + key: 5e9d9544a1dcd60001d0ed20a2290376f89846b798b7e5197584ef6d status: ok - put: - summary: Update Organisation Key - description: |- - This work similar to Keys API except that Key ID is always equals Organisation ID - - For Gateway v2.6.0 onwards, you can now set rate limits at the organisation level by using the following fields - allowance and rate. These are the number of allowed requests for the specified per value, and need to be set to the same value. If you don't want to have organisation level rate limiting, set `rate` or `per` to zero, or don't add them to your request. - tags: - - Organisation Quotas - operationId: updateOrgKey - requestBody: - content: - application/json: - schema: - $ref: "#/components/schemas/SessionState" - example: - quota_max: 60 - quota_renews: 1406121006 - quota_renewal_rate: 60 - allowance: 100 - rate: 100 - per: 5 - org_id: 53ac07777cbb8c2d53000002 - parameters: - - description: |- - Adding the `reset_quota` parameter and setting it to 1, will cause Tyk reset the organisations quota in the live quota manager, it is recommended to use this mechanism to reset organisation-level access if a monthly subscription is in place. - name: reset_quota - in: query - required: false - schema: - type: string - enum: ["1"] - responses: - '200': - description: Key updated + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: New key added. + "400": content: application/json: - schema: - $ref: '#/components/schemas/apiModifyKeySuccess' example: - action: updated - status: ok - delete: - summary: Delete Organisation Key - description: Deleting a key will remove all limits from organisation. It does not affects regualar keys created within organisation. - tags: - - Organisation Quotas - operationId: deleteOrgKey - responses: - '200': - description: Key deleted + message: Request malformed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": content: application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error schema: - $ref: '#/components/schemas/apiStatusMessage' + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "500": + content: + application/json: example: - action: Key deleted - status: ok - '/{listen_path}/tyk/batch': - parameters: - - name: listen_path + message: Failed to create key, ensure security settings are correct. + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Create a key. + tags: + - Keys + /tyk/keys/{keyID}: + delete: + description: Deleting a key will remove it permanently from the system, however + analytics relating to that key will still be available. + operationId: deleteKey + parameters: + - description: Use the hash of the key as input instead of the full key. + example: false + in: query + name: hashed + required: false + schema: + enum: + - true + - false + type: boolean + - description: The key ID. + example: 5e9d9544a1dcd60001d0ed20e7f75f9e03534825b7aef9df749582e5 in: path + name: keyID required: true - description: "API listen path" schema: type: string - post: - summary: Run batch request - tags: - - Batch requests - operationId: batch responses: - '200': - description: Success + "200": content: application/json: + example: + action: deleted + key: 5e9d9544a1dcd60001d0ed20e7f75f9e03534825b7aef9df749582e5 + status: ok schema: - $ref: '#/components/schemas/apiStatusMessage' - '/tyk/schema': - get: - description: |- - Get OAS schema - tags: - - Schema - operationId: getSchema - parameters: - - description: The OAS version - name: oasVersion - in: query - schema: - type: string - responses: - '200': - description: OAS schema response + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: Key deleted. + "400": content: application/json: - schema: - $ref: '#/components/schemas/OASSchemaResponse' example: - status: Success - schema: - '400': - description: The response when the parameter oasVersion is missing + message: Failed to remove the key + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": content: application/json: - schema: - $ref: '#/components/schemas/OASSchemaResponse' example: - message: 'Should provide a value for parameter oasVersion' - status: 'Failed' - '404': - description: The response when the requested OAS schema is not found + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": content: application/json: - schema: - $ref: '#/components/schemas/OASSchemaResponse' example: - message: 'Schema not found for version 5.0.0' - status: 'Failed' - -components: - responses: - parameterBodies: - content: - application/json: - schema: - $ref: '#/components/schemas/OAuthClientToken' - description: parameterBodies - schemas: - APIDefinition: + message: There is no such key found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Key not found. + summary: Delete a key. + tags: + - Keys + get: + description: Get session info about the specified key. Should return up to date + rate limit and quota usage numbers. + operationId: getKey + parameters: + - description: Use the hash of the key as input instead of the full key. + example: true + in: query + name: hashed + required: false + schema: + enum: + - true + - false + type: boolean + - description: The key ID. + example: 5e9d9544a1dcd60001d0ed20e7f75f9e03534825b7aef9df749582e5 + in: path + name: keyID + required: true + schema: + type: string + responses: + "200": + content: + application/json: + example: + access_rights: + itachi-api: + allowed_urls: + - methods: + - GET + url: /users + api_id: 8ddd91f3cda9453442c477b06c4e2da4 + api_name: Itachi api + limit: + per: 60 + quota_max: 10000 + quota_remaining: 10000 + quota_renewal_rate: 3600 + rate: 1000 + throttle_interval: 10 + throttle_retry_limit: 10 + versions: + - Default + alias: portal-key + allowance: 1000 + apply_policies: + - 5ead7120575961000181867e + date_created: "2024-08-09T14:40:34.87614+03:00" + enable_detailed_recording: true + last_updated: "1723203634" + meta_data: + new-update-key-sample: update-key-sample + tyk_developer_id: 62b3fb9a1d5e4f00017226f5 + update: sample policy update + user_type: mobile_user + org_id: 5e9d9544a1dcd60001d0ed20 + per: 60 + quota_max: 10000 + quota_renewal_rate: 3600 + quota_renews: 1.723207234e+09 + rate: 1000 + tags: + - security + - edge + - edge-eu + throttle_interval: 10 + throttle_retry_limit: 10 + schema: + $ref: '#/components/schemas/SessionState' + description: Key fetched. + "400": + content: + application/json: + example: + message: Key requested by hash but key hashing is not enabled. + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: Key not found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Key not found. + summary: Get a key with ID. + tags: + - Keys + post: + description: You can use this endpoint to import existing keys into Tyk or to + create a new custom key. + operationId: createCustomKey + parameters: + - description: Adding the suppress_reset parameter and setting it to 1, will + cause Tyk not to reset the quota limit that is in the current live quota + manager. By default Tyk will reset the quota in the live quota manager (initialising + it) when adding a key. Adding the `suppress_reset` flag to the URL parameters + will avoid this behaviour. + example: "1" + in: query + name: suppress_reset + required: false + schema: + enum: + - "1" + type: string + - description: When set to true the key_hash returned will be similar to the + un-hashed key name. + example: true + in: query + name: hashed + required: false + schema: + enum: + - true + - false + type: boolean + - description: Name to give the custom key. + example: customKey + in: path + name: keyID + required: true + schema: + type: string + requestBody: + content: + application/json: + example: + access_rights: + itachi-api: + allowed_urls: + - methods: + - GET + url: /users + api_id: 8ddd91f3cda9453442c477b06c4e2da4 + api_name: Itachi api + limit: + per: 60 + quota_max: 10000 + quota_remaining: 10000 + quota_renewal_rate: 3600 + rate: 1000 + throttle_interval: 10 + throttle_retry_limit: 10 + versions: + - Default + alias: portal-key + allowance: 1000 + apply_policies: + - 5ead7120575961000181867e + date_created: "2024-08-09T14:40:34.87614+03:00" + enable_detailed_recording: true + last_updated: "1723203634" + meta_data: + new-update-key-sample: update-key-sample + tyk_developer_id: 62b3fb9a1d5e4f00017226f5 + update: sample policy update + user_type: mobile_user + org_id: 5e9d9544a1dcd60001d0ed20 + per: 60 + quota_max: 10000 + quota_renewal_rate: 3600 + quota_renews: 1.723207234e+09 + rate: 1000 + tags: + - security + - edge + - edge-eu + throttle_interval: 10 + throttle_retry_limit: 10 + schema: + $ref: '#/components/schemas/SessionState' + responses: + "200": + content: + application/json: + example: + action: added + key: 5e9d9544a1dcd60001d0ed20customKey + status: ok + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: New custom key added. + "400": + content: + application/json: + example: + message: Request malformed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "500": + content: + application/json: + example: + message: Failed to create key, ensure security settings are correct. + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Create custom key / Import key + tags: + - Keys + put: + description: ' You can also manually add keys to Tyk using your own key-generation + algorithm. It is recommended that when using this approach to ensure that + the OrgID being used in the API Definition and the key data is blank so that + Tyk does not try to prepend or manage the key in any way.' + operationId: updateKey + parameters: + - description: Adding the suppress_reset parameter and setting it to 1 will + cause Tyk not to reset the quota limit that is in the current live quota + manager. By default Tyk will reset the quota in the live quota manager (initialising + it) when adding a key. Adding the `suppress_reset` flag to the URL parameters + will avoid this behaviour. + example: "1" + in: query + name: suppress_reset + required: false + schema: + enum: + - "1" + type: string + - description: When set to true the key_hash returned will be similar to the + un-hashed key name. + example: true + in: query + name: hashed + required: false + schema: + enum: + - true + - false + type: boolean + - description: ID of the key you want to update. + example: 5e9d9544a1dcd60001d0ed20766d9a6ec6b4403b93a554feefef4708 + in: path + name: keyID + required: true + schema: + type: string + requestBody: + content: + application/json: + example: + access_rights: + itachi-api: + allowed_urls: + - methods: + - GET + url: /users + api_id: 8ddd91f3cda9453442c477b06c4e2da4 + api_name: Itachi api + limit: + per: 60 + quota_max: 10000 + quota_remaining: 10000 + quota_renewal_rate: 3600 + rate: 1000 + throttle_interval: 10 + throttle_retry_limit: 10 + versions: + - Default + alias: portal-key + allowance: 1000 + apply_policies: + - 5ead7120575961000181867e + date_created: "2024-08-09T14:40:34.87614+03:00" + enable_detailed_recording: true + last_updated: "1723203634" + meta_data: + new-update-key-sample: update-key-sample + tyk_developer_id: 62b3fb9a1d5e4f00017226f5 + update: sample policy update + user_type: mobile_user + org_id: 5e9d9544a1dcd60001d0ed20 + per: 60 + quota_max: 10000 + quota_renewal_rate: 3600 + quota_renews: 1.723207234e+09 + rate: 1000 + tags: + - security + - edge + - edge-eu + - update-sample-tag + throttle_interval: 10 + throttle_retry_limit: 10 + schema: + $ref: '#/components/schemas/SessionState' + responses: + "200": + content: + application/json: + example: + action: modified + key: 5e9d9544a1dcd60001d0ed20766d9a6ec6b4403b93a554feefef4708 + status: ok + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: Key updated. + "400": + content: + application/json: + example: + message: Request malformed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: Key is not found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Key not found. + "500": + content: + application/json: + example: + message: Failed to create key, ensure security settings are correct. + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Update key. + tags: + - Keys + /tyk/keys/create: + post: + description: Create a key. + operationId: createKey + requestBody: + content: + application/json: + example: + access_rights: + itachi-api: + allowed_urls: + - methods: + - GET + url: /users + api_id: 8ddd91f3cda9453442c477b06c4e2da4 + api_name: Itachi api + limit: + per: 60 + quota_max: 10000 + quota_remaining: 10000 + quota_renewal_rate: 3600 + rate: 1000 + throttle_interval: 10 + throttle_retry_limit: 10 + versions: + - Default + alias: portal-key + allowance: 1000 + apply_policies: + - 5ead7120575961000181867e + date_created: "2024-08-09T14:40:34.87614+03:00" + enable_detailed_recording: true + last_updated: "1723203634" + meta_data: + new-update-key-sample: update-key-sample + tyk_developer_id: 62b3fb9a1d5e4f00017226f5 + update: sample policy update + user_type: mobile_user + org_id: 5e9d9544a1dcd60001d0ed20 + per: 60 + quota_max: 10000 + quota_renewal_rate: 3600 + quota_renews: 1.723207234e+09 + rate: 1000 + tags: + - security + - edge + - edge-eu + throttle_interval: 10 + throttle_retry_limit: 10 + schema: + $ref: '#/components/schemas/SessionState' + responses: + "200": + content: + application/json: + example: + action: added + key: 5e9d9544a1dcd60001d0ed207eb558517c3c48fb826c62cc6f6161eb + status: ok + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: Key created. + "400": + content: + application/json: + example: + message: Failed to create key, keys must have at least one Access + Rights record set. + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: No access right. + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "500": + content: + application/json: + example: + message: Unmarshalling failed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Malformed body. + summary: Create a key. + tags: + - Keys + /tyk/keys/policy/{keyID}: + post: + description: This will set policies to a hashed key. + operationId: setPoliciesToHashedKey + parameters: + - description: Name to give the custom key. + example: 5e9d9544a1dcd60001d0ed207eb558517c3c48fb826c62cc6f6161eb + in: path + name: keyID + required: true + schema: + type: string + requestBody: + content: + application/json: + example: + apply_policies: + - 5ead7120575961000181867e + policy: "" + schema: + $ref: '#/components/schemas/PolicyUpdateObj' + responses: + "200": + content: + application/json: + example: + action: updated + key: 5e9d9544a1dcd60001d0ed207eb558517c3c48fb826c62cc6f6161eb + status: ok + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: Updated hashed key. + "400": + content: + application/json: + example: + message: Couldn't decode instruction + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Malformed request body. + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: Key not found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Key not found. + "500": + content: + application/json: + example: + message: Could not write key data. + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Set policies for a hashed key. + tags: + - Keys + /tyk/keys/preview: + post: + description: This will check if the body of a key definition is valid. And return + a response with how the key would look like if you were to create it. + operationId: validateAKeyDefinition + requestBody: + content: + application/json: + example: + access_rights: + itachi-api: + allowed_urls: + - methods: + - GET + url: /users + api_id: 8ddd91f3cda9453442c477b06c4e2da4 + api_name: Itachi api + limit: + per: 60 + quota_max: 10000 + quota_remaining: 10000 + quota_renewal_rate: 3600 + rate: 1000 + throttle_interval: 10 + throttle_retry_limit: 10 + versions: + - Default + alias: portal-key + allowance: 1000 + apply_policies: + - 5ead7120575961000181867e + date_created: "2024-08-09T14:40:34.87614+03:00" + enable_detailed_recording: true + last_updated: "1723203634" + meta_data: + new-update-key-sample: update-key-sample + tyk_developer_id: 62b3fb9a1d5e4f00017226f5 + update: sample policy update + user_type: mobile_user + org_id: 5e9d9544a1dcd60001d0ed20 + per: 60 + quota_max: 10000 + quota_renewal_rate: 3600 + quota_renews: 1.723207234e+09 + rate: 1000 + tags: + - security + - edge + - edge-eu + throttle_interval: 10 + throttle_retry_limit: 10 + schema: + $ref: '#/components/schemas/SessionState' + responses: + "200": + content: + application/json: + example: + access_rights: + itachi-api: + allowed_urls: + - methods: + - GET + url: /users + api_id: 8ddd91f3cda9453442c477b06c4e2da4 + api_name: Itachi api + limit: + per: 60 + quota_max: 10000 + quota_remaining: 10000 + quota_renewal_rate: 3600 + rate: 1000 + throttle_interval: 10 + throttle_retry_limit: 10 + versions: + - Default + alias: portal-key + allowance: 1000 + apply_policies: + - 5ead7120575961000181867e + date_created: "2024-08-09T14:40:34.87614+03:00" + enable_detailed_recording: true + last_updated: "1723203634" + meta_data: + new-update-key-sample: update-key-sample + tyk_developer_id: 62b3fb9a1d5e4f00017226f5 + update: sample policy update + user_type: mobile_user + org_id: 5e9d9544a1dcd60001d0ed20 + per: 60 + quota_max: 10000 + quota_renewal_rate: 3600 + quota_renews: 1.723207234e+09 + rate: 1000 + tags: + - security + - edge + - edge-eu + throttle_interval: 10 + throttle_retry_limit: 10 + schema: + $ref: '#/components/schemas/SessionState' + description: Key definition is valid. + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "500": + content: + application/json: + example: + message: Unmarshalling failed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: This will validate a key definition. + tags: + - Keys + /tyk/oauth/clients/{apiID}: + get: + description: OAuth Clients are organised by API ID, and therefore are queried + as such. + operationId: listOAuthClients + parameters: + - description: The API ID + example: 1bd5c61b0e694082902cf15ddcc9e6a7 + in: path + name: apiID + required: true + schema: + type: string + responses: + "200": + content: + application/json: + example: + - api_id: b84fe1a04e5648927971c0557971565c + client_id: 2a06b398c17f46908de3dffcb71ef87df + description: google client + meta_data: + user_id: 362b3fb9a1d5e4f00017226f5 + redirect_uri: https://httpbin.org/ip + secret: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0 + schema: + items: + $ref: '#/components/schemas/NewClientRequest' + type: array + description: Get OAuth client details or a list of OAuth clients + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + description: Api no found + summary: List oAuth clients + tags: + - OAuth + /tyk/oauth/clients/{apiID}/{keyName}: + delete: + description: Please note that tokens issued with the client ID will still be + valid until they expire. + operationId: deleteOAuthClient + parameters: + - description: The API id + example: b84fe1a04e5648927971c0557971565c + in: path + name: apiID + required: true + schema: + type: string + - description: The Client ID + example: 2a06b398c17f46908de3dffcb71ef87df + in: path + name: keyName + required: true + schema: + type: string + responses: + "200": + content: + application/json: + example: + action: deleted + key: 2a06b398c17f46908de3dffcb71ef87df + status: ok + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: OAuth client deleted + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: OAuth Client ID not found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Not found + "500": + content: + application/json: + example: + message: Delete failed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Delete OAuth client + tags: + - OAuth + get: + description: Get OAuth client details tied to an api + operationId: getOAuthClient + parameters: + - description: The API id + example: b84fe1a04e5648927971c0557971565c + in: path + name: apiID + required: true + schema: + type: string + - description: The Client ID + example: 2a06b398c17f46908de3dffcb71ef87df + in: path + name: keyName + required: true + schema: + type: string + responses: + "200": + content: + application/json: + example: + client_id: 2a06b398c17f46908de3dffcb71ef87df + description: changed description sample + meta_data: + user_id: 362b3fb9a1d5e4f00017226f5 + redirect_uri: https://httpbin.org/ip + secret: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0 + schema: + $ref: '#/components/schemas/NewClientRequest' + description: OAuth client details + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: OAuth Client ID not found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: OAuth Client not found + summary: Get OAuth client + tags: + - OAuth + put: + description: Allows you to update the metadata,redirecturi,description and Policy + ID for an OAuth client. + operationId: updateOAuthClient + parameters: + - description: The API id + example: b84fe1a04e5648927971c0557971565c + in: path + name: apiID + required: true + schema: + type: string + - description: The Client ID + example: 2a06b398c17f46908de3dffcb71ef87df + in: path + name: keyName + required: true + schema: + type: string + requestBody: + content: + application/json: + example: + api_id: b84fe1a04e5648927971c0557971565c + client_id: 2a06b398c17f46908de3dffcb71ef87df + description: changed description sample + meta_data: + user_id: 362b3fb9a1d5e4f00017226f5 + redirect_uri: https://httpbin.org/ip + secret: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0 + schema: + $ref: '#/components/schemas/NewClientRequest' + responses: + "200": + content: + application/json: + example: + client_id: 2a06b398c17f46908de3dffcb71ef87df + description: changed description sample + meta_data: + user_id: 362b3fb9a1d5e4f00017226f5 + redirect_uri: https://httpbin.org/ip + secret: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0 + schema: + $ref: '#/components/schemas/NewClientRequest' + description: OAuth client updated + "400": + content: + application/json: + example: + message: Policy access rights doesn't contain API this OAuth client + belongs to + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: API doesn't exist + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Not Found + "500": + content: + application/json: + example: + message: Unmarshalling failed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: malformed request body + summary: Update OAuth metadata,redirecturi,description and Policy ID + tags: + - OAuth + /tyk/oauth/clients/{apiID}/{keyName}/rotate: + put: + description: Generate a new secret + operationId: rotateOauthClient + parameters: + - description: The API id + example: b84fe1a04e5648927971c0557971565c + in: path + name: apiID + required: true + schema: + type: string + - description: The Client ID + example: 2a06b398c17f46908de3dffcb71ef87df + in: path + name: keyName + required: true + schema: + type: string + responses: + "200": + content: + application/json: + example: + client_id: 2a06b398c17f46908de3dffcb71ef87df + description: google client + meta_data: + user_id: 362b3fb9a1d5e4f00017226f5 + redirect_uri: https://httpbin.org/ip + secret: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0 + schema: + $ref: '#/components/schemas/NewClientRequest' + description: New secret has been created + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: API doesn't exist + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Not Found + "500": + content: + application/json: + example: + message: Failure in storing client data + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Rotate the oath client secret + tags: + - OAuth + /tyk/oauth/clients/{apiID}/{keyName}/tokens: + get: + description: |- + This endpoint allows you to retrieve a list of all current tokens and their expiry date for a provided API ID and OAuth-client ID .If page query parameter is sent the tokens will be paginated. This endpoint will work only for newly created tokens. +
+
+ You can control how long you want to store expired tokens in this list using `oauth_token_expired_retain_period` gateway option, which specifies retain period for expired tokens stored in Redis. By default expired token not get removed. See here for more details. + operationId: getOAuthClientTokens + parameters: + - description: The API id + example: b84fe1a04e5648927971c0557971565c + in: path + name: apiID + required: true + schema: + type: string + - description: The Client ID + example: 2a06b398c17f46908de3dffcb71ef87df + in: path + name: keyName + required: true + schema: + type: string + - description: Use page query parameter to say which page number you want returned. + example: 1 + in: query + name: page + required: false + schema: + default: 1 + type: integer + responses: + "200": + content: + application/json: + examples: + paginatedTokenExample: + $ref: '#/components/examples/paginatedTokenExample' + tokenListExample: + $ref: '#/components/examples/tokenListExample' + schema: + oneOf: + - $ref: '#/components/schemas/PaginatedOAuthClientTokens' + - items: + $ref: '#/components/schemas/OAuthClientToken' + nullable: true + type: array + description: Tokens returned successfully. + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: OAuth Client ID not found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: OAuth Client ID not found + "500": + content: + application/json: + example: + message: Get client tokens failed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: List tokens for a provided API ID and OAuth-client ID + tags: + - OAuth + /tyk/oauth/clients/apis/{appID}: + get: + description: Get all API IDs for APIs that have use_oauth2 enabled and use the + client_id (appID) specified in the path parameter for OAuth2. You can use + the org_id query parameter to specify from which organization you want the + API IDs to be returned. To return APIs from all organizations, send org_id + as an empty string. + operationId: getApisForOauthApp + parameters: + - description: The Client ID + example: 2a06b398c17f46908de3dffcb71ef87df + in: path + name: appID + required: true + schema: + type: string + - description: The Org Id + in: query + name: orgID + required: false + schema: + type: string + responses: + "200": + content: + application/json: + example: + - b84fe1a04e5648927971c0557971565c + schema: + items: + type: string + type: array + description: Return an array of apis ids + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + summary: Get API IDs for APIS that use the specified client_id(appID) for OAuth + tags: + - OAuth + /tyk/oauth/clients/create: + post: + description: | + Any OAuth keys must be generated with the help of a client ID. These need to be pre-registered with Tyk before they can be used (in a similar vein to how you would register your app with Twitter before attempting to ask user permissions using their API). +

+

Creating OAuth clients with Access to Multiple APIs

+ New from Tyk Gateway 2.6.0 is the ability to create OAuth clients with access to more than one API. If you provide the api_id it works the same as in previous releases. If you don't provide the api_id the request uses policy access rights and enumerates APIs from their setting in the newly created OAuth-client. + operationId: createOAuthClient + requestBody: + content: + application/json: + example: + api_id: b84fe1a04e5648927971c0557971565c + client_id: 2a06b398c17f46908de3dffcb71ef87df + description: google client + meta_data: + user_id: 362b3fb9a1d5e4f00017226f5 + redirect_uri: https://httpbin.org/ip + secret: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0 + schema: + $ref: '#/components/schemas/NewClientRequest' + responses: + "200": + content: + application/json: + example: + client_id: 2a06b398c17f46908de3dffcb71ef87df + description: google client + meta_data: + user_id: 362b3fb9a1d5e4f00017226f5 + redirect_uri: https://httpbin.org/ip + secret: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0 + schema: + $ref: '#/components/schemas/NewClientRequest' + description: Client created + "400": + content: + application/json: + example: + message: API doesn't exist + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Api Not found + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "500": + content: + application/json: + example: + message: Unmarshalling failed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Unmarshalling failed + summary: Create new OAuth client + tags: + - OAuth + /tyk/oauth/refresh/{keyName}: + delete: + description: It is possible to invalidate refresh tokens in order to manage + OAuth client access more robustly. + operationId: invalidateOAuthRefresh + parameters: + - description: The Client ID + example: 2a06b398c17f46908de3dffcb71ef87df + in: path + name: keyName + required: true + schema: + type: string + - description: The API id + example: b84fe1a04e5648927971c0557971565c + in: query + name: api_id + required: true + schema: + type: string + responses: + "200": + content: + application/json: + example: + action: deleted + key: 2a06b398c17f46908de3dffcb71ef87df + status: ok + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: Deleted + "400": + content: + application/json: + example: + message: Missing parameter api_id + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: missing api_Id query parameter + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: API for this refresh token not found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Not Found + "500": + content: + application/json: + example: + message: Failed to invalidate refresh token + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Invalidate OAuth refresh token + tags: + - OAuth + /tyk/oauth/revoke: + post: + description: revoke a single token + operationId: revokeSingleToken + requestBody: + content: + application/x-www-form-urlencoded: + schema: + properties: + client_id: + description: id of oauth client + example: 2a06b398c17f46908de3dffcb71ef87df + type: string + org_id: + example: 6492f66e6ebbc56c6a6bf022 + type: string + token: + description: token to be revoked + example: eyJvcmciOiI1ZTIwOTFjNGQ0YWVmY2U2MGMwNGZiOTIiLCJpZCI6IjIyODQ1NmFjNmJlMjRiMzI5MTIyOTdlODQ5NTc4NjJhIiwiaCI6Im11cm11cjY0In0= + type: string + token_type_hint: + description: type of token to be revoked, if sent then the accepted + values are access_token and refresh_token. String value and optional, + of not provided then it will attempt to remove access and refresh + tokens that matches + example: access_token + type: string + required: + - token + - client_id + type: object + description: token revoked successfully + responses: + "200": + content: + application/json: + example: + message: token revoked successfully + status: ok + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: token revoked + "400": + content: + application/json: + example: + message: cannot parse form. Form malformed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: malformed form data + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + summary: revoke token + tags: + - OAuth + /tyk/oauth/revoke_all: + post: + description: Revoke all the tokens for a given oauth client + operationId: revokeAllTokens + requestBody: + content: + application/x-www-form-urlencoded: + schema: + properties: + client_id: + description: id of oauth client + example: 2a06b398c17f46908de3dffcb71ef87df + type: string + client_secret: + description: OAuth client secret to ensure that its a valid operation + example: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0 + type: string + org_id: + example: 6492f66e6ebbc56c6a6bf022 + type: string + required: + - client_secret + - client_id + type: object + responses: + "200": + content: + application/json: + example: + message: tokens revoked successfully + status: ok + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: tokens revoked + "400": + content: + application/json: + example: + message: cannot parse form. Form malformed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "401": + content: + application/json: + example: + message: client_id is required + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: missing client id + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: oauth client doesn't exist + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: not found + summary: Revoke all client's tokens + tags: + - OAuth + /tyk/oauth/tokens: + delete: + description: Purge all lapsed OAuth token + operationId: purgeLapsedOAuthTokens + parameters: + - description: purge lapsed tokens + example: lapsed + in: query + name: scope + required: true + schema: + enum: + - lapsed + type: string + responses: + "200": + content: + application/json: + example: + message: lapsed tokens purged + status: ok + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: lapsed tokens purged successfully + "400": + content: + application/json: + example: + message: unknown scope + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Sending a value other than lapsed in scope query + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "422": + content: + application/json: + example: + message: scope parameter is required + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Missing lapsed query parameter + "500": + content: + application/json: + example: + message: error purging lapsed tokens + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Purge lapsed OAuth tokens + tags: + - OAuth + /tyk/org/keys: + get: + description: You can now set rate limits at the organisation level by using + the following fields - allowance and rate. These are the number of allowed + requests for the specified per value, and need to be set to the same value. + If you don't want to have organisation level rate limiting, set 'rate' or + 'per' to zero, or don't add them to your request. + operationId: listOrgKeys + parameters: + - description: Retrieves all keys starting with the specified filter(filter + is a prefix - e.g. default* or default will return all keys starting with + default like defaultbd,defaulttwo etc).We don't use filter for hashed keys + example: default* + in: query + name: filter + required: false + schema: + type: string + responses: + "200": + content: + application/json: + example: + keys: + - 5e9d9544a1dcd60001d0ed2008500e44fa644f939b640a4b8b4ea58c + schema: + $ref: '#/components/schemas/ApiAllKeys' + description: List of all org keys + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: ORG not found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: ORG not found + summary: List Organisation Keys + tags: + - Organisation Quotas + /tyk/org/keys/{keyID}: + delete: + description: Deleting a key will remove all limits from organisation. It does + not affects regular keys created within organisation. + operationId: deleteOrgKey + parameters: + - description: The Key ID + example: e389ae00a2b145feaf28d6cc11f0f86d + in: path + name: keyID + required: true + schema: + type: string + responses: + "200": + content: + application/json: + example: + action: deleted + key: e389ae00a2b145feaf28d6cc11f0f86d + status: ok + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: OK + "400": + content: + application/json: + example: + message: Failed to remove the key + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: Org not found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Org not found + summary: Delete Key + tags: + - Organisation Quotas + get: + description: Get session info about specified organisation key. Should return + up to date rate limit and quota usage numbers. + operationId: getOrgKey + parameters: + - description: The Org ID + example: 664a14650619d40001f1f00f + in: query + name: orgID + required: false + schema: + type: string + - description: The Key ID + example: e389ae00a2b145feaf28d6cc11f0f86d + in: path + name: keyID + required: true + schema: + type: string + responses: + "200": + content: + application/json: + example: + access_rights: + itachi-api: + allowed_urls: + - methods: + - GET + url: /users + api_id: 8ddd91f3cda9453442c477b06c4e2da4 + api_name: Itachi api + limit: + per: 60 + quota_max: 10000 + quota_remaining: 10000 + quota_renewal_rate: 3600 + rate: 1000 + throttle_interval: 10 + throttle_retry_limit: 10 + versions: + - Default + alias: portal-key + allowance: 1000 + apply_policies: + - 5ead7120575961000181867e + date_created: "2024-08-09T14:40:34.87614+03:00" + enable_detailed_recording: true + last_updated: "1723203634" + meta_data: + new-update-key-sample: update-key-sample + tyk_developer_id: 62b3fb9a1d5e4f00017226f5 + update: sample policy update + user_type: mobile_user + org_id: 5e9d9544a1dcd60001d0ed20 + per: 60 + quota_max: 10000 + quota_renewal_rate: 3600 + quota_renews: 1.723207234e+09 + rate: 1000 + tags: + - security + - edge + - edge-eu + throttle_interval: 10 + throttle_retry_limit: 10 + schema: + properties: + access_rights: + additionalProperties: + properties: + allowed_urls: + items: + properties: + methods: + items: + type: string + nullable: true + type: array + url: + type: string + type: object + nullable: true + type: array + api_id: + type: string + api_name: + type: string + limit: + properties: + per: + type: integer + quota_max: + type: integer + quota_remaining: + type: integer + quota_renewal_rate: + type: integer + rate: + type: integer + throttle_interval: + type: integer + throttle_retry_limit: + type: integer + type: object + versions: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: object + alias: + type: string + allowance: + type: integer + apply_policies: + items: + type: string + nullable: true + type: array + date_created: + format: date-time + type: string + enable_detailed_recording: + type: boolean + last_updated: + type: string + meta_data: + additionalProperties: + type: string + nullable: true + type: object + org_id: + type: string + per: + type: integer + quota_max: + type: integer + quota_renewal_rate: + type: integer + quota_renews: + type: integer + rate: + type: integer + tags: + items: + type: string + nullable: true + type: array + throttle_interval: + type: integer + throttle_retry_limit: + type: integer + type: object + description: OK + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: Org not found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Org not found + summary: Get an Organisation Key + tags: + - Organisation Quotas + post: + description: This work similar to Keys API except that Key ID is always equals + Organisation ID + operationId: addOrgKey + parameters: + - description: The Key ID + example: e389ae00a2b145feaf28d6cc11f0f86d + in: path + name: keyID + required: true + schema: + type: string + - description: Adding the reset_quota parameter and setting it to 1, will cause + Tyk reset the organisations quota in the live quota manager, it is recommended + to use this mechanism to reset organisation-level access if a monthly subscription + is in place. + example: "1" + in: query + name: reset_quota + required: false + schema: + enum: + - "1" + type: string + requestBody: + content: + application/json: + example: + access_rights: + itachi-api: + allowed_urls: + - methods: + - GET + url: /users + api_id: 8ddd91f3cda9453442c477b06c4e2da4 + api_name: Itachi api + limit: + per: 60 + quota_max: 10000 + quota_remaining: 10000 + quota_renewal_rate: 3600 + rate: 1000 + throttle_interval: 10 + throttle_retry_limit: 10 + versions: + - Default + alias: portal-key + allowance: 1000 + apply_policies: + - 5ead7120575961000181867e + date_created: "2024-08-09T14:40:34.87614+03:00" + enable_detailed_recording: true + last_updated: "1723203634" + meta_data: + new-update-key-sample: update-key-sample + tyk_developer_id: 62b3fb9a1d5e4f00017226f5 + update: sample policy update + user_type: mobile_user + org_id: 5e9d9544a1dcd60001d0ed20 + per: 60 + quota_max: 10000 + quota_renewal_rate: 3600 + quota_renews: 1.723207234e+09 + rate: 1000 + tags: + - security + - edge + - edge-eu + throttle_interval: 10 + throttle_retry_limit: 10 + schema: + $ref: '#/components/schemas/SessionState' + responses: + "200": + content: + application/json: + example: + action: added + key: e389ae00a2b145feaf28d6cc11f0f86d + status: ok + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: OK + "400": + content: + application/json: + example: + message: Request malformed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: No such organisation found in Active API list + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Not Found + "500": + content: + application/json: + example: + message: 'Error writing to key store ' + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Create an organisation key + tags: + - Organisation Quotas + put: + description: |- + This work similar to Keys API except that Key ID is always equals Organisation ID + + For Gateway v2.6.0 onwards, you can now set rate limits at the organisation level by using the following fields - allowance and rate. These are the number of allowed requests for the specified per value, and need to be set to the same value. If you don't want to have organisation level rate limiting, set `rate` or `per` to zero, or don't add them to your request. + operationId: updateOrgKey + parameters: + - description: Adding the reset_quota parameter and setting it to 1, will cause + Tyk reset the organisations quota in the live quota manager, it is recommended + to use this mechanism to reset organisation-level access if a monthly subscription + is in place. + example: "1" + in: query + name: reset_quota + required: false + schema: + enum: + - "1" + type: string + - description: The Key ID + example: e389ae00a2b145feaf28d6cc11f0f86d + in: path + name: keyID + required: true + schema: + type: string + requestBody: + content: + application/json: + example: + access_rights: + itachi-api: + allowed_urls: + - methods: + - GET + url: /users + api_id: 8ddd91f3cda9453442c477b06c4e2da4 + api_name: Itachi api + limit: + per: 60 + quota_max: 10000 + quota_remaining: 10000 + quota_renewal_rate: 3600 + rate: 1000 + throttle_interval: 10 + throttle_retry_limit: 10 + versions: + - Default + alias: portal-key + allowance: 1000 + apply_policies: + - 5ead7120575961000181867e + date_created: "2024-08-09T14:40:34.87614+03:00" + enable_detailed_recording: true + last_updated: "1723203634" + meta_data: + new-update-key-sample: update-key-sample + tyk_developer_id: 62b3fb9a1d5e4f00017226f5 + update: sample policy update + user_type: mobile_user + org_id: 5e9d9544a1dcd60001d0ed20 + per: 60 + quota_max: 10000 + quota_renewal_rate: 3600 + quota_renews: 1.723207234e+09 + rate: 1000 + tags: + - security + - edge + - edge-eu + - update-sample-tag + throttle_interval: 10 + throttle_retry_limit: 10 + schema: + $ref: '#/components/schemas/SessionState' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: OK + "400": + content: + application/json: + example: + message: Request malformed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Bad Request + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: No such organisation found in Active API list + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Not Found + "500": + content: + application/json: + example: + message: 'Error writing to key store ' + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Update Organisation Key + tags: + - Organisation Quotas + /tyk/policies: + get: + description: Retrieve all the policies in your Tyk instance. Returns an array + policies. + operationId: listPolicies + responses: + "200": + content: + application/json: + examples: + policiesExample: + $ref: '#/components/examples/policiesExample' + schema: + items: + $ref: '#/components/schemas/Policy' + type: array + description: List of all policies. + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + summary: List policies. + tags: + - Policies + post: + description: Create a policy in your Tyk Instance. + operationId: addPolicy + requestBody: + content: + application/json: + example: + access_rights: + itachi-api: + allowed_urls: + - methods: + - GET + url: /users + api_id: 8ddd91f3cda9453442c477b06c4e2da4 + api_name: Itachi api + disable_introspection: false + versions: + - Default + active: true + hmac_enabled: false + id: 5ead7120575961000181867e + is_inactive: false + key_expires_in: 2.592e+06 + max_query_depth: -1 + meta_data: + update: sample policy update + user_type: mobile_user + name: Sample policy + partitions: + acl: true + complexity: false + per_api: false + quota: true + rate_limit: true + per: 60 + quota_max: 10000 + quota_renewal_rate: 3600 + rate: 1000 + tags: + - security + throttle_interval: 10 + throttle_retry_limit: 10 + schema: + $ref: '#/components/schemas/Policy' + responses: + "200": + content: + application/json: + example: + action: added + key: 5ead7120575961000181867e + status: ok + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: Policy created. + "400": + content: + application/json: + example: + message: Request malformed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Malformed request. + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "500": + content: + application/json: + example: + message: Due to enabled service policy source, please use the Dashboard + API. + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Create a policy. + tags: + - Policies + /tyk/policies/{polID}: + delete: + description: Delete a policy by ID in your Tyk instance. + operationId: deletePolicy + parameters: + - description: You can retrieve details of a single policy by ID in your Tyk + instance. + example: 5ead7120575961000181867e + in: path + name: polID + required: true + schema: + type: string + responses: + "200": + content: + application/json: + example: + action: deleted + key: 5ead7120575961000181867e + status: ok + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: Deleted policy by ID + "400": + content: + application/json: + example: + message: Must specify an apiID to update + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Policy Id not provided + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "500": + content: + application/json: + example: + message: Delete failed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Delete a policy. + tags: + - Policies + get: + description: You can retrieve details of a single policy by ID in your Tyk instance. + operationId: getPolicy + parameters: + - description: You can retrieve details of a single policy by ID in your Tyk + instance. + example: 5ead7120575961000181867e + in: path + name: polID + required: true + schema: + type: string + responses: + "200": + content: + application/json: + example: + access_rights: + itachi-api: + allowed_urls: + - methods: + - GET + url: /users + api_id: 8ddd91f3cda9453442c477b06c4e2da4 + api_name: Itachi api + disable_introspection: false + versions: + - Default + active: true + hmac_enabled: false + id: 5ead7120575961000181867e + is_inactive: false + key_expires_in: 2.592e+06 + max_query_depth: -1 + meta_data: + update: sample policy update + user_type: mobile_user + name: Sample policy + partitions: + acl: true + complexity: false + per_api: false + quota: true + rate_limit: true + per: 60 + quota_max: 10000 + quota_renewal_rate: 3600 + rate: 1000 + tags: + - security + throttle_interval: 10 + throttle_retry_limit: 10 + schema: + $ref: '#/components/schemas/Policy' + description: Get details of a single policy. + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: Policy not found + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Policy not found + summary: Get a policy. + tags: + - Policies + put: + description: You can update a Policy in your Tyk Instance by ID. + operationId: updatePolicy + parameters: + - description: You can retrieve details of a single policy by ID in your Tyk + instance. + example: 5ead7120575961000181867e + in: path + name: polID + required: true + schema: + type: string + requestBody: + content: + application/json: + example: + access_rights: + itachi-api: + allowed_urls: + - methods: + - GET + url: /users + api_id: 8ddd91f3cda9453442c477b06c4e2da4 + api_name: Itachi api + disable_introspection: false + versions: + - Default + active: true + hmac_enabled: false + id: 5ead7120575961000181867e + is_inactive: false + key_expires_in: 2.592e+06 + max_query_depth: -1 + meta_data: + update: sample policy update + user_type: mobile_user + name: update policy sample + partitions: + acl: true + complexity: false + per_api: false + quota: true + rate_limit: true + per: 60 + quota_max: 10000 + quota_renewal_rate: 3600 + rate: 1000 + tags: + - security + throttle_interval: 10 + throttle_retry_limit: 10 + schema: + $ref: '#/components/schemas/Policy' + responses: + "200": + content: + application/json: + example: + action: modified + key: 5ead7120575961000181867e + status: ok + schema: + $ref: '#/components/schemas/ApiModifyKeySuccess' + description: Policy updated + "400": + content: + application/json: + example: + message: Request malformed + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: malformed request + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "500": + content: + application/json: + example: + message: Failed to create file! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Internal server error. + summary: Update a policy. + tags: + - Policies + /tyk/reload: + get: + description: Tyk is capable of reloading configurations without having to stop + serving requests. This means that API configurations can be added at runtime, + or even modified at runtime and those rules applied immediately without any + downtime. + operationId: hotReload + parameters: + - description: Block a response until the reload is performed. This can be useful + in scripting environments like CI/CD workflows. + example: false + in: query + name: block + required: false + schema: + enum: + - true + - false + type: boolean + responses: + "200": + content: + application/json: + example: + message: "" + status: ok + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Reload gateway. + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + summary: Hot-reload a single node. + tags: + - Hot Reload + /tyk/reload/group: + get: + description: To reload a whole group of Tyk nodes (without using the Dashboard + or host manager). You can send an API request to a single node, this node + will then send a notification through the pub/sub infrastructure to all other + listening nodes (including the host manager if it is being used to manage + Nginx) which will then trigger a global reload. + operationId: hotReloadGroup + responses: + "200": + content: + application/json: + example: + message: "" + status: ok + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Reload the Tyk Gateway. + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + summary: Hot-reload a group of Tyk nodes. + tags: + - Hot Reload + /tyk/schema: + get: + description: Get OAS schema definition using a version. + operationId: getSchema + parameters: + - description: The OAS version to fetch. + example: 3.0.3 + in: query + name: oasVersion + required: false + schema: + type: string + responses: + "200": + content: + application/json: + example: + message: "" + status: Success + schema: + $ref: '#/components/schemas/OASSchemaResponse' + description: OAS schema response. + "403": + content: + application/json: + example: + message: Attempted administrative access with invalid or missing key! + status: error + schema: + $ref: '#/components/schemas/ApiStatusMessage' + description: Forbidden + "404": + content: + application/json: + example: + message: Schema not found for version "4" + status: Failed + schema: + $ref: '#/components/schemas/OASSchemaResponse' + description: Version not found + summary: Get OAS schema. + tags: + - Schema +components: + examples: + certIdList: + value: + certs: + - 5e9d9544a1dcd60001d0ed20a6ab77653d5da938f452bb8cc9b55b0630a6743dabd8dc92bfb025abb09ce035 + - 5e9d9544a1dcd60001d0ed207c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90 + certificateBasicList: + value: + certs: + - dns_names: + - example.com + - www.example.com + has_private: true + id: 5e9d9544a1dcd60001d0ed20a6ab77653d5da938f452bb8cc9b55b0630a6743dabd8dc92bfb025abb09ce035 + is_ca: false + issuer_cn: Issuer 1 + not_after: "2024-01-01T00:00:00Z" + not_before: "2023-01-01T00:00:00Z" + subject_cn: Subject 1 + - dns_names: + - example.org + - www.example.org + has_private: false + id: 5e9d9544a1dcd60001d0ed207c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90 + is_ca: true + issuer_cn: Issuer 2 + not_after: "2024-02-01T00:00:00Z" + not_before: "2023-02-01T00:00:00Z" + subject_cn: Subject 2 + certificateMetaExample: + value: + dns_names: + - .*tyk.io + fingerprint: 7c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90 + has_private: false + id: 5e9d9544a1dcd60001d0ed207c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90 + is_ca: false + issuer: + CommonName: tyk.io + Country: + - Peachtree + ExtraNames: null + Locality: null + Names: + - Type: + - 2 + - 5 + - 4 + - 6 + Value: Peachtree + - Type: + - 2 + - 5 + - 4 + - 10 + Value: tyk + - Type: + - 2 + - 5 + - 4 + - 11 + Value: tyk + - Type: + - 2 + - 5 + - 4 + - 3 + Value: tyk.io + - Type: + - 1 + - 2 + - 840 + - 113549 + - 1 + - 9 + - 1 + Value: support@tyk.io + Organization: + - tyk + OrganizationalUnit: + - tyk + PostalCode: null + Province: null + SerialNumber: "" + StreetAddress: null + not_after: "2034-03-26T08:46:37Z" + not_before: "2024-03-25T08:46:37Z" + subject: + CommonName: tyk.io + Country: + - Peachtree + ExtraNames: null + Locality: null + Names: + - Type: + - 2 + - 5 + - 4 + - 6 + Value: Peachtree + - Type: + - 2 + - 5 + - 4 + - 10 + Value: tyk + - Type: + - 2 + - 5 + - 4 + - 11 + Value: tyk + - Type: + - 2 + - 5 + - 4 + - 3 + Value: tyk.io + - Type: + - 1 + - 2 + - 840 + - 113549 + - 1 + - 9 + - 1 + Value: support@tyk.io + Organization: + - tyk + OrganizationalUnit: + - tyk + PostalCode: null + Province: null + SerialNumber: "" + StreetAddress: null + certificateMetaListExample: + value: + - dns_names: + - .*tyk.io + fingerprint: 7c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90 + has_private: false + id: 5e9d9544a1dcd60001d0ed207c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90 + is_ca: false + issuer: + CommonName: tyk.io + Country: + - Peachtree + ExtraNames: null + Locality: null + Names: + - Type: + - 2 + - 5 + - 4 + - 6 + Value: Peachtree + - Type: + - 2 + - 5 + - 4 + - 10 + Value: tyk + - Type: + - 2 + - 5 + - 4 + - 11 + Value: tyk + - Type: + - 2 + - 5 + - 4 + - 3 + Value: tyk.io + - Type: + - 1 + - 2 + - 840 + - 113549 + - 1 + - 9 + - 1 + Value: support@tyk.io + Organization: + - tyk + OrganizationalUnit: + - tyk + PostalCode: null + Province: null + SerialNumber: "" + StreetAddress: null + not_after: "2034-03-26T08:46:37Z" + not_before: "2024-03-25T08:46:37Z" + subject: + CommonName: tyk.io + Country: + - Peachtree + ExtraNames: null + Locality: null + Names: + - Type: + - 2 + - 5 + - 4 + - 6 + Value: Peachtree + - Type: + - 2 + - 5 + - 4 + - 10 + Value: tyk + - Type: + - 2 + - 5 + - 4 + - 11 + Value: tyk + - Type: + - 2 + - 5 + - 4 + - 3 + Value: tyk.io + - Type: + - 1 + - 2 + - 840 + - 113549 + - 1 + - 9 + - 1 + Value: support@tyk.io + Organization: + - tyk + OrganizationalUnit: + - tyk + PostalCode: null + Province: null + SerialNumber: "" + StreetAddress: null + oasExample: + value: + components: + securitySchemes: + bearerAuth: + description: The API Access Credentials + scheme: bearer + type: http + info: + description: This is a sample OAS. + title: OAS Sample + version: 1.0.0 + openapi: 3.0.3 + paths: + /api/sample/users: + get: + operationId: getUsers + responses: + "200": + content: + application/json: + schema: + items: + properties: + name: + type: string + type: object + type: array + description: fetched users + summary: Get users + tags: + - users + security: + - bearerAuth: [] + servers: + - url: https://localhost:8080 + x-tyk-api-gateway: + info: + name: user + state: + active: true + server: + listenPath: + strip: true + value: /user-test/ + upstream: + url: https://localhost:8080 + oasExampleList: + value: + - components: + securitySchemes: + bearerAuth: + description: The API Access Credentials + scheme: bearer + type: http + info: + description: This is a sample OAS. + title: OAS Sample + version: 1.0.0 + openapi: 3.0.3 + paths: + /api/sample/users: + get: + operationId: getUsers + responses: + "200": + content: + application/json: + schema: + items: + properties: + name: + type: string + type: object + type: array + description: fetched users + summary: Get users + tags: + - users + security: + - bearerAuth: [] + servers: + - url: https://localhost:8080 + x-tyk-api-gateway: + info: + name: user + state: + active: true + server: + listenPath: + strip: true + value: /user-test/ + upstream: + url: https://localhost:8080 + paginatedTokenExample: + value: + Pagination: + page_num: 1 + page_size: 100 + page_total: 0 + Tokens: + - code: 5a7d110be6355b0c071cc339327563cb45174ae387f52f87a80d2496 + expires: 1.518158407e+09 + - code: 5a7d110be6355b0c071cc33988884222b0cf436eba7979c6c51d6dbd + expires: 1.518158594e+09 + - code: 5a7d110be6355b0c071cc33990bac8b5261041c5a7d585bff291fec4 + expires: 1.518158638e+09 + - code: 5a7d110be6355b0c071cc339a66afe75521f49388065a106ef45af54 + expires: 1.518159792e+09 + policiesExample: + value: + - _id: "" + access_rights: + 8ddd91f3cda9453442c477b06c4e2da4: + allowance_scope: "" + allowed_types: [] + allowed_urls: + - methods: + - GET + url: /users + api_id: 8ddd91f3cda9453442c477b06c4e2da4 + api_name: Itachi api + disable_introspection: false + field_access_rights: [] + limit: + max_query_depth: 0 + per: 0 + quota_max: 0 + quota_remaining: 0 + quota_renewal_rate: 0 + quota_renews: 0 + rate: 0 + smoothing: + delay: 30 + enabled: false + step: 100 + threshold: 500 + trigger: 0.8 + throttle_interval: 0 + throttle_retry_limit: 0 + restricted_types: [] + versions: + - Default + active: true + enable_http_signature_validation: false + graphql_access_rights: null + hmac_enabled: false + id: 5ead7120575961000181867e + is_inactive: false + key_expires_in: 2.592e+06 + last_updated: "1716980105" + max_query_depth: -1 + meta_data: + user_type: mobile_user + name: Sample policy + org_id: 664a14650619d40001f1f00f + partitions: + acl: true + complexity: false + per_api: false + quota: true + rate_limit: true + per: 60 + quota_max: 10000 + quota_renewal_rate: 3600 + rate: 1000 + smoothing: + delay: 30 + enabled: false + step: 100 + threshold: 500 + trigger: 0.8 + tags: + - security + throttle_interval: 10 + throttle_retry_limit: 10 + tokenListExample: + value: + - code: 5a7d110be6355b0c071cc339327563cb45174ae387f52f87a80d2496 + expires: 1.518158407e+09 + - code: 5a7d110be6355b0c071cc33988884222b0cf436eba7979c6c51d6dbd + expires: 1.518158594e+09 + - code: 5a7d110be6355b0c071cc33990bac8b5261041c5a7d585bff291fec4 + expires: 1.518158638e+09 + - code: 5a7d110be6355b0c071cc339a66afe75521f49388065a106ef45af54 + expires: 1.518159792e+09 + parameters: + AccessType: + description: Filter for internal or external API versions + example: internal + in: query + name: accessType + required: false + schema: + enum: + - internal + - external + type: string + AllowList: + description: Enable allowList middleware for all endpoints + in: query + name: allowList + required: false + schema: + $ref: '#/components/schemas/BooleanQueryParam' + Authentication: + description: Enable/disable the authentication mechanism in your Tyk Gateway + for your OAS API + in: query + name: authentication + schema: + $ref: '#/components/schemas/BooleanQueryParam' + CustomDomain: + description: Custom domain for the API + example: tyk.io + in: query + name: customDomain + required: false + schema: + type: string + ListenPath: + description: Listen path for the API + example: /user-test/ + in: query + name: listenPath + required: false + schema: + type: string + MockResponse: + description: Enable mockResponse middleware for all endpoints having responses + configured. + in: query + name: mockResponse + required: false + schema: + $ref: '#/components/schemas/BooleanQueryParam' + SearchText: + description: Search for API version name + example: Sample oas + in: query + name: searchText + required: false + schema: + type: string + UpstreamURL: + description: Upstream URL for the API + example: https://localhost:8080 + in: query + name: upstreamURL + required: false + schema: + type: string + ValidateRequest: + description: Enable validateRequest middleware for all endpoints having a request + body with media type application/json + in: query + name: validateRequest + required: false + schema: + $ref: '#/components/schemas/BooleanQueryParam' + schemas: + APIAllCertificateBasics: properties: - tags: + certs: + items: + $ref: '#/components/schemas/CertsCertificateBasics' + nullable: true + type: array + type: object + APIAllCertificates: + properties: + certs: items: type: string + nullable: true type: array - x-go-name: Tags + type: object + APICertificateStatusMessage: + properties: + id: + example: 5e9d9544a1dcd60001d0ed207c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90 + type: string + message: + example: Certificate added + type: string + status: + example: ok + type: string + type: object + APIDefinition: + properties: CORS: - properties: - allow_credentials: - type: boolean - x-go-name: AllowCredentials - allowed_headers: - items: - type: string - type: array - x-go-name: AllowedHeaders - allowed_methods: - items: - type: string - type: array - x-go-name: AllowedMethods - allowed_origins: - items: - type: string - type: array - x-go-name: AllowedOrigins - debug: - type: boolean - x-go-name: Debug - enable: - type: boolean - x-go-name: Enable - exposed_headers: - items: - type: string - type: array - x-go-name: ExposedHeaders - max_age: - format: int64 - type: integer - x-go-name: MaxAge - options_passthrough: - type: boolean - x-go-name: OptionsPassthrough - type: object + $ref: '#/components/schemas/CORSConfig' active: type: boolean - x-go-name: Active allowed_ips: items: type: string + nullable: true type: array - x-go-name: AllowedIPs + analytics_plugin: + $ref: '#/components/schemas/AnalyticsPluginConfig' api_id: type: string - x-go-name: APIID auth: - $ref: '#/components/schemas/Auth' + $ref: '#/components/schemas/AuthConfig' + auth_configs: + additionalProperties: + $ref: '#/components/schemas/AuthConfig' + nullable: true + type: object auth_provider: $ref: '#/components/schemas/AuthProviderMeta' base_identity_provided_by: - $ref: '#/components/schemas/AuthTypeEnum' + type: string basic_auth: properties: body_password_regexp: type: string - x-go-name: BodyPasswordRegexp body_user_regexp: type: string - x-go-name: BodyUserRegexp cache_ttl: - format: int64 type: integer - x-go-name: CacheTTL disable_caching: type: boolean - x-go-name: DisableCaching extract_from_body: type: boolean - x-go-name: ExtractFromBody type: object - x-go-name: BasicAuth blacklisted_ips: items: type: string + nullable: true type: array - x-go-name: BlacklistedIPs cache_options: $ref: '#/components/schemas/CacheOptions' + certificate_pinning_disabled: + type: boolean certificates: items: type: string + nullable: true type: array - x-go-name: Certificates client_certificates: items: type: string + nullable: true type: array - x-go-name: ClientCertificates config_data: - additionalProperties: - type: object + additionalProperties: {} + nullable: true type: object - x-go-name: ConfigData + config_data_disabled: + type: boolean custom_middleware: $ref: '#/components/schemas/MiddlewareSection' custom_middleware_bundle: type: string - x-go-name: CustomMiddlewareBundle + custom_middleware_bundle_disabled: + type: boolean + custom_plugin_auth_enabled: + type: boolean definition: - properties: - key: - type: string - x-go-name: Key - location: - type: string - x-go-name: Location - strip_path: - type: boolean - x-go-name: StripPath - type: object - x-go-name: VersionDefinition + $ref: '#/components/schemas/VersionDefinition' + detailed_tracing: + type: boolean disable_quota: type: boolean - x-go-name: DisableQuota disable_rate_limit: type: boolean - x-go-name: DisableRateLimit do_not_track: type: boolean - x-go-name: DoNotTrack domain: type: string - x-go-name: Domain + domain_disabled: + type: boolean dont_set_quota_on_create: type: boolean - x-go-name: DontSetQuotasOnCreate enable_batch_request_support: type: boolean - x-go-name: EnableBatchRequestSupport enable_context_vars: type: boolean - x-go-name: EnableContextVars enable_coprocess_auth: type: boolean - x-go-name: EnableCoProcessAuth + enable_detailed_recording: + type: boolean enable_ip_blacklisting: type: boolean - x-go-name: EnableIpBlacklisting enable_ip_whitelisting: type: boolean - x-go-name: EnableIpWhiteListing enable_jwt: type: boolean - x-go-name: EnableJWT + enable_proxy_protocol: + type: boolean enable_signature_checking: type: boolean - x-go-name: EnableSignatureChecking event_handlers: $ref: '#/components/schemas/EventHandlerMetaConfig' + expiration: + type: string expire_analytics_after: - format: int64 type: integer - x-go-name: ExpireAnalyticsAfter + external_oauth: + $ref: '#/components/schemas/ExternalOAuth' global_rate_limit: $ref: '#/components/schemas/GlobalRateLimit' + graphql: + $ref: '#/components/schemas/GraphQLConfig' hmac_allowed_algorithms: items: type: string + nullable: true type: array - x-go-name: HmacAllowedAlgorithms hmac_allowed_clock_skew: - format: double type: number - x-go-name: HmacAllowedClockSkew id: - $ref: '#/components/schemas/ObjectID' + type: string + idp_client_id_mapping_disabled: + type: boolean internal: type: boolean - x-go-name: Internal + is_oas: + type: boolean jwt_client_base_field: type: string - x-go-name: JWTClientIDBaseField + jwt_default_policies: + items: + type: string + nullable: true + type: array jwt_expires_at_validation_skew: - format: uint64 + minimum: 0 type: integer - x-go-name: JWTExpiresAtValidationSkew jwt_identity_base_field: type: string - x-go-name: JWTIdentityBaseField jwt_issued_at_validation_skew: - format: uint64 + minimum: 0 type: integer - x-go-name: JWTIssuedAtValidationSkew jwt_not_before_validation_skew: - format: uint64 + minimum: 0 type: integer - x-go-name: JWTNotBeforeValidationSkew jwt_policy_field_name: type: string - x-go-name: JWTPolicyFieldName jwt_scope_claim_name: type: string - x-go-name: JWTScopeClaimName jwt_scope_to_policy_mapping: additionalProperties: type: string + nullable: true type: object - x-go-name: JWTScopeToPolicyMapping jwt_signing_method: type: string - x-go-name: JWTSigningMethod jwt_skip_kid: type: boolean - x-go-name: JWTSkipKid jwt_source: type: string - x-go-name: JWTSource + listen_port: + type: integer name: type: string - x-go-name: Name notifications: $ref: '#/components/schemas/NotificationsManager' oauth_meta: properties: allowed_access_types: items: - $ref: '#/components/schemas/AccessRequestType' + type: string + nullable: true type: array - x-go-name: AllowedAccessTypes allowed_authorize_types: items: - $ref: '#/components/schemas/AuthorizeRequestType' + type: string + nullable: true type: array - x-go-name: AllowedAuthorizeTypes auth_login_redirect: type: string - x-go-name: AuthorizeLoginRedirect type: object - x-go-name: Oauth2Meta openid_options: $ref: '#/components/schemas/OpenIDOptions' org_id: type: string - x-go-name: OrgID - pinned_public_keys: - additionalProperties: + pinned_public_keys: + additionalProperties: + type: string + nullable: true + type: object + protocol: + type: string + proxy: + $ref: '#/components/schemas/ProxyConfig' + request_signing: + $ref: '#/components/schemas/RequestSigningMeta' + response_processors: + items: + $ref: '#/components/schemas/ResponseProcessor' + nullable: true + type: array + scopes: + $ref: '#/components/schemas/Scopes' + session_lifetime: + type: integer + session_lifetime_respects_key_expiration: + type: boolean + session_provider: + $ref: '#/components/schemas/SessionProviderMeta' + slug: + type: string + strip_auth_data: + type: boolean + tag_headers: + items: + type: string + nullable: true + type: array + tags: + example: + - Default + - v1 + items: + type: string + nullable: true + type: array + tags_disabled: + type: boolean + upstream_certificates: + additionalProperties: + type: string + nullable: true + type: object + upstream_certificates_disabled: + type: boolean + uptime_tests: + $ref: '#/components/schemas/UptimeTests' + use_basic_auth: + type: boolean + use_go_plugin_auth: + type: boolean + use_keyless: + type: boolean + use_mutual_tls_auth: + type: boolean + use_oauth2: + type: boolean + use_openid: + type: boolean + use_standard_auth: + type: boolean + version_data: + $ref: '#/components/schemas/VersionData' + type: object + APILimit: + properties: + max_query_depth: + type: integer + per: + type: number + quota_max: + type: integer + quota_remaining: + type: integer + quota_renewal_rate: + type: integer + quota_renews: + type: integer + rate: + type: number + smoothing: + $ref: '#/components/schemas/RateLimitSmoothing' + throttle_interval: + type: number + throttle_retry_limit: + type: integer + type: object + AccessDefinition: + properties: + allowance_scope: + example: d371b83b249845a2497ab9a947fd6210 + type: string + allowed_types: + items: + $ref: '#/components/schemas/GraphqlType' + nullable: true + type: array + allowed_urls: + items: + $ref: '#/components/schemas/AccessSpec' + nullable: true + type: array + api_id: + example: d1dfc6a927a046c54c0ed470f19757cc + type: string + api_name: + example: Rate Limit Proxy API + type: string + disable_introspection: + example: false + type: boolean + endpoints: + $ref: '#/components/schemas/Endpoints' + field_access_rights: + items: + $ref: '#/components/schemas/FieldAccessDefinition' + nullable: true + type: array + limit: + $ref: '#/components/schemas/APILimit' + restricted_types: + items: + $ref: '#/components/schemas/GraphqlType' + nullable: true + type: array + versions: + example: + - Default + - v2 + items: + type: string + nullable: true + type: array + type: object + AccessSpec: + properties: + methods: + example: + - GET + - POST + - DELETE + - PUT + items: + type: string + nullable: true + type: array + url: + example: anything/rate-limit-1-per-5 + type: string + type: object + Allowance: + properties: + enabled: + type: boolean + ignoreCase: + type: boolean + type: object + AnalyticsPluginConfig: + properties: + enable: + type: boolean + func_name: + type: string + plugin_path: + type: string + type: object + ApiAllKeys: + properties: + keys: + items: + type: string + nullable: true + type: array + type: object + ApiModifyKeySuccess: + properties: + action: + example: modified + type: string + key: + example: b13d928b9972bd18 + type: string + key_hash: + type: string + status: + example: ok + type: string + type: object + ApiStatusMessage: + properties: + message: + type: string + status: + type: string + type: object + AuthConfig: + properties: + auth_header_name: + example: Authorization + type: string + cookie_name: + type: string + disable_header: + type: boolean + name: + type: string + param_name: + type: string + signature: + $ref: '#/components/schemas/SignatureConfig' + use_certificate: + type: boolean + use_cookie: + type: boolean + use_param: + type: boolean + validate_signature: + type: boolean + type: object + AuthProviderMeta: + properties: + meta: + additionalProperties: {} + nullable: true + type: object + name: + type: string + storage_engine: + type: string + type: object + AuthSource: + properties: + enabled: + type: boolean + name: + type: string + type: object + AuthSources: + properties: + cookie: + $ref: '#/components/schemas/AuthSource' + header: + $ref: '#/components/schemas/AuthSource' + query: + $ref: '#/components/schemas/AuthSource' + type: object + Authentication: + properties: + baseIdentityProvider: + type: string + custom: + $ref: '#/components/schemas/CustomPluginAuthentication' + enabled: + type: boolean + hmac: + $ref: '#/components/schemas/HMAC' + oidc: + $ref: '#/components/schemas/OIDC' + securitySchemes: + $ref: '#/components/schemas/SecuritySchemes' + stripAuthorizationData: + type: boolean + type: object + AuthenticationPlugin: + properties: + enabled: + type: boolean + functionName: + type: string + idExtractor: + $ref: '#/components/schemas/IDExtractor' + path: + type: string + rawBodyOnly: + type: boolean + type: object + BasicAuthData: + properties: + hash_type: + type: string + password: + type: string + type: object + BooleanQueryParam: + enum: + - true + - false + example: true + type: boolean + CORS: + properties: + allowCredentials: + type: boolean + allowedHeaders: + items: type: string - type: object - x-go-name: PinnedPublicKeys - proxy: - properties: - check_host_against_uptime_tests: - type: boolean - x-go-name: CheckHostAgainstUptimeTests - disable_strip_slash: - type: boolean - x-go-name: DisableStripSlash - enable_load_balancing: - type: boolean - x-go-name: EnableLoadBalancing - listen_path: - type: string - x-go-name: ListenPath - preserve_host_header: - type: boolean - x-go-name: PreserveHostHeader - service_discovery: - $ref: '#/components/schemas/ServiceDiscoveryConfiguration' - strip_listen_path: - type: boolean - x-go-name: StripListenPath - target_list: - items: - type: string - type: array - x-go-name: Targets - target_url: - type: string - x-go-name: TargetURL - transport: - properties: - proxy_url: - type: string - x-go-name: ProxyURL - ssl_ciphers: - items: - type: string - type: array - x-go-name: SSLCipherSuites - ssl_insecure_skip_verify: - type: boolean - x-go-name: SSLInsecureSkipVerify - ssl_min_version: - format: uint16 - type: integer - x-go-name: SSLMinVersion - type: object - x-go-name: Transport - type: object - x-go-name: Proxy - response_processors: + type: array + allowedMethods: items: - $ref: '#/components/schemas/ResponseProcessor' + type: string type: array - x-go-name: ResponseProcessors - session_lifetime: - format: int64 + allowedOrigins: + items: + type: string + type: array + debug: + type: boolean + enabled: + type: boolean + exposedHeaders: + items: + type: string + type: array + maxAge: type: integer - x-go-name: SessionLifetime - session_provider: - $ref: '#/components/schemas/SessionProviderMeta' - slug: - type: string - x-go-name: Slug - strip_auth_data: + optionsPassthrough: type: boolean - x-go-name: StripAuthData - tag_headers: + type: object + CORSConfig: + properties: + allow_credentials: + example: false + type: boolean + allowed_headers: + example: + - Origin + - Accept + - Content-Type + - Authorization items: type: string + nullable: true type: array - x-go-name: TagHeaders - upstream_certificates: - additionalProperties: + allowed_methods: + example: + - GET + - HEAD + - POST + items: type: string - type: object - x-go-name: UpstreamCertificates - uptime_tests: - properties: - check_list: - items: - $ref: '#/components/schemas/HostCheckObject' - type: array - x-go-name: CheckList - config: - properties: - expire_utime_after: - format: int64 - type: integer - x-go-name: ExpireUptimeAnalyticsAfter - recheck_wait: - format: int64 - type: integer - x-go-name: RecheckWait - service_discovery: - $ref: '#/components/schemas/ServiceDiscoveryConfiguration' - type: object - x-go-name: Config - type: object - x-go-name: UptimeTests - use_basic_auth: + nullable: true + type: array + allowed_origins: + example: + - https://*.foo.com + items: + type: string + nullable: true + type: array + debug: + example: true type: boolean - x-go-name: UseBasicAuth - use_keyless: + enable: + example: false type: boolean - x-go-name: UseKeylessAccess - use_mutual_tls_auth: + exposed_headers: + example: + - Accept + - Content-Type + items: + type: string + nullable: true + type: array + max_age: + example: 24 + type: integer + options_passthrough: + example: false type: boolean - x-go-name: UseMutualTLSAuth - use_oauth2: + type: object + Cache: + properties: + cacheAllSafeRequests: type: boolean - x-go-name: UseOauth2 - use_openid: + cacheByHeaders: + items: + type: string + type: array + cacheResponseCodes: + items: + type: integer + type: array + controlTTLHeaderName: + type: string + enableUpstreamCacheControl: type: boolean - x-go-name: UseOpenID - use_standard_auth: + enabled: type: boolean - x-go-name: UseStandardAuth - version_data: - properties: - default_version: - type: string - x-go-name: DefaultVersion - not_versioned: - type: boolean - x-go-name: NotVersioned - versions: - additionalProperties: - $ref: '#/components/schemas/VersionInfo' - type: object - x-go-name: Versions - type: object - x-go-name: VersionData - title: >- - APIDefinition represents the configuration for a single proxied API and - it's versions. + timeout: + type: integer type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - APILimit: - title: APILimit stores quota and rate limit on ACL level (per API) + CacheMeta: properties: - per: - format: double - type: number - x-go-name: Per - quota_max: - format: int64 - type: integer - x-go-name: QuotaMax - quota_remaining: - format: int64 - type: integer - x-go-name: QuotaRemaining - quota_renewal_rate: + cache_key_regex: + type: string + cache_response_codes: + items: + type: integer + nullable: true + type: array + disabled: + type: boolean + method: + type: string + path: + type: string + timeout: format: int64 type: integer - x-go-name: QuotaRenewalRate - quota_renews: + type: object + CacheOptions: + properties: + cache_all_safe_requests: + example: false + type: boolean + cache_by_headers: + items: + type: string + nullable: true + type: array + cache_control_ttl_header: + type: string + cache_response_codes: + items: + type: integer + nullable: true + type: array + cache_timeout: + example: 60 format: int64 type: integer - x-go-name: QuotaRenews - rate: - format: double - type: number - x-go-name: Rate - set_by_policy: + enable_cache: + example: true type: boolean - x-go-name: SetByPolicy - throttle_interval: - format: double - type: number - x-go-name: ThrottleInterval - throttle_retry_limit: - format: int64 + enable_upstream_cache_control: + example: false + type: boolean + type: object + CachePlugin: + properties: + cacheByRegex: + type: string + cacheResponseCodes: + items: + type: integer + type: array + enabled: + type: boolean + timeout: type: integer - x-go-name: ThrottleRetryLimit type: object - x-go-package: github.com/TykTechnologies/tyk/user - SessionEndpoint: - title: SessionEndpoint holds rate limit on endpoint level. + CertificatePinning: + properties: + domainToPublicKeysMapping: + $ref: '#/components/schemas/PinnedPublicKeys' + enabled: + type: boolean type: object + CertsCertificateBasics: properties: - path: - type: string - x-go-name: Path - methods: + dns_names: + items: + type: string + nullable: true type: array - x-go-name: Methods + has_private: + type: boolean + id: + type: string + is_ca: + type: boolean + issuer_cn: + type: string + not_after: + format: date-time + type: string + not_before: + format: date-time + type: string + subject_cn: + type: string + type: object + CertsCertificateMeta: + properties: + dns_names: + example: + - .*tyk.io items: - $ref: '#/components/schemas/SessionEndpointMethod' - SessionEndpointMethod: - title: SessionEndpointMethod holds rate limit on endpoint method level. + type: string + type: array + fingerprint: + example: 7c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90 + type: string + has_private: + example: false + type: boolean + id: + example: 5e9d9544a1dcd60001d0ed207c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90 + type: string + is_ca: + type: boolean + issuer: + $ref: '#/components/schemas/PkixName' + not_after: + example: "2034-03-26T08:46:37Z" + format: date-time + type: string + not_before: + example: "2024-03-25T08:46:37Z" + format: date-time + type: string + subject: + $ref: '#/components/schemas/PkixName' type: object + CheckCommand: properties: + message: + type: string name: - x-go-name: Name type: string - limit: - x-go-name: Limit - $ref: '#/components/schemas/RateLimit' - RateLimit: + type: object + CircuitBreaker: properties: - per: - type: number - format: double - x-go-name: Per - rate: + coolDownPeriod: + type: integer + enabled: + type: boolean + halfOpenStateEnabled: + type: boolean + sampleSize: + type: integer + threshold: type: number - format: double - x-go-name: Rate - smoothing: - type: object - $ref: '#/components/schemas/RateLimitSmoothing' - description: Smoothing contains rate limit smoothing settings. - x-go-name: Smoothing - title: "" type: object - x-go-package: github.com/TykTechnologies/tyk/user - AccessDefinition: - description: AccessDefinition defines which versions of an API a key has access to + CircuitBreakerMeta: properties: - allowed_urls: - items: - $ref: '#/components/schemas/AccessSpec' - type: array - x-go-name: AllowedURLs - api_id: + disable_half_open_state: + type: boolean + disabled: + type: boolean + method: type: string - x-go-name: APIID - api_name: + path: type: string - x-go-name: APIName - limit: - $ref: '#/components/schemas/APILimit' - endpoints: - type: array - items: - $ref: '#/components/schemas/SessionEndpoint' - x-go-name: Endpoints - versions: - items: - type: string - type: array - x-go-name: Versions + return_to_service_after: + type: integer + samples: + format: int64 + type: integer + threshold_percent: + type: number type: object - x-go-package: github.com/TykTechnologies/tyk/user - AccessRequestType: - description: AccessRequestType is the type for OAuth param `grant_type` - type: string - x-go-package: github.com/TykTechnologies/tyk/vendor/github.com/lonelycode/osin - AccessSpec: - description: >- - AccessSpecs define what URLS a user has access to an what methods are - enabled + ClientCertificates: properties: - methods: + allowlist: items: type: string + nullable: true type: array - x-go-name: Methods - url: - type: string - x-go-name: URL + enabled: + type: boolean type: object - x-go-package: github.com/TykTechnologies/tyk/user - Auth: + ClientToPolicy: properties: - auth_header_name: - type: string - x-go-name: AuthHeaderName - cookie_name: + clientId: type: string - x-go-name: CookieName - param_name: + policyId: type: string - x-go-name: ParamName - signature: - $ref: '#/components/schemas/SignatureConfig' - use_certificate: + type: object + ContextVariables: + properties: + enabled: type: boolean - x-go-name: UseCertificate - use_cookie: + type: object + CustomPlugin: + properties: + enabled: type: boolean - x-go-name: UseCookie - use_param: + functionName: + type: string + path: + type: string + rawBodyOnly: type: boolean - x-go-name: UseParam - validate_signature: + requireSession: type: boolean - x-go-name: ValidateSignature type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - AuthProviderCode: - type: string - x-go-package: github.com/TykTechnologies/tyk/apidef - AuthProviderMeta: + CustomPluginAuthentication: properties: - meta: - additionalProperties: - type: object - type: object - x-go-name: Meta - name: - $ref: '#/components/schemas/AuthProviderCode' - storage_engine: - $ref: '#/components/schemas/StorageEngineCode' - type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - AuthTypeEnum: - type: string - x-go-package: github.com/TykTechnologies/tyk/apidef - AuthorizeRequestType: - description: AuthorizeRequestType is the type for OAuth param `response_type` - type: string - x-go-package: github.com/TykTechnologies/tyk/vendor/github.com/lonelycode/osin - CacheMeta: + AuthSources: + $ref: '#/components/schemas/AuthSources' + config: + $ref: '#/components/schemas/AuthenticationPlugin' + enabled: + type: boolean + type: object + CustomPlugins: + items: + $ref: '#/components/schemas/CustomPlugin' + type: array + DatasourceMappingConfiguration: properties: - cache_response_codes: - items: - format: int64 - type: integer - type: array - x-go-name: CacheOnlyResponseCodes - cache_key_regex: + disabled: + type: boolean + path: type: string - x-go-name: CacheKeyRegex - method: + type: object + DatasourceSourceConfig: + properties: + data_source_config: {} + kind: type: string - x-go-name: Method - path: + type: object + DatasourceTypeFieldConfiguration: + properties: + data_source: + $ref: '#/components/schemas/DatasourceSourceConfig' + field_name: + type: string + mapping: + $ref: '#/components/schemas/DatasourceMappingConfiguration' + type_name: type: string - x-go-name: Path type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - CacheOptions: + DetailedActivityLogs: properties: - cache_all_safe_requests: + enabled: type: boolean - x-go-name: CacheAllSafeRequests - cache_control_ttl_header: - type: string - x-go-name: CacheControlTTLHeader - cache_response_codes: + type: object + DetailedTracing: + properties: + enabled: + type: boolean + type: object + Domain: + properties: + certificates: items: - format: int64 - type: integer + type: string type: array - x-go-name: CacheOnlyResponseCodes - cache_timeout: - format: int64 - type: integer - x-go-name: CacheTimeout - enable_cache: - type: boolean - x-go-name: EnableCache - enable_upstream_cache_control: + enabled: type: boolean - x-go-name: EnableUpstreamCacheControl + name: + type: string type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - CircuitBreakerMeta: + DomainToCertificate: properties: - method: + certificate: type: string - x-go-name: Method - path: + domain: type: string - x-go-name: Path - return_to_service_after: - format: int64 - type: integer - x-go-name: ReturnToServiceAfter - samples: - format: int64 - type: integer - x-go-name: Samples - threshold_percent: - format: double - type: number - x-go-name: ThresholdPercent type: object - x-go-package: github.com/TykTechnologies/tyk/apidef EndPointMeta: properties: + disabled: + type: boolean + ignore_case: + type: boolean + method: + type: string method_actions: additionalProperties: $ref: '#/components/schemas/EndpointMethodMeta' type: object - x-go-name: MethodActions path: type: string - x-go-name: Path type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - EndpointMethodAction: - type: string - x-go-package: github.com/TykTechnologies/tyk/apidef + Endpoint: + properties: + methods: + $ref: '#/components/schemas/EndpointMethods' + path: + type: string + type: object + EndpointMethod: + properties: + limit: + $ref: '#/components/schemas/RateLimitType2' + name: + type: string + type: object EndpointMethodMeta: properties: action: - $ref: '#/components/schemas/EndpointMethodAction' + enum: + - no_action + - reply + type: string code: - format: int64 type: integer - x-go-name: Code data: type: string - x-go-name: Data headers: additionalProperties: type: string + nullable: true type: object - x-go-name: Headers type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - EventHandlerMetaConfig: + EndpointMethods: + items: + $ref: '#/components/schemas/EndpointMethod' + type: array + EndpointPostPlugin: properties: - events: - x-go-name: Events + enabled: + type: boolean + functionName: + type: string + name: + type: string + path: + type: string type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - RateLimitMeta: + EndpointPostPlugins: + items: + $ref: '#/components/schemas/EndpointPostPlugin' + type: array + Endpoints: + items: + $ref: '#/components/schemas/Endpoint' + type: array + EnforceTimeout: properties: - disabled: + enabled: type: boolean - x-go-name: Disabled - method: + value: + type: integer + type: object + EventHandler: + properties: + enabled: + type: boolean + id: type: string - x-go-name: Method - path: + name: + type: string + trigger: + type: string + type: + type: string + type: object + EventHandlerMetaConfig: + properties: + events: + additionalProperties: + items: + $ref: '#/components/schemas/EventHandlerTriggerConfig' + type: array + nullable: true + type: object + type: object + EventHandlerTriggerConfig: + properties: + handler_meta: + additionalProperties: {} + nullable: true + type: object + handler_name: type: string - x-go-name: Path - per: - type: number - format: double - x-go-name: Per - rate: - type: number - format: double - x-go-name: Rate - title: RateLimitMeta configures rate limits per API path. type: object - x-go-package: github.com/TykTechnologies/tyk/apidef + EventHandlers: + items: + $ref: '#/components/schemas/EventHandler' + type: array ExtendedPathsSet: properties: advance_cache_config: items: $ref: '#/components/schemas/CacheMeta' type: array - x-go-name: AdvanceCacheConfig black_list: items: $ref: '#/components/schemas/EndPointMeta' type: array - x-go-name: BlackList cache: items: type: string type: array - x-go-name: Cached circuit_breakers: items: $ref: '#/components/schemas/CircuitBreakerMeta' type: array - x-go-name: CircuitBreaker do_not_track_endpoints: items: $ref: '#/components/schemas/TrackEndpointMeta' type: array - x-go-name: DoNotTrackEndpoints + go_plugin: + items: + $ref: '#/components/schemas/GoPluginMeta' + type: array hard_timeouts: items: $ref: '#/components/schemas/HardTimeoutMeta' type: array - x-go-name: HardTimeouts ignored: items: $ref: '#/components/schemas/EndPointMeta' type: array - x-go-name: Ignored internal: items: $ref: '#/components/schemas/InternalMeta' type: array - x-go-name: Internal method_transforms: items: $ref: '#/components/schemas/MethodTransformMeta' type: array - x-go-name: MethodTransforms - rate_limit: + mock_response: + items: + $ref: '#/components/schemas/MockResponseMeta' + type: array + persist_graphql: + items: + $ref: '#/components/schemas/PersistGraphQLMeta' + nullable: true type: array + rate_limit: items: $ref: '#/components/schemas/RateLimitMeta' - x-go-name: RateLimit + nullable: true + type: array size_limits: items: $ref: '#/components/schemas/RequestSizeMeta' type: array - x-go-name: SizeLimit track_endpoints: items: $ref: '#/components/schemas/TrackEndpointMeta' type: array - x-go-name: TrackEndpoints transform: items: $ref: '#/components/schemas/TemplateMeta' type: array - x-go-name: Transform transform_headers: items: - $ref: '#/components/schemas/HeaderInjectionMeta' + $ref: '#/components/schemas/HeaderInjectionMeta' + type: array + transform_jq: + items: + $ref: '#/components/schemas/TransformJQMeta' + type: array + transform_jq_response: + items: + $ref: '#/components/schemas/TransformJQMeta' + type: array + transform_response: + items: + $ref: '#/components/schemas/TemplateMeta' + type: array + transform_response_headers: + items: + $ref: '#/components/schemas/HeaderInjectionMeta' + type: array + url_rewrites: + items: + $ref: '#/components/schemas/URLRewriteMeta' + type: array + validate_json: + items: + $ref: '#/components/schemas/ValidatePathMeta' + type: array + validate_request: + items: + $ref: '#/components/schemas/ValidateRequestMeta' + type: array + virtual: + items: + $ref: '#/components/schemas/VirtualMeta' + type: array + white_list: + items: + $ref: '#/components/schemas/EndPointMeta' + type: array + type: object + ExternalOAuth: + properties: + enabled: + type: boolean + providers: + items: + $ref: '#/components/schemas/Provider' + nullable: true + type: array + type: object + FieldAccessDefinition: + properties: + field_name: + type: string + limits: + $ref: '#/components/schemas/FieldLimits' + type_name: + type: string + type: object + FieldLimits: + properties: + max_query_depth: + type: integer + type: object + FromOASExamples: + properties: + code: + type: integer + contentType: + type: string + enabled: + type: boolean + exampleName: + type: string + type: object + GatewayTags: + properties: + enabled: + type: boolean + tags: + items: + type: string + nullable: true + type: array + type: object + Global: + properties: + cache: + $ref: '#/components/schemas/Cache' + contextVariables: + $ref: '#/components/schemas/ContextVariables' + cors: + $ref: '#/components/schemas/CORS' + pluginConfig: + $ref: '#/components/schemas/PluginConfig' + postAuthenticationPlugin: + $ref: '#/components/schemas/PostAuthenticationPlugin' + postAuthenticationPlugins: + $ref: '#/components/schemas/CustomPlugins' + postPlugin: + $ref: '#/components/schemas/PostPlugin' + postPlugins: + $ref: '#/components/schemas/CustomPlugins' + prePlugin: + $ref: '#/components/schemas/PrePlugin' + prePlugins: + $ref: '#/components/schemas/CustomPlugins' + responsePlugin: + $ref: '#/components/schemas/ResponsePlugin' + responsePlugins: + $ref: '#/components/schemas/CustomPlugins' + trafficLogs: + $ref: '#/components/schemas/TrafficLogs' + transformRequestHeaders: + $ref: '#/components/schemas/TransformHeaders' + transformResponseHeaders: + $ref: '#/components/schemas/TransformHeaders' + type: object + GlobalRateLimit: + properties: + disabled: + type: boolean + per: + type: number + rate: + type: number + type: object + GoPluginMeta: + properties: + disabled: + type: boolean + func_name: + type: string + method: + type: string + path: + type: string + plugin_path: + type: string + type: object + GraphAccessDefinition: + type: object + GraphQLConfig: + properties: + enabled: + type: boolean + engine: + $ref: '#/components/schemas/GraphQLEngineConfig' + execution_mode: + enum: + - proxyOnly + - executionEngine + - subgraph + - supergraph + type: string + introspection: + $ref: '#/components/schemas/GraphQLIntrospectionConfig' + last_schema_update: + format: date-time + nullable: true + type: string + playground: + $ref: '#/components/schemas/GraphQLPlayground' + proxy: + $ref: '#/components/schemas/GraphQLProxyConfig' + schema: + type: string + subgraph: + $ref: '#/components/schemas/GraphQLSubgraphConfig' + supergraph: + $ref: '#/components/schemas/GraphQLSupergraphConfig' + type_field_configurations: + items: + $ref: '#/components/schemas/DatasourceTypeFieldConfiguration' + nullable: true type: array - x-go-name: TransformHeader - transform_jq: + version: + enum: + - '''' + - "1" + - "2" + type: string + type: object + GraphQLEngineConfig: + properties: + data_sources: items: - $ref: '#/components/schemas/TransformJQMeta' + $ref: '#/components/schemas/GraphQLEngineDataSource' + nullable: true type: array - x-go-name: TransformJQ - transform_jq_response: + field_configs: items: - $ref: '#/components/schemas/TransformJQMeta' + $ref: '#/components/schemas/GraphQLFieldConfig' + nullable: true type: array - x-go-name: TransformJQResponse - transform_response: + global_headers: items: - $ref: '#/components/schemas/TemplateMeta' + $ref: '#/components/schemas/UDGGlobalHeader' + nullable: true type: array - x-go-name: TransformResponse - transform_response_headers: + type: object + GraphQLEngineDataSource: + properties: + config: {} + internal: + type: boolean + kind: + type: string + name: + type: string + root_fields: items: - $ref: '#/components/schemas/HeaderInjectionMeta' + $ref: '#/components/schemas/GraphQLTypeFields' + nullable: true type: array - x-go-name: TransformResponseHeader - url_rewrites: + type: object + GraphQLFieldConfig: + properties: + disable_default_mapping: + type: boolean + field_name: + type: string + path: items: - $ref: '#/components/schemas/URLRewriteMeta' + type: string + nullable: true type: array - x-go-name: URLRewrite - validate_json: + type_name: + type: string + type: object + GraphQLIntrospectionConfig: + properties: + disabled: + type: boolean + type: object + GraphQLPlayground: + properties: + enabled: + type: boolean + path: + type: string + type: object + GraphQLProxyConfig: + properties: + auth_headers: + additionalProperties: + type: string + nullable: true + type: object + features: + $ref: '#/components/schemas/GraphQLProxyFeaturesConfig' + request_headers: + additionalProperties: + type: string + nullable: true + type: object + request_headers_rewrite: + additionalProperties: + $ref: '#/components/schemas/RequestHeadersRewriteConfig' + nullable: true + type: object + subscription_type: + type: string + use_response_extensions: + $ref: '#/components/schemas/GraphQLResponseExtensions' + type: object + GraphQLProxyFeaturesConfig: + properties: + use_immutable_headers: + type: boolean + type: object + GraphQLResponseExtensions: + properties: + on_error_forwarding: + type: boolean + type: object + GraphQLSubgraphConfig: + properties: + sdl: + type: string + type: object + GraphQLSubgraphEntity: + properties: + api_id: + type: string + headers: + additionalProperties: + type: string + nullable: true + type: object + name: + type: string + sdl: + type: string + subscription_type: + type: string + url: + type: string + type: object + GraphQLSupergraphConfig: + properties: + disable_query_batching: + type: boolean + global_headers: + additionalProperties: + type: string + nullable: true + type: object + merged_sdl: + type: string + subgraphs: items: - $ref: '#/components/schemas/ValidatePathMeta' + $ref: '#/components/schemas/GraphQLSubgraphEntity' + nullable: true type: array - x-go-name: ValidateJSON - virtual: + updated_at: + format: date-time + nullable: true + type: string + type: object + GraphQLTypeFields: + properties: + fields: items: - $ref: '#/components/schemas/VirtualMeta' + type: string + nullable: true type: array - x-go-name: Virtual - white_list: + type: + type: string + type: object + GraphqlType: + properties: + fields: items: - $ref: '#/components/schemas/EndPointMeta' + type: string + nullable: true type: array - x-go-name: WhiteList + name: + type: string type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - GlobalRateLimit: + HMAC: properties: - per: - format: double - type: number - x-go-name: Per - rate: - format: double + AuthSources: + $ref: '#/components/schemas/AuthSources' + allowedAlgorithms: + items: + type: string + type: array + allowedClockSkew: type: number - x-go-name: Rate - type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - GraphAccessDefinition: + enabled: + type: boolean type: object - x-go-package: github.com/TykTechnologies/tyk/user HardTimeoutMeta: properties: + disabled: + type: boolean method: type: string - x-go-name: Method path: type: string - x-go-name: Path timeout: - format: int64 type: integer - x-go-name: TimeOut type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - HashType: - type: string - x-go-package: github.com/TykTechnologies/tyk/user + Header: + properties: + name: + type: string + value: + type: string + type: object HeaderInjectionMeta: properties: act_on: type: boolean - x-go-name: ActOnResponse add_headers: additionalProperties: type: string + nullable: true type: object - x-go-name: AddHeaders delete_headers: items: type: string + nullable: true type: array - x-go-name: DeleteHeaders + disabled: + type: boolean method: type: string - x-go-name: Method path: type: string - x-go-name: Path type: object - x-go-package: github.com/TykTechnologies/tyk/apidef + Headers: + items: + $ref: '#/components/schemas/Header' + type: array + HealthCheckItem: + properties: + componentId: + type: string + componentType: + type: string + output: + type: string + status: + enum: + - pass + - fail + - warn + type: string + time: + type: string + type: object + HealthCheckResponse: + properties: + description: + type: string + details: + additionalProperties: + $ref: '#/components/schemas/HealthCheckItem' + type: object + output: + type: string + status: + enum: + - pass + - fail + - warn + type: string + version: + type: string + type: object HostCheckObject: properties: body: type: string - x-go-name: Body + commands: + items: + $ref: '#/components/schemas/CheckCommand' + nullable: true + type: array + enable_proxy_protocol: + type: boolean headers: additionalProperties: type: string + nullable: true type: object - x-go-name: Headers method: type: string - x-go-name: Method + protocol: + type: string + timeout: + type: integer url: type: string - x-go-name: CheckURL type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - IdExtractorSource: - type: string - x-go-package: github.com/TykTechnologies/tyk/apidef - IdExtractorType: - type: string - x-go-package: github.com/TykTechnologies/tyk/apidef + HttpHeader: + additionalProperties: + items: + type: string + type: array + type: object + IDExtractor: + properties: + config: + $ref: '#/components/schemas/IDExtractorConfig' + enabled: + type: boolean + source: + type: string + with: + type: string + type: object + IDExtractorConfig: + properties: + formParamName: + type: string + headerName: + type: string + regexp: + type: string + regexpMatchIndex: + type: integer + xPathExp: + type: string + type: object + Info: + properties: + dbId: + type: string + expiration: + type: string + id: + type: string + name: + type: string + orgId: + type: string + state: + $ref: '#/components/schemas/State' + versioning: + $ref: '#/components/schemas/Versioning' + type: object + Internal: + properties: + enabled: + type: boolean + type: object InternalMeta: properties: + disabled: + type: boolean method: type: string - x-go-name: Method path: type: string - x-go-name: Path type: object - x-go-package: github.com/TykTechnologies/tyk/apidef + Introspection: + properties: + cache: + $ref: '#/components/schemas/IntrospectionCache' + client_id: + type: string + client_secret: + type: string + enabled: + type: boolean + identity_base_field: + type: string + url: + type: string + type: object + IntrospectionCache: + properties: + enabled: + type: boolean + timeout: + format: int64 + type: integer + type: object + JWTData: + properties: + secret: + type: string + type: object + JWTValidation: + properties: + enabled: + type: boolean + expires_at_validation_skew: + minimum: 0 + type: integer + identity_base_field: + type: string + issued_at_validation_skew: + minimum: 0 + type: integer + not_before_validation_skew: + minimum: 0 + type: integer + signing_method: + type: string + source: + type: string + type: object + ListenPath: + properties: + strip: + type: boolean + value: + type: string + type: object MethodTransformMeta: properties: + disabled: + type: boolean method: type: string - x-go-name: Method path: type: string - x-go-name: Path to_method: type: string - x-go-name: ToMethod type: object - x-go-package: github.com/TykTechnologies/tyk/apidef + Middleware: + properties: + global: + $ref: '#/components/schemas/Global' + operations: + $ref: '#/components/schemas/Operations' + type: object MiddlewareDefinition: properties: + disabled: + type: boolean name: + example: PreMiddlewareFunction type: string - x-go-name: Name path: type: string - x-go-name: Path + raw_body_only: + example: false + type: boolean require_session: + example: false type: boolean - x-go-name: RequireSession type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - MiddlewareDriver: - type: string - x-go-package: github.com/TykTechnologies/tyk/apidef MiddlewareIdExtractor: properties: + disabled: + type: boolean extract_from: - $ref: '#/components/schemas/IdExtractorSource' + type: string extract_with: - $ref: '#/components/schemas/IdExtractorType' + type: string extractor_config: - additionalProperties: - type: object + additionalProperties: {} + nullable: true type: object - x-go-name: ExtractorConfig type: object - x-go-package: github.com/TykTechnologies/tyk/apidef MiddlewareSection: properties: auth_check: $ref: '#/components/schemas/MiddlewareDefinition' driver: - $ref: '#/components/schemas/MiddlewareDriver' + type: string id_extractor: $ref: '#/components/schemas/MiddlewareIdExtractor' post: items: $ref: '#/components/schemas/MiddlewareDefinition' + nullable: true type: array - x-go-name: Post post_key_auth: items: $ref: '#/components/schemas/MiddlewareDefinition' + nullable: true type: array - x-go-name: PostKeyAuth pre: items: - $ref: '#/components/schemas/MiddlewareDefinition' + $ref: '#/components/schemas/MiddlewareDefinition' + nullable: true + type: array + response: + items: + $ref: '#/components/schemas/MiddlewareDefinition' + nullable: true + type: array + type: object + MockResponse: + properties: + body: + type: string + code: + type: integer + enabled: + type: boolean + fromOASExamples: + $ref: '#/components/schemas/FromOASExamples' + headers: + $ref: '#/components/schemas/Headers' + type: object + MockResponseMeta: + properties: + body: + type: string + code: + type: integer + disabled: + type: boolean + headers: + additionalProperties: + type: string + nullable: true + type: object + ignore_case: + type: boolean + method: + type: string + path: + type: string + type: object + Monitor: + properties: + trigger_limits: + example: + - 80 + - 60 + - 50 + items: + type: number + nullable: true type: array - x-go-name: Pre - response: + type: object + MutualTLS: + properties: + domainToCertificateMapping: items: - $ref: '#/components/schemas/MiddlewareDefinition' + $ref: '#/components/schemas/DomainToCertificate' + nullable: true type: array - x-go-name: Response + enabled: + type: boolean type: object - x-go-package: github.com/TykTechnologies/tyk/apidef NewClientRequest: - description: >- - NewClientRequest is an outward facing JSON object translated from osin - OAuthClients properties: api_id: + example: keyless type: string - x-go-name: APIID client_id: + example: 2a06b398c17f46908de3dffcb71ef87b type: string - x-go-name: ClientID description: + example: google client login type: string - x-go-name: Description meta_data: + additionalProperties: + type: string + nullable: true type: object - x-go-name: MetaData policy_id: type: string - x-go-name: PolicyID redirect_uri: + example: https://httpbin.org/ip type: string - x-go-name: ClientRedirectURI secret: + example: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0 type: string - x-go-name: ClientSecret type: object - x-go-package: github.com/TykTechnologies/tyk NotificationsManager: - description: 'TODO: Make this more generic' properties: oauth_on_keychange_url: type: string - x-go-name: OAuthKeyChangeURL shared_secret: type: string - x-go-name: SharedSecret - title: >- - NotificationsManager handles sending notifications to OAuth endpoints to - notify the provider of key changes. type: object - x-go-package: github.com/TykTechnologies/tyk/apidef + OASSchemaResponse: + properties: + message: + type: string + schema: {} + status: + type: string + type: object OAuthClientToken: properties: code: type: string - x-go-name: Token expires: - format: int64 type: integer - x-go-name: Expires type: object - x-go-package: github.com/TykTechnologies/tyk + OIDC: + properties: + AuthSources: + $ref: '#/components/schemas/AuthSources' + enabled: + type: boolean + providers: + items: + $ref: '#/components/schemas/ProviderType2' + type: array + scopes: + $ref: '#/components/schemas/ScopesType2' + segregateByClientId: + type: boolean + type: object OIDProviderConfig: properties: client_ids: additionalProperties: type: string + nullable: true type: object - x-go-name: ClientIDs issuer: type: string - x-go-name: Issuer type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - ObjectID: - description: 'http://www.mongodb.org/display/DOCS/Object+IDs' - title: >- - ObjectID is a unique ID identifying a BSON value. It must be exactly 12 - bytes - - long. MongoDB objects by default have such a property set in their "_id" - - property. - type: string - x-go-package: github.com/TykTechnologies/tyk/vendor/gopkg.in/mgo.v2/bson OpenIDOptions: properties: providers: items: $ref: '#/components/schemas/OIDProviderConfig' + nullable: true type: array - x-go-name: Providers segregate_by_client: type: boolean - x-go-name: SegregateByClient type: object - x-go-package: github.com/TykTechnologies/tyk/apidef + Operation: + properties: + allow: + $ref: '#/components/schemas/Allowance' + block: + $ref: '#/components/schemas/Allowance' + cache: + $ref: '#/components/schemas/CachePlugin' + circuitBreaker: + $ref: '#/components/schemas/CircuitBreaker' + doNotTrackEndpoint: + $ref: '#/components/schemas/TrackEndpoint' + enforceTimeout: + $ref: '#/components/schemas/EnforceTimeout' + ignoreAuthentication: + $ref: '#/components/schemas/Allowance' + internal: + $ref: '#/components/schemas/Internal' + mockResponse: + $ref: '#/components/schemas/MockResponse' + postPlugins: + $ref: '#/components/schemas/EndpointPostPlugins' + rateLimit: + $ref: '#/components/schemas/RateLimitEndpoint' + requestSizeLimit: + $ref: '#/components/schemas/RequestSizeLimit' + trackEndpoint: + $ref: '#/components/schemas/TrackEndpoint' + transformRequestBody: + $ref: '#/components/schemas/TransformBody' + transformRequestHeaders: + $ref: '#/components/schemas/TransformHeaders' + transformRequestMethod: + $ref: '#/components/schemas/TransformRequestMethod' + transformResponseBody: + $ref: '#/components/schemas/TransformBody' + transformResponseHeaders: + $ref: '#/components/schemas/TransformHeaders' + urlRewrite: + $ref: '#/components/schemas/URLRewrite' + validateRequest: + $ref: '#/components/schemas/ValidateRequest' + virtualEndpoint: + $ref: '#/components/schemas/VirtualEndpoint' + type: object + Operations: + additionalProperties: + $ref: '#/components/schemas/Operation' + type: object + PaginatedOAuthClientTokens: + properties: + Pagination: + $ref: '#/components/schemas/PaginationStatus' + Tokens: + items: + $ref: '#/components/schemas/OAuthClientToken' + nullable: true + type: array + type: object + PaginationStatus: + properties: + page_num: + type: integer + page_size: + type: integer + page_total: + type: integer + type: object + PersistGraphQLMeta: + properties: + method: + type: string + operation: + type: string + path: + type: string + variables: + additionalProperties: {} + nullable: true + type: object + type: object + PinnedPublicKey: + properties: + domain: + type: string + publicKeys: + items: + type: string + nullable: true + type: array + type: object + PinnedPublicKeys: + items: + $ref: '#/components/schemas/PinnedPublicKey' + nullable: true + type: array + PkixName: + type: object + PluginBundle: + properties: + enabled: + type: boolean + path: + type: string + type: object + PluginConfig: + properties: + bundle: + $ref: '#/components/schemas/PluginBundle' + data: + $ref: '#/components/schemas/PluginConfigData' + driver: + type: string + type: object + PluginConfigData: + properties: + enabled: + type: boolean + value: + additionalProperties: {} + nullable: true + type: object + type: object Policy: properties: _id: - $ref: '#/components/schemas/ObjectID' + example: 5ead7120575961000181867e + type: string + access_rights: + additionalProperties: + $ref: '#/components/schemas/AccessDefinition' + nullable: true + type: object + active: + example: true + type: boolean + enable_http_signature_validation: + example: false + type: boolean + graphql_access_rights: + additionalProperties: + $ref: '#/components/schemas/GraphAccessDefinition' + nullable: true type: object - x-go-name: MID + hmac_enabled: + example: false + type: boolean id: + example: 5ead7120575961000181867e + type: string + is_inactive: + example: false + type: boolean + key_expires_in: + example: 0 + format: int64 + type: integer + last_updated: + example: "1655965189" type: string - x-go-name: ID + max_query_depth: + example: -1 + type: integer + meta_data: + additionalProperties: {} + nullable: true + type: object name: + example: Swagger Petstore Policy type: string - x-go-name: Name org_id: + example: 5e9d9544a1dcd60001d0ed20 type: string - x-go-name: OrgID - rate: - format: double - type: number - x-go-name: Rate + partitions: + $ref: '#/components/schemas/PolicyPartitions' per: + example: 60 format: double type: number - x-go-name: Per quota_max: + example: -1 format: int64 type: integer - x-go-name: QuotaMax quota_renewal_rate: + example: 3600 format: int64 type: integer - x-go-name: QuotaRenewalRate + rate: + example: 1000 + format: double + type: number + smoothing: + $ref: '#/components/schemas/RateLimitSmoothing' + tags: + items: + type: string + nullable: true + type: array throttle_interval: + example: -1 format: double type: number - x-go-name: ThrottleInterval throttle_retry_limit: - type: number - x-go-name: ThrottleRetryLimit - max_query_depth: - type: number - x-go-name: MaxQueryDepth - access_rights: - type: object - x-go-name: AccessRights - additionalProperties: - $ref: '#/components/schemas/AccessDefinition' - hmac_enabled: + example: -1 + type: integer + type: object + PolicyPartitions: + properties: + acl: + example: true type: boolean - x-go-name: HMACEnabled - enable_http_signature_validation: + complexity: + example: false type: boolean - x-go-name: EnableHTTPSignatureValidation - active: + per_api: + example: false type: boolean - x-go-name: Active - is_inactive: + quota: + example: true type: boolean - x-go-name: IsInactive - tags: - type: array + rate_limit: + example: true + type: boolean + type: object + PolicyUpdateObj: + properties: + apply_policies: items: type: string - x-go-name: Tags - key_expires_in: - format: int64 - type: number - x-go-name: KeyExpiresIn - partitions: - $ref: '#/components/schemas/PolicyPartitions' - type: object - x-go-name: Partitions - last_updated: + nullable: true + type: array + policy: type: string - x-go-name: LastUpdates - smoothing: - type: object - $ref: '#/components/schemas/RateLimitSmoothing' - description: Smoothing contains rate limit smoothing settings. - x-go-name: Smoothing - meta_data: - type: object - x-go-name: MetaData - graphql_access_rights: - $ref: '#/components/schemas/GraphAccessDefinition' - title: Policy represents a user policy type: object - x-go-package: github.com/TykTechnologies/tyk/user - PolicyPartitions: + PostAuthenticationPlugin: properties: - quota: + plugins: + $ref: '#/components/schemas/CustomPlugins' + type: object + PostPlugin: + properties: + plugins: + $ref: '#/components/schemas/CustomPlugins' + type: object + PrePlugin: + properties: + plugins: + $ref: '#/components/schemas/CustomPlugins' + type: object + Provider: + properties: + introspection: + $ref: '#/components/schemas/Introspection' + jwt: + $ref: '#/components/schemas/JWTValidation' + type: object + ProviderType2: + properties: + clientToPolicyMapping: + items: + $ref: '#/components/schemas/ClientToPolicy' + type: array + issuer: + type: string + type: object + ProxyConfig: + properties: + check_host_against_uptime_tests: type: boolean - x-go-name: Quota - rate_limit: + disable_strip_slash: type: boolean - x-go-name: RateLimit - complexity: + enable_load_balancing: type: boolean - x-go-name: Complexity - acl: + listen_path: + example: /relative-path-examples/ + type: string + preserve_host_header: type: boolean - x-go-name: Acl - per_api: + service_discovery: + $ref: '#/components/schemas/ServiceDiscoveryConfiguration' + strip_listen_path: + example: true + type: boolean + target_list: + items: + type: string + nullable: true + type: array + target_url: + example: https://httpbin.org/ + type: string + transport: + properties: + proxy_url: + type: string + ssl_ciphers: + items: + type: string + nullable: true + type: array + ssl_force_common_name_check: + type: boolean + ssl_insecure_skip_verify: + type: boolean + ssl_max_version: + minimum: 0 + type: integer + ssl_min_version: + minimum: 0 + type: integer + type: object + type: object + RateLimit: + properties: + enabled: + type: boolean + per: + type: integer + rate: + type: integer + type: object + RateLimitEndpoint: + properties: + enabled: + type: boolean + per: + type: integer + rate: + type: integer + type: object + RateLimitMeta: + properties: + disabled: type: boolean - x-go-name: PerAPI + method: + type: string + path: + type: string + per: + type: number + rate: + type: number type: object - x-go-package: github.com/TykTechnologies/tyk/user RateLimitSmoothing: properties: delay: type: integer - format: int64 - description: Delay is a hold-off between smoothing events and controls how frequently the current allowance will step up or down (in seconds). - minimum: 1 - x-go-name: Delay enabled: type: boolean - description: Enabled indicates if rate limit smoothing is active. - x-go-name: Enabled step: type: integer - format: int64 - description: Step is the increment by which the current allowance will be increased or decreased each time a smoothing event is emitted. - minimum: 1 - x-go-name: Step threshold: type: integer - format: int64 - description: Threshold is the initial rate limit beyond which smoothing will be applied. It is a count of requests during the `per` interval and should be less than the maximum configured `rate`. - minimum: 1 - x-go-name: Threshold - trigger: - type: number - format: double - description: Trigger is a fraction (typically in the range 0.1-1.0) of the step at which point a smoothing event will be emitted as the request rate approaches the current allowance. - minimum: 0 - exclusiveMinimum: true - multipleOf: 0.01 - x-go-name: Trigger - title: RateLimitSmoothing holds the rate smoothing configuration. - description: |- - Rate Limit Smoothing is a mechanism to dynamically adjust the request rate - limits based on the current traffic patterns. It helps in managing request - spikes by gradually increasing or decreasing the rate limit instead of making - abrupt changes or blocking requests excessively. - - Once the rate limit smoothing triggers an allowance change, one of the - following events is emitted: - - - `RateLimitSmoothingUp` when the allowance increases - - `RateLimitSmoothingDown` when the allowance decreases - - Events are emitted based on the configuration: - - - `enabled` (boolean) to enable or disable rate limit smoothing - - `threshold` after which to apply smoothing (minimum rate for window) - - `trigger` configures at which fraction of a step a smoothing event is emitted - - `step` is the value by which the rate allowance will get adjusted - - `delay` is a hold-off in seconds providing a minimum period between rate allowance adjustments - - To determine if the request rate is growing and needs to be smoothed, the - `step * trigger` value is subtracted from the request allowance and, if - the request rate goes above that, then a RateLimitSmoothingUp event is - emitted and the rate allowance is increased by `step`. - - Once the request allowance has been increased above the `threshold`, Tyk - will start to check for decreasing request rate. When the request rate - drops `step * (1 + trigger)` below the request allowance, a - `RateLimitSmoothingDown` event is emitted and the rate allowance is - decreased by `step`. - - After the request allowance has been adjusted (up or down), the request - rate will be checked again over the next `delay` seconds and, if - required, further adjustment made to the rate allowance after the - hold-off. - - For any allowance, events are emitted based on the following calculations: - - - When the request rate rises above `allowance - (step * trigger)`, - a RateLimitSmoothingUp event is emitted and allowance increases by `step`. - - When the request rate falls below `allowance - (step + step * trigger)`, - a RateLimitSmoothingDown event is emitted and allowance decreases by `step`. - - Example: Threshold: 400, Request allowance: 600, Current rate: 500, Step: 100, Trigger: 0.5. - - To trigger a RateLimitSmoothingUp event, the request rate must exceed: - - - Calculation: Allowance - (Step * Trigger). - - Example: 600 - (100 * 0.5) = `550`. - - Exceeding a request rate of `550` will increase the allowance to 700 (Allowance + Step). - - To trigger a RateLimitSmoothingDown event, the request rate must fall below: - - - Calculation: Allowance - (Step + (Step * Trigger)). - - Example: 600 - (100 + (100 * 0.5)) = 450. - - As the request rate falls below 450, that will decrease the allowance to 500 (Allowance - Step). - - The request allowance will be smoothed between `threshold`, and the - defined `rate` limit (maximum). The request allowance will be updated - internally every `delay` seconds. - type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - Regexp: - description: Regexp is a wrapper around regexp.Regexp but with caching - properties: - FromCache: - type: boolean - type: object - x-go-package: github.com/TykTechnologies/tyk/regexp - RequestInputType: - type: string - x-go-package: github.com/TykTechnologies/tyk/apidef + trigger: + type: number + type: object + RateLimitType2: + properties: + per: + type: number + rate: + type: number + smoothing: + $ref: '#/components/schemas/RateLimitSmoothing' + type: object + RequestHeadersRewriteConfig: + properties: + remove: + type: boolean + value: + type: string + type: object + RequestSigningMeta: + properties: + algorithm: + type: string + certificate_id: + type: string + header_list: + items: + type: string + nullable: true + type: array + is_enabled: + type: boolean + key_id: + type: string + secret: + type: string + signature_header: + type: string + type: object + RequestSizeLimit: + properties: + enabled: + type: boolean + value: + type: integer + type: object RequestSizeMeta: properties: + disabled: + type: boolean method: type: string - x-go-name: Method path: type: string - x-go-name: Path size_limit: format: int64 type: integer - x-go-name: SizeLimit type: object - x-go-package: github.com/TykTechnologies/tyk/apidef + ResponsePlugin: + properties: + plugins: + $ref: '#/components/schemas/CustomPlugins' + type: object ResponseProcessor: properties: name: type: string - x-go-name: Name - options: - type: object - x-go-name: Options + options: {} type: object - x-go-package: github.com/TykTechnologies/tyk/apidef RoutingTrigger: properties: - 'on': - $ref: '#/components/schemas/RoutingTriggerOnType' + "on": + enum: + - all + - any + type: string options: $ref: '#/components/schemas/RoutingTriggerOptions' rewrite_to: type: string - x-go-name: RewriteTo type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - RoutingTriggerOnType: - type: string - x-go-package: github.com/TykTechnologies/tyk/apidef RoutingTriggerOptions: properties: header_matches: additionalProperties: $ref: '#/components/schemas/StringRegexMap' + nullable: true type: object - x-go-name: HeaderMatches path_part_matches: additionalProperties: $ref: '#/components/schemas/StringRegexMap' + nullable: true type: object - x-go-name: PathPartMatches payload_matches: $ref: '#/components/schemas/StringRegexMap' query_val_matches: additionalProperties: $ref: '#/components/schemas/StringRegexMap' + nullable: true type: object - x-go-name: QueryValMatches request_context_matches: additionalProperties: $ref: '#/components/schemas/StringRegexMap' + nullable: true type: object - x-go-name: RequestContextMatches session_meta_matches: additionalProperties: $ref: '#/components/schemas/StringRegexMap' + nullable: true type: object - x-go-name: SessionMetaMatches type: object - x-go-package: github.com/TykTechnologies/tyk/apidef + ScopeClaim: + properties: + scope_claim_name: + type: string + scope_to_policy: + additionalProperties: + type: string + type: object + type: object + ScopeToPolicy: + properties: + policyId: + type: string + scope: + type: string + type: object + Scopes: + properties: + jwt: + $ref: '#/components/schemas/ScopeClaim' + oidc: + $ref: '#/components/schemas/ScopeClaim' + type: object + ScopesType2: + properties: + claimName: + type: string + scopeToPolicyMapping: + items: + $ref: '#/components/schemas/ScopeToPolicy' + type: array + type: object + SecuritySchemes: + additionalProperties: {} + type: object + Server: + properties: + authentication: + $ref: '#/components/schemas/Authentication' + clientCertificates: + $ref: '#/components/schemas/ClientCertificates' + customDomain: + $ref: '#/components/schemas/Domain' + detailedActivityLogs: + $ref: '#/components/schemas/DetailedActivityLogs' + detailedTracing: + $ref: '#/components/schemas/DetailedTracing' + eventHandlers: + $ref: '#/components/schemas/EventHandlers' + gatewayTags: + $ref: '#/components/schemas/GatewayTags' + listenPath: + $ref: '#/components/schemas/ListenPath' + type: object + ServiceDiscovery: + properties: + cache: + $ref: '#/components/schemas/ServiceDiscoveryCache' + cacheTimeout: + type: integer + dataPath: + type: string + enabled: + type: boolean + endpointReturnsList: + type: boolean + parentDataPath: + type: string + portDataPath: + type: string + queryEndpoint: + type: string + targetPath: + type: string + useNestedQuery: + type: boolean + useTargetList: + type: boolean + type: object + ServiceDiscoveryCache: + properties: + enabled: + type: boolean + timeout: + type: integer + type: object ServiceDiscoveryConfiguration: properties: + cache_disabled: + type: boolean cache_timeout: - format: int64 type: integer - x-go-name: CacheTimeout data_path: type: string - x-go-name: DataPath endpoint_returns_list: type: boolean - x-go-name: EndpointReturnsList parent_data_path: type: string - x-go-name: ParentDataPath port_data_path: type: string - x-go-name: PortDataPath query_endpoint: type: string - x-go-name: QueryEndpoint target_path: type: string - x-go-name: TargetPath use_discovery_service: type: boolean - x-go-name: UseDiscoveryService use_nested_query: type: boolean - x-go-name: UseNestedQuery use_target_list: type: boolean - x-go-name: UseTargetList type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - SessionProviderCode: - type: string - x-go-package: github.com/TykTechnologies/tyk/apidef SessionProviderMeta: properties: meta: - additionalProperties: - type: object + additionalProperties: {} + nullable: true type: object - x-go-name: Meta name: - $ref: '#/components/schemas/SessionProviderCode' + type: string storage_engine: - $ref: '#/components/schemas/StorageEngineCode' + type: string type: object - x-go-package: github.com/TykTechnologies/tyk/apidef SessionState: - description: >- - There's a data structure that's based on this and it's used for Protocol - Buffer support, make sure to update - "coprocess/proto/coprocess_session_state.proto" and generate the - bindings using: cd coprocess/proto && ./update_bindings.sh properties: - tags: - items: - type: string - type: array - x-go-name: Tags access_rights: additionalProperties: $ref: '#/components/schemas/AccessDefinition' + nullable: true type: object - x-go-name: AccessRights alias: + example: portal-developer@example.org type: string - x-go-name: Alias allowance: + example: 1000 format: double type: number - x-go-name: Allowance apply_policies: + example: + - 641c15dd0fffb800010197bf items: type: string + nullable: true type: array - x-go-name: ApplyPolicies apply_policy_id: + deprecated: true + description: deprecated use apply_policies going forward instead to send + a list of policies ids + example: 641c15dd0fffb800010197bf type: string - x-go-name: ApplyPolicyID basic_auth_data: - properties: - hash_type: - $ref: '#/components/schemas/HashType' - password: - type: string - x-go-name: Password - type: object - x-go-name: BasicAuthData + $ref: '#/components/schemas/BasicAuthData' certificate: type: string - x-go-name: Certificate data_expires: + example: 0 format: int64 type: integer - x-go-name: DataExpires + date_created: + example: "2024-03-13T03:56:46.568042549Z" + format: date-time + type: string enable_detail_recording: + deprecated: true + description: deprecated use enable_detailed_recording going forward instead + example: false + type: boolean + enable_detailed_recording: + example: true + type: boolean + enable_http_signature_validation: + example: false type: boolean - x-go-name: EnableDetailedRecording expires: + example: 1.712895619e+09 format: int64 type: integer - x-go-name: Expires hmac_enabled: + example: false type: boolean - x-go-name: HMACEnabled hmac_string: type: string - x-go-name: HmacSecret id_extractor_deadline: format: int64 type: integer - x-go-name: IdExtractorDeadline is_inactive: + example: false type: boolean - x-go-name: IsInactive jwt_data: - properties: - secret: - type: string - x-go-name: Secret - type: object - x-go-name: JWTData + $ref: '#/components/schemas/JWTData' last_check: + example: 0 format: int64 type: integer - x-go-name: LastCheck last_updated: + example: "1710302206" type: string - x-go-name: LastUpdated + max_query_depth: + example: -1 + type: integer meta_data: - additionalProperties: - type: object + additionalProperties: {} + example: + tyk_developer_id: 62b3fb9a1d5e4f00017226f5 + nullable: true type: object - x-go-name: MetaData monitor: - properties: - trigger_limits: - items: - format: double - type: number - type: array - x-go-name: TriggerLimits - type: object - x-go-name: Monitor + $ref: '#/components/schemas/Monitor' oauth_client_id: type: string - x-go-name: OauthClientID oauth_keys: additionalProperties: type: string + nullable: true type: object - x-go-name: OauthKeys org_id: + example: 5e9d9544a1dcd60001d0ed20 type: string - x-go-name: OrgID per: + example: 5 format: double type: number - x-go-name: Per quota_max: + example: 20000 format: int64 type: integer - x-go-name: QuotaMax quota_remaining: + example: 20000 format: int64 type: integer - x-go-name: QuotaRemaining quota_renewal_rate: + example: 3.1556952e+07 format: int64 type: integer - x-go-name: QuotaRenewalRate quota_renews: + example: 1.710302205e+09 format: int64 type: integer - x-go-name: QuotaRenews rate: + example: 1 format: double type: number - x-go-name: Rate + rsa_certificate_id: + type: string session_lifetime: + example: 0 format: int64 type: integer - x-go-name: SessionLifetime smoothing: - type: object $ref: '#/components/schemas/RateLimitSmoothing' - description: Smoothing contains rate limit smoothing settings. - x-go-name: Smoothing + tags: + example: + - edge + - edge-eu + items: + type: string + nullable: true + type: array throttle_interval: + example: 10 format: double type: number - x-go-name: ThrottleInterval throttle_retry_limit: - format: int64 + example: 1000 type: integer - x-go-name: ThrottleRetryLimit - title: >- - SessionState objects represent a current API session, mainly used for - rate limiting. type: object - x-go-package: github.com/TykTechnologies/tyk/user SignatureConfig: properties: algorithm: type: string - x-go-name: Algorithm allowed_clock_skew: - format: int64 type: integer - x-go-name: AllowedClockSkew error_code: - format: int64 type: integer - x-go-name: ErrorCode error_message: type: string - x-go-name: ErrorMessage header: type: string - x-go-name: Header + param_name: + type: string secret: type: string - x-go-name: Secret + use_param: + type: boolean + type: object + State: + properties: + active: + type: boolean + internal: + type: boolean type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - StorageEngineCode: - type: string - x-go-package: github.com/TykTechnologies/tyk/apidef StringRegexMap: properties: match_rx: type: string - x-go-name: MatchPattern reverse: type: boolean - x-go-name: Reverse type: object - x-go-package: github.com/TykTechnologies/tyk/apidef TemplateData: properties: enable_session: type: boolean - x-go-name: EnableSession input_type: - $ref: '#/components/schemas/RequestInputType' + enum: + - json + - xml + type: string template_mode: - $ref: '#/components/schemas/TemplateMode' + enum: + - blob + - file + type: string template_source: type: string - x-go-name: TemplateSource type: object - x-go-package: github.com/TykTechnologies/tyk/apidef TemplateMeta: properties: + disabled: + type: boolean method: type: string - x-go-name: Method path: type: string - x-go-name: Path template_data: $ref: '#/components/schemas/TemplateData' type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - TemplateMode: - type: string - x-go-package: github.com/TykTechnologies/tyk/apidef + Test: + properties: + serviceDiscovery: + $ref: '#/components/schemas/ServiceDiscovery' + type: object + TraceHttpRequest: + properties: + body: + type: string + headers: + $ref: '#/components/schemas/HttpHeader' + method: + example: GET + type: string + path: + example: /keyless-test/ + type: string + type: object + TraceRequest: + properties: + request: + $ref: '#/components/schemas/TraceHttpRequest' + spec: + $ref: '#/components/schemas/APIDefinition' + type: object + TraceResponse: + properties: + logs: + example: '{"level":"warning","msg":"Legacy path detected! Upgrade to extended....' + type: string + message: + example: ok + type: string + response: + example: "====== Request ======\nGET / HTTP/1.1\r\nHost: httpbin.org\r\n\r\n\n====== + Response..." + type: string + type: object + TrackEndpoint: + properties: + enabled: + type: boolean + type: object TrackEndpointMeta: properties: + disabled: + type: boolean method: type: string - x-go-name: Method path: type: string - x-go-name: Path type: object - x-go-package: github.com/TykTechnologies/tyk/apidef + TrafficLogs: + properties: + enabled: + type: boolean + type: object + TransformBody: + properties: + body: + type: string + enabled: + type: boolean + format: + type: string + path: + type: string + type: object + TransformHeaders: + properties: + add: + $ref: '#/components/schemas/Headers' + enabled: + type: boolean + remove: + items: + type: string + type: array + type: object TransformJQMeta: properties: filter: type: string - x-go-name: Filter method: type: string - x-go-name: Method path: type: string - x-go-name: Path type: object - x-go-package: github.com/TykTechnologies/tyk/apidef + TransformRequestMethod: + properties: + enabled: + type: boolean + toMethod: + type: string + type: object + UDGGlobalHeader: + properties: + key: + type: string + value: + type: string + type: object + URLRewrite: + properties: + enabled: + type: boolean + pattern: + type: string + rewriteTo: + type: string + triggers: + items: + $ref: '#/components/schemas/URLRewriteTrigger' + type: array + type: object URLRewriteMeta: properties: - MatchRegexp: - $ref: '#/components/schemas/Regexp' + disabled: + type: boolean match_pattern: type: string - x-go-name: MatchPattern method: type: string - x-go-name: Method path: type: string - x-go-name: Path rewrite_to: type: string - x-go-name: RewriteTo triggers: items: $ref: '#/components/schemas/RoutingTrigger' + nullable: true + type: array + type: object + URLRewriteRule: + properties: + in: + type: string + name: + type: string + negate: + type: boolean + pattern: + type: string + type: object + URLRewriteTrigger: + properties: + condition: + type: string + rewriteTo: + type: string + rules: + items: + $ref: '#/components/schemas/URLRewriteRule' + type: array + type: object + Upstream: + properties: + certificatePinning: + $ref: '#/components/schemas/CertificatePinning' + mutualTLS: + $ref: '#/components/schemas/MutualTLS' + rateLimit: + $ref: '#/components/schemas/RateLimit' + serviceDiscovery: + $ref: '#/components/schemas/ServiceDiscovery' + test: + $ref: '#/components/schemas/Test' + url: + type: string + type: object + UptimeTests: + properties: + check_list: + items: + $ref: '#/components/schemas/HostCheckObject' + nullable: true type: array - x-go-name: Triggers + config: + $ref: '#/components/schemas/UptimeTestsConfig' + type: object + UptimeTestsConfig: + properties: + expire_utime_after: + type: integer + recheck_wait: + type: integer + service_discovery: + $ref: '#/components/schemas/ServiceDiscoveryConfiguration' type: object - x-go-package: github.com/TykTechnologies/tyk/apidef ValidatePathMeta: properties: + disabled: + type: boolean error_response_code: - description: >- - Allows override of default 422 Unprocessible Entity response code - for validation errors. - format: int64 type: integer - x-go-name: ErrorResponseCode method: type: string - x-go-name: Method path: type: string - x-go-name: Path schema: - additionalProperties: - type: object + additionalProperties: {} + nullable: true type: object - x-go-name: Schema schema_b64: type: string - x-go-name: SchemaB64 type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - VersionInfo: + ValidateRequest: properties: - paths: - properties: - black_list: - items: - type: string - type: array - x-go-name: BlackList - ignored: - items: - type: string - type: array - x-go-name: Ignored - white_list: - items: - type: string - type: array - x-go-name: WhiteList + enabled: + type: boolean + errorResponseCode: + type: integer + type: object + ValidateRequestMeta: + properties: + enabled: + type: boolean + error_response_code: + type: integer + method: + type: string + path: + type: string + type: object + VersionData: + properties: + default_version: + type: string + not_versioned: + type: boolean + versions: + additionalProperties: + $ref: '#/components/schemas/VersionInfo' + nullable: true + type: object + type: object + VersionDefinition: + properties: + default: + type: string + enabled: + type: boolean + fallback_to_default: + type: boolean + key: + example: x-api-version + type: string + location: + example: header + type: string + name: + type: string + strip_path: + type: boolean + strip_versioning_data: + type: boolean + url_versioning_pattern: + type: string + versions: + additionalProperties: + type: string + nullable: true type: object - x-go-name: Paths + type: object + VersionInfo: + properties: expires: type: string - x-go-name: Expires extended_paths: $ref: '#/components/schemas/ExtendedPathsSet' global_headers: additionalProperties: type: string + nullable: true type: object - x-go-name: GlobalHeaders + global_headers_disabled: + type: boolean global_headers_remove: items: type: string + nullable: true + type: array + global_response_headers: + additionalProperties: + type: string + nullable: true + type: object + global_response_headers_disabled: + type: boolean + global_response_headers_remove: + items: + type: string + nullable: true type: array - x-go-name: GlobalHeadersRemove global_size_limit: format: int64 type: integer - x-go-name: GlobalSizeLimit + ignore_endpoint_case: + type: boolean name: type: string - x-go-name: Name override_target: type: string - x-go-name: OverrideTarget + paths: + properties: + black_list: + items: + type: string + nullable: true + type: array + ignored: + items: + type: string + nullable: true + type: array + white_list: + items: + type: string + nullable: true + type: array + type: object use_extended_paths: + example: true type: boolean - x-go-name: UseExtendedPaths type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - VirtualMeta: + VersionMeta: properties: - function_source_type: - type: string - x-go-name: FunctionSourceType - function_source_uri: - type: string - x-go-name: FunctionSourceURI - method: + expirationDate: + example: 2026-03-26 09:00 type: string - x-go-name: Method - path: + id: + example: keyless type: string - x-go-name: Path - proxy_on_error: + internal: + example: false type: boolean - x-go-name: ProxyOnError - response_function_name: - type: string - x-go-name: ResponseFunctionName - use_session: + isDefaultVersion: + example: true type: boolean - x-go-name: UseSession - type: object - x-go-package: github.com/TykTechnologies/tyk/apidef - apiAllKeys: - description: apiAllKeys represents a list of keys in the memory store - properties: - keys: - items: - type: string - type: array - x-go-name: APIKeys - type: object - x-go-package: github.com/TykTechnologies/tyk - apiModifyKeySuccess: - description: apiModifyKeySuccess represents when a Key modification was successful - properties: - action: - type: string - x-go-name: Action - key: - description: 'in:body' - type: string - x-go-name: Key - key_hash: - type: string - x-go-name: KeyHash - status: - type: string - x-go-name: Status - type: object - x-go-package: github.com/TykTechnologies/tyk - apiStatusMessage: - description: apiStatusMessage represents an API status message - properties: - message: - description: Response details + name: + example: Tyk Test Keyless API type: string - x-go-name: Message - status: + versionName: + example: v2 type: string - x-go-name: Status - type: object - x-go-package: github.com/TykTechnologies/tyk - APIAllCertificates: - description: APIAllCertificates represents a list of certificates - properties: - certs: - items: - type: string - type: array - x-go-name: Certs type: object - x-go-package: github.com/TykTechnologies/tyk - APIAllCertificateBasics: - description: APIAllCertificates represents a list of certificate basics + VersionMetas: properties: - certs: + apis: items: - $ref: '#/components/schemas/CertificateBasics' + $ref: '#/components/schemas/VersionMeta' + nullable: true type: array - x-go-name: Certs + status: + example: success + type: string type: object - x-go-package: github.com/TykTechnologies/tyk - CertificateBasics: - description: CertificateBasics represents basic details of a certificate + VersionToID: properties: id: type: string - x-go-name: ID - issuer_cn: - type: string - x-go-name: IssuerCN - subject_cn: - type: string - x-go-name: SubjectCN - dns_names: - type: array - items: - type: string - x-go-name: DNSNames - has_private: - type: string - x-go-name: HasPrivateKey - not_before: - type: string - x-go-name: NotBefore - not_after: + name: type: string - x-go-name: NotAfter - is_ca: - type: boolean - x-go-name: IsCA type: object - x-go-package: github.com/TykTechnologies/tyk - CertificateMeta: - description: CertificateBasics represents basic details of a certificate + Versioning: properties: - id: - type: string - x-go-name: ID - fingerprint: + default: type: string - x-go-name: Fingerprint - has_private: + enabled: + type: boolean + fallbackToDefault: + type: boolean + key: type: string - x-go-name: HasPrivateKey - issuer: - $ref: '#/components/schemas/pkixName' - subject: - $ref: '#/components/schemas/pkixName' - not_before: + location: type: string - x-go-name: NotBefore - not_after: + name: type: string - x-go-name: NotAfter - dns_names: - type: array - items: - type: string - x-go-name: DNSNames - is_ca: + stripVersioningData: type: boolean - x-go-name: IsCA - type: object - x-go-package: github.com/TykTechnologies/tyk - pkixName: - description: Name represents an X.509 distinguished name - properties: - Country: - type: array - items: - type: string - Organization: - type: array - items: - type: string - OrganizationalUnit: - type: array - items: - type: string - Locality: - type: array - items: - type: string - Province: - type: array - items: - type: string - StreetAddress: - type: array - items: - type: string - PostalCode: - type: array - items: - type: string - SerialNumber: - type: string - CommonName: + urlVersioningPattern: type: string - Names: - type: array - items: - $ref: '#/components/schemas/pkixAttributeTypeAndValue' - ExtraNames: - type: array - items: - $ref: '#/components/schemas/pkixAttributeTypeAndValueSET' - pkixAttributeTypeAndValue: - description: AttributeTypeAndValue mirrors the ASN.1 structure of the same name in RFC 5280, Section 4.1.2.4. - properties: - Type: - type: array - items: - type: integer - Value: - type: object - pkixAttributeTypeAndValueSET: - description: AttributeTypeAndValueSET represents a set of ASN.1 sequences of AttributeTypeAndValue sequences from RFC 2986 (PKCS #10). - properties: - Type: - type: array + versions: items: - type: integer - Value: + $ref: '#/components/schemas/VersionToID' + nullable: true type: array - items: - type: array - items: - $ref: '#/components/schemas/pkixAttributeTypeAndValue' - APICertificateStatusMessage: - description: Status message when certificate is added - properties: - id: - type: string - x-go-name: CertID - status: - type: string - x-go-name: Status - message: - type: string - x-go-name: Message - type: object - x-go-package: github.com/TykTechnologies/tyk - OASSchemaResponse: - description: OAS schema endpoint response type: object + VirtualEndpoint: properties: - status: + body: type: string - x-go-name: Status - message: + enabled: + type: boolean + functionName: type: string - x-go-name: Message - schema: + name: type: string - description: - BooleanQueryParam: - type: string - enum: [ true, false ] - example: true - APIVersionMeta: - description: API version meta + path: + type: string + proxyOnError: + type: boolean + requireSession: + type: boolean type: object + VirtualMeta: properties: - id: + disabled: + type: boolean + function_source_type: + enum: + - blob + - file type: string - name: + function_source_uri: type: string - versionName: + method: type: string - internal: + path: + type: string + proxy_on_error: type: boolean - expirationDate: + response_function_name: type: string - isDefaultVersion: + use_session: type: boolean - parameters: - UpstreamURL: - name: upstreamURL - in: query - description: Upstream URL for the API - required: false - schema: - type: string - ListenPath: - name: listenPath - in: query - description: Listen path for the API - schema: - type: string - required: false - CustomDomain: - name: customDomain - schema: - type: string - description: Custom domain for the API - in: query - required: false - ApiID: - name: apiID - schema: - type: string - description: ID of the API - in: query - required: false - ValidateRequest: - name: validateRequest - in: query - description: Enable validateRequest middleware for all endpoints having a request body with media type application/json - required: false - schema: - $ref: '#/components/schemas/BooleanQueryParam' - AllowList: - name: allowList - in: query - description: Enable allowList middleware for all endpoints - required: false - schema: - $ref: '#/components/schemas/BooleanQueryParam' - MockResponse: - name: mockResponse - in: query - description: Enable mockResponse middleware for all endpoints having responses configured. - required: false - schema: - $ref: '#/components/schemas/BooleanQueryParam' - Authentication: - name: authentication - in: query - description: Enable or disable authentication in your Tyk Gateway as per your OAS document. - schema: - $ref: '#/components/schemas/BooleanQueryParam' - SearchText: - name: searchText - schema: - type: string - description: Search for API version name - in: query - required: false - AccessType: - name: accessType - schema: - type: string - enum: [ "internal", "external" ] - description: Filter for internal or external API versions - in: query - required: false + type: object + XTykAPIGateway: + properties: + info: + $ref: '#/components/schemas/Info' + middleware: + $ref: '#/components/schemas/Middleware' + server: + $ref: '#/components/schemas/Server' + upstream: + $ref: '#/components/schemas/Upstream' + type: object securitySchemes: api_key: + description: Api key in: header name: X-Tyk-Authorization type: apiKey -security: - - api_key: []