openapi: 3.0.3
info:
contact:
email: support@tyk.io
name: Tyk Technologies
url: https://tyk.io/contact
description: |+
The Tyk Gateway API is the primary means for integrating your application with the Tyk API Gateway system. This API is very small, and has no granular permissions system. It is intended to be used purely for internal automation and integration.
**Warning: Under no circumstances should outside parties be granted access to this API.**
The Tyk Gateway API is capable of:
* Managing session objects (key generation).
* Managing and listing policies.
* Managing and listing API Definitions (only when not using the Tyk Dashboard).
* Hot reloads / reloading a cluster configuration.
* OAuth client creation (only when not using the Tyk Dashboard).
In order to use the Gateway API, you'll need to set the **secret** parameter in your tyk.conf file.
The shared secret you set should then be sent along as a header with each Gateway API Request in order for it to be successful:
**x-tyk-authorization: ***
The Tyk Gateway API is subsumed by the Tyk Dashboard API in Pro installations.
license:
name: Mozilla Public License Version 2.0
url: https://github.com/TykTechnologies/tyk/blob/master/LICENSE.md
title: Tyk Gateway API
version: 5.11.0
servers:
- url: https://{tenant}
variables:
tenant:
default: localhost:8080
description: Your gateway host
security:
- api_key: []
tags:
- description: |
**Note: Applies only to Tyk Gateway Community Edition**
API management is very simple using the Tyk Rest API: each update only affects the underlying file, and this endpoint will only work with disk based installations, not database-backed ones.
APIs that are added this way are flushed to to disk into the app_path folder using the format: *{api-id}.json*. Updating existing APIs that use a different naming convention will cause those APIs to be added, which could subsequently lead to a loading error and crash if they use the same listen_path.
These methods only work on a single API node. If updating a cluster, it is important to ensure that all nodes are updated before initiating a reload.
name: APIs
- description: |+
**Note: Applies only to Tyk Gateway Community Edition**
name: Tyk OAS APIs
- description: |
All keys that are used to access services via Tyk correspond to a session object that informs Tyk about the context of this particular token, like access rules and rate/quota allowance.
name: Keys
- description: |
It is possible to force API quota and rate limit across all keys that belong to a specific organisation ID. Rate limiting at an organisation level is useful for creating tiered access levels and trial accounts.
The Organisation rate limiting middleware works with both Quotas and Rate Limiters. In order to manage this functionality, a simple API has been put in place to manage these sessions.
Although the Organisation session-limiter uses the same session object, all other security keys are optional as they are not used.
Managing active status
To disallow access to an entire group of keys without rate limiting the organisation, create a session object with the "is_inactive" key set to true. This will block access before any other middleware is executed. It is useful when managing subscriptions for an organisation group and access needs to be blocked because of non-payment.
name: Organisation Quotas
- description: |
Sometimes a cache might contain stale data, or it may just need to be cleared because of an invalid configuration. This call will purge all keys associated with a cache on an API-by-API basis.
name: Cache Invalidation
- description: Use the endpoints under this tag to manage your certificates. You can
add, delete and list certificates using these endpoints.
name: Certs
- description: |
Force restart of the Gateway or whole cluster.
name: Hot Reload
- description: |
Check health status of the Tyk Gateway and loaded APIs.
name: Health Checking
- description: |
A Tyk security policy incorporates several security options that can be applied to an API key. It acts as a template that can override individual sections of an API key (or identity) in Tyk.
name: Policies
- description: |
Manage OAuth clients, and manage their tokens
name: OAuth
- description: |
Tyk supports batch requests, so a client makes a single request to the API but gets a compound response object back.
This is especially handy if clients have complex requests that have multiple synchronous dependencies and do not wish to have the entire request / response cycle running for each event.
To enable batch request support, set the `enable_batch_request_support` value to `true`
Batch requests that come into Tyk are *run through the whole Tyk machinery* and *use a relative path to prevent spamming*. This means that a batch request to Tyk for three resources with the same API key will have three requests applied to their session quota and request limiting could become active if they are being throttled.
Tyk reconstructs the API request based on the data in the batch request. This is to ensure that Tyk is not being used to proxy requests to other hosts outside of the upstream API being accessed.
Batch requests are created by POSTING to the `/{listen_path}/tyk/batch/` endpoint. These requests **do not require a valid key**, but their request list does.
Sample Request
```{json}
{
"requests": [
{
"method": "GET",
"headers": {
"x-tyk-test": "1",
"x-tyk-version": "1.2",
"authorization": "1dbc83b9c431649d7698faa9797e2900f"
},
"body": "",
"relative_url": "get"
},
{
"method": "GET",
"headers": {
"x-tyk-test": "2",
"x-tyk-version": "1.2",
"authorization": "1dbc83b9c431649d7698faa9797e2900f"
},
"body": "",
"relative_url": "get"
}
],
"suppress_parallel_execution": false
}
```
The response will be a structured reply that encapsulates the responses for each of the outbound requests. If `suppress_parallel_execution` is set to `true`, requests will be made synchronously. If set to `false` then they will run in parallel and the response order is not guaranteed.
Sample Response
```
[
{
"relative_url": "get",
"code": 200,
"headers": {
"Access-Control-Allow-Credentials": [
"true"
],
"Access-Control-Allow-Origin": [
"*"
],
"Content-Length": [
"497"
],
"Content-Type": [
"application/json"
],
"Date": [
"Wed, 12 Nov 2014 15:32:43 GMT"
],
"Server": [
"gunicorn/18.0"
],
"Via": [
"1.1 vegur"
]
},
"body": "{
"args": {},
"headers": {
"Accept-Encoding": "gzip",
"Authorization": "1dbc83b9c431649d7698faa9797e2900f",
"Connect-Time": "2",
"Connection": "close",
"Host": "httpbin.org",
"Total-Route-Time": "0",
"User-Agent": "Go 1.1 package http",
"Via": "1.1 vegur",
"X-Request-Id": "6a22499a-2776-4aa1-80c0-686581a8be4d",
"X-Tyk-Test": "2",
"X-Tyk-Version": "1.2"
},
"origin": "127.0.0.1, 62.232.114.250",
"url": "http://httpbin.org/get"
}"
},
{
"relative_url": "get",
"code": 200,
"headers": {
"Access-Control-Allow-Credentials": [
"true"
],
"Access-Control-Allow-Origin": [
"*"
],
"Content-Length": [
"497"
],
"Content-Type": [
"application/json"
],
"Date": [
"Wed, 12 Nov 2014 15:32:43 GMT"
],
"Server": [
"gunicorn/18.0"
],
"Via": [
"1.1 vegur"
]
},
"body": "{
"args": {},
"headers": {
"Accept-Encoding": "gzip",
"Authorization": "1dbc83b9c431649d7698faa9797e2900f",
"Connect-Time": "7",
"Connection": "close",
"Host": "httpbin.org",
"Total-Route-Time": "0",
"User-Agent": "Go 1.1 package http",
"Via": "1.1 vegur",
"X-Request-Id": "1ab61f50-51ff-4828-a7e2-17240385a6d2",
"X-Tyk-Test": "1",
"X-Tyk-Version": "1.2"
},
"origin": "127.0.0.1, 62.232.114.250",
"url": "http://httpbin.org/get"
}"
}
]
```
With the body for each request string encoded in the `body` field.
* `expire_analytics_after`: If you are running a busy API, you may want to ensure that your MongoDB database does not overflow with old data. Set the `expire_analytics_after` value to the number of seconds you would like the data to last for. Setting this flag to anything above `0` will set an `expireAt` field for each record that is written to the database.
**Important:** Tyk will not create the expiry index for you. In order to implement data expiry for your analytics data, ensure that the index is created This is easily achieved using the [MongoDB command line interface](https://docs.mongodb.com/getting-started/shell/client/).
* `dont_set_quota_on_create`: This setting defaults to `false`, but if set to `true`, when the API is used to edit, create or add keys, the quota cache in Redis will not be re-set. By default, all updates or creates to Keys that have Quotas set will re-set the quota (This has been the default behaviour since 1.0).
This behaviour can be bypassed on a case-by-case basis by using the `suppress_reset` parameter when making a REST API request. This is the advised mode of operation as it allows for manual, granular control over key quotas and reset timings.
* `cache_options`: This section enables you to configure the caching behaviour of Tyk and to enable or disable the caching middleware for your API.
* `cache_options.enable_cache`: Set this value to `true` if the cache should be enabled for this endpoint, setting it to false will stop all caching behaviour.
* `cache_options.cache_timeout`: The amount of time, in seconds, to keep cached objects, defaults to `60` seconds.
* `cache_options.cache_all_safe_requests`: Set this to `true` if you want all *safe* requests (GET, HEAD, OPTIONS) to be cached. This is a blanket setting for APIs where caching is required but you don't want to set individual paths up in the definition.
* `cache_options.enable_upstream_cache_control`: Set this to `true` if you want your application to control the cache options for Tyk (TTL and whether to cache or not). See [Caching](/docs/basic-config-and-security/reduce-latency/caching/) for more details.
* `response_processors`: Response processors need to be specifically defined so they are loaded on API creation, otherwise the middleware will not fire. In order to have the two main response middleware components fire, the following configuration object should be supplied.
```{json}
"response_processors": [
{
"name": "header_injector",
"options": {
"add_headers": {"name": "value"},
"remove_headers": ["name"]
}
},
{
"name": "response_body_transform",
"options": {}
}
]
```
The options for the `header_injector` are global, and will apply to all outbound requests.
name: "Batch requests"
paths:
/hello:
get:
description: From v2.7.5 you can now rename the `/hello` endpoint by using
the `health_check_endpoint_name` option.
operationId: hello
responses:
"200":
content:
application/json:
example:
description: Tyk GW
details:
redis:
componentType: datastore
status: pass
time: "2020-05-19T03:42:55+01:00"
status: pass
version: v5.5.0-dev
schema:
$ref: '#/components/schemas/HealthCheckResponse'
description: Success.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"405":
content:
application/json:
example:
message: Method Not Allowed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Method Not Allowed
summary: Check the health of the Tyk Gateway.
tags:
- Health Checking
/tyk/apis:
get:
description: List APIs from Tyk Gateway
operationId: listApis
responses:
"200":
content:
application/json:
example:
- api_id: b84fe1a04e5648927971c0557971565c
auth:
auth_header_name: authorization
definition:
key: version
location: header
name: Tyk Test API
org_id: 664a14650619d40001f1f00f
proxy:
listen_path: /tyk-api-test/
strip_listen_path: true
target_url: https://httpbin.org
use_oauth2: true
version_data:
not_versioned: true
versions:
Default:
name: Default
schema:
items:
$ref: '#/components/schemas/APIDefinition'
type: array
description: List of API definitions.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
summary: Get list of apis
tags:
- APIs
post:
description: Create API. A single Tyk node can have its API Definitions queried,
deleted and updated remotely. This functionality enables you to remotely update
your Tyk definitions without having to manage the files manually.
operationId: createApi
parameters:
- description: The base API which the new version will be linked to.
example: 663a4ed9b6be920001b191ae
in: query
name: base_api_id
required: false
schema:
type: string
- description: The version name of the base API while creating the first version.
This doesn't have to be sent for the next versions but if it is set, it
will override base API version name.
example: Default
in: query
name: base_api_version_name
required: false
schema:
type: string
- description: The version name of the created version.
example: v2
in: query
name: new_version_name
required: false
schema:
type: string
- description: If true, the new version is set as default version.
example: true
in: query
name: set_default
required: false
schema:
type: boolean
requestBody:
content:
application/json:
example:
api_id: b84fe1a04e5648927971c0557971565c
auth:
auth_header_name: authorization
definition:
key: version
location: header
name: Tyk Test API
org_id: 664a14650619d40001f1f00f
proxy:
listen_path: /tyk-api-test/
strip_listen_path: true
target_url: https://httpbin.org
use_oauth2: true
version_data:
not_versioned: true
versions:
Default:
name: Default
schema:
$ref: '#/components/schemas/APIDefinition'
responses:
"200":
content:
application/json:
example:
action: added
key: b84fe1a04e5648927971c0557971565c
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: API created.
"400":
content:
application/json:
example:
message: Request malformed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"500":
content:
application/json:
example:
message: file object creation failed, write error
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Create an API
tags:
- APIs
/tyk/apis/{apiID}:
delete:
description: Deleting an API definition will remove the file from the file store,
the API definition will NOT be unloaded, a separate reload request will need
to be made to disable the API endpoint.
operationId: deleteApi
parameters:
- description: The API ID.
example: 1bd5c61b0e694082902cf15ddcc9e6a7
in: path
name: apiID
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
action: deleted
key: 1bd5c61b0e694082902cf15ddcc9e6a7
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: API deleted.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: API not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: API not found.
"500":
content:
application/json:
example:
message: Delete failed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Deleting an API definition with ID.
tags:
- APIs
get:
description: Get API definition from Tyk Gateway.
operationId: getApi
parameters:
- description: The API ID.
example: keyless
in: path
name: apiID
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
api_id: b84fe1a04e5648927971c0557971565c
auth:
auth_header_name: authorization
definition:
key: version
location: header
name: Tyk Test API
org_id: 664a14650619d40001f1f00f
proxy:
listen_path: /tyk-api-test/
strip_listen_path: true
target_url: https://httpbin.org
use_oauth2: true
version_data:
not_versioned: true
versions:
Default:
name: Default
schema:
$ref: '#/components/schemas/APIDefinition'
description: API definition.
headers:
x-tyk-base-api-id:
description: ID of the base API if the requested API is a version.
schema:
type: string
style: simple
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: API not found.
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: API not found.
summary: Get API definition with it's ID.
tags:
- APIs
put:
description: |-
Updating an API definition uses the same signature and object as a `POST`, however it will first ensure that the API ID that is being updated is the same as the one in the object being `PUT`.
Updating will completely replace the file descriptor and will not change an API Definition that has already been loaded, the hot-reload endpoint will need to be called to push the new definition to live.
operationId: updateApi
parameters:
- description: The API ID.
example: 1bd5c61b0e694082902cf15ddcc9e6a7
in: path
name: apiID
required: true
schema:
type: string
requestBody:
content:
application/json:
example:
api_id: b84fe1a04e5648927971c0557971565c
auth:
auth_header_name: authorization
definition:
key: version
location: header
name: Update the API name sample
org_id: 664a14650619d40001f1f00f
proxy:
listen_path: /update-listen-path
strip_listen_path: true
target_url: https://tyk.io/api
use_oauth2: true
version_data:
not_versioned: true
versions:
Default:
name: Default
schema:
$ref: '#/components/schemas/APIDefinition'
responses:
"200":
content:
application/json:
example:
action: modified
key: 1bd5c61b0e694082902cf15ddcc9e6a7
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: API updated.
"400":
content:
application/json:
example:
message: Request malformed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: API not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: API not found.
"500":
content:
application/json:
example:
message: File object creation failed, write error.
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Updating an API definition with its ID.
tags:
- APIs
/tyk/apis/{apiID}/versions:
get:
description: Listing versions of an API.
operationId: listApiVersions
parameters:
- description: The API ID.
example: keyless
in: path
name: apiID
required: true
schema:
type: string
- $ref: '#/components/parameters/SearchText'
- $ref: '#/components/parameters/AccessType'
responses:
"200":
content:
application/json:
example:
apis:
- expirationDate: ""
id: keyless
internal: false
isDefaultVersion: false
name: Tyk Test Keyless API
versionName: ""
- expirationDate: ""
id: 1f20d5d2731d47ac9c79fddf826eda00
internal: false
isDefaultVersion: true
name: Version three Api
versionName: v2
status: success
schema:
$ref: '#/components/schemas/VersionMetas'
description: API version metas.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: API not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: API not found.
summary: Listing versions of an API.
tags:
- APIs
/tyk/apis/oas:
get:
description: List all APIs in Tyk OAS API format, from Tyk Gateway.
operationId: listApisOAS
parameters:
- description: "By default mode is empty which means it will return the Tyk
API OAS spec including the x-tyk-api-gateway part. \n When mode=public,
the Tyk OAS API spec will exclude the x-tyk-api-gateway part in the response."
example: public
in: query
name: mode
required: false
schema:
enum:
- public
type: string
responses:
"200":
content:
application/json:
examples:
oasExampleList:
$ref: '#/components/examples/oasExampleList'
schema:
items:
allOf:
- $ref: '#/components/schemas/OpenAPI3Schema'
- $ref: '#/components/schemas/TykVendorExtension'
type: array
description: List of API definitions in Tyk OAS format.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
summary: List all APIs in Tyk OAS API format.
tags:
- Tyk OAS APIs
post:
description: Create an API with Tyk OAS API format on the Tyk Gateway.
operationId: createApiOAS
parameters:
- description: The base API which the new version will be linked to.
example: 663a4ed9b6be920001b191ae
in: query
name: base_api_id
required: false
schema:
type: string
- description: The version name of the base API while creating the first version.
This doesn't have to be sent for the next versions but if it is set, it
will override base API version name.
example: Default
in: query
name: base_api_version_name
required: false
schema:
type: string
- description: The version name of the created version.
example: v2
in: query
name: new_version_name
required: false
schema:
type: string
- description: If true, the new version is set as default version.
example: true
in: query
name: set_default
required: false
schema:
type: boolean
requestBody:
content:
application/json:
example:
components:
securitySchemes:
bearerAuth:
description: The API Access Credentials
scheme: bearer
type: http
info:
description: This is a sample OAS.
title: OAS Sample
version: 1.0.0
openapi: 3.0.3
paths:
/api/sample/users:
get:
operationId: getUsers
responses:
"200":
content:
application/json:
schema:
items:
properties:
name:
type: string
type: object
type: array
description: fetched users
summary: Get users
tags:
- users
security:
- bearerAuth: []
servers:
- url: https://localhost:8080
x-tyk-api-gateway:
info:
name: user
state:
active: true
server:
listenPath:
strip: true
value: /user-test/
upstream:
url: https://localhost:8080
schema:
allOf:
- $ref: '#/components/schemas/OpenAPI3Schema'
- $ref: '#/components/schemas/TykVendorExtension'
responses:
"200":
content:
application/json:
example:
action: added
key: e30bee13ad4248c3b529a4c58bb7be4e
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: API created.
"400":
content:
application/json:
example:
message: the payload should contain x-tyk-api-gateway
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"500":
content:
application/json:
example:
message: file object creation failed, write error
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Create an API with Tyk OAS format.
tags:
- Tyk OAS APIs
/tyk/apis/oas/{apiID}:
delete:
description: Deleting an API definition will remove the file from the file store,
the API definition will not be unloaded, a separate reload request will need
to be made to disable the API endpoint.
operationId: deleteOASApi
parameters:
- description: The API ID.
example: 1bd5c61b0e694082902cf15ddcc9e6a7
in: path
name: apiID
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
action: deleted
key: 1bd5c61b0e694082902cf15ddcc9e6a7
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: API deleted
"400":
content:
application/json:
example:
message: Must specify an apiID to delete
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: API not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: API not found.
"500":
content:
application/json:
example:
message: Delete failed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Deleting a Tyk OAS API.
tags:
- Tyk OAS APIs
get:
description: Get Tyk OAS API definition using an API ID.
operationId: getOASApi
parameters:
- description: "By default mode is empty which means it will return the Tyk
API OAS spec including the x-tyk-api-gateway part. \n When mode=public,
the Tyk OAS API spec will exclude the x-tyk-api-gateway part in the response."
example: public
in: query
name: mode
required: false
schema:
enum:
- public
type: string
- description: ID of the API you want to fetch
example: 4c1c0d8fc885401053ddac4e39ef676b
in: path
name: apiID
required: true
schema:
type: string
responses:
"200":
content:
application/json:
examples:
oasExample:
$ref: '#/components/examples/oasExample'
schema:
allOf:
- $ref: '#/components/schemas/OpenAPI3Schema'
- $ref: '#/components/schemas/TykVendorExtension'
description: OK
headers:
x-tyk-base-api-id:
description: ID of the base API if the requested API is a version.
schema:
type: string
style: simple
"400":
content:
application/json:
example:
message: the requested API definition is in Tyk classic format, please
use old API endpoint
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: API not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: API not found.
summary: Get a Tyk OAS API definition.
tags:
- Tyk OAS APIs
patch:
description: |-
You can use this endpoint to update Tyk OAS part of the Tyk API definition.
This endpoint allows you to configure Tyk OAS extension based on query params provided(similar to import).
operationId: patchApiOAS
parameters:
- description: ID of the API you want to fetch.
example: 4c1c0d8fc885401053ddac4e39ef676b
in: path
name: apiID
required: true
schema:
type: string
- $ref: '#/components/parameters/UpstreamURL'
- $ref: '#/components/parameters/ListenPath'
- $ref: '#/components/parameters/CustomDomain'
- $ref: '#/components/parameters/AllowList'
- $ref: '#/components/parameters/ValidateRequest'
- $ref: '#/components/parameters/MockResponse'
- $ref: '#/components/parameters/Authentication'
requestBody:
content:
application/json:
example:
components:
securitySchemes:
bearerAuth:
description: The API Access Credentials
scheme: bearer
type: http
info:
description: This is a sample OAS.
title: OAS Sample
version: 1.0.0
openapi: 3.0.3
paths:
/api/sample/users:
get:
operationId: getUsers
responses:
"200":
content:
application/json:
schema:
items:
properties:
name:
type: string
type: object
type: array
description: fetched users
summary: Get users
tags:
- users
security:
- bearerAuth: []
servers:
- url: https://localhost:8080
x-tyk-api-gateway:
info:
name: user
state:
active: true
server:
listenPath:
strip: true
value: /user-test/
upstream:
url: https://localhost:8080
schema:
$ref: '#/components/schemas/OpenAPI3Schema'
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: API patched.
"400":
content:
application/json:
example:
message: Must specify an apiID to patch
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: API not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: API not found.
"500":
content:
application/json:
example:
message: file object creation failed, write error
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Patch API in Tyk OAS format.
tags:
- Tyk OAS APIs
put:
description: |-
Updating an API definition uses the same signature an object as a `POST`, however it will first ensure that the API ID that is being updated is the same as the one in the object being `PUT`.
Updating will completely replace the file descriptor and will not change an API Definition that has already been loaded, the hot-reload endpoint will need to be called to push the new definition to live.
operationId: updateApiOAS
parameters:
- description: ID of the API you want to fetch
example: 4c1c0d8fc885401053ddac4e39ef676b
in: path
name: apiID
required: true
schema:
type: string
requestBody:
content:
application/json:
example:
components:
securitySchemes:
bearerAuth:
description: The API Access Credentials
scheme: bearer
type: http
info:
description: This is a sample OAS.
title: OAS Sample
version: 1.0.0
openapi: 3.0.3
paths:
/api/sample/users:
get:
operationId: getUsers
responses:
"200":
content:
application/json:
schema:
items:
properties:
name:
type: string
type: object
type: array
description: fetched users
summary: Get users
tags:
- users
security:
- bearerAuth: []
servers:
- url: https://localhost:8080
x-tyk-api-gateway:
info:
name: user
state:
active: true
server:
listenPath:
strip: true
value: /user-test/
upstream:
url: https://localhost:8080
schema:
allOf:
- $ref: '#/components/schemas/OpenAPI3Schema'
- $ref: '#/components/schemas/TykVendorExtension'
responses:
"200":
content:
application/json:
example:
action: modified
key: e30bee13ad4248c3b529a4c58bb7be4e
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: API updated
"400":
content:
application/json:
example:
message: Request APIID does not match that in Definition! For Update
operations these must match.
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: API not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: API not found
"500":
content:
application/json:
example:
message: file object creation failed, write error
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Update a Tyk OAS API definition.
tags:
- Tyk OAS APIs
/tyk/apis/oas/{apiID}/export:
get:
description: Use the mode query parameter to specify if you want the x-tyk-api-gateway
stripped out.
operationId: downloadApiOASPublic
parameters:
- description: ID of the API you want to fetch.
example: 4c1c0d8fc885401053ddac4e39ef676b
in: path
name: apiID
required: true
schema:
type: string
- description: "By default mode is empty which means it will return the Tyk
API OAS spec including the x-tyk-api-gateway part. \n When mode=public,
the Tyk OAS API spec will exclude the x-tyk-api-gateway part in the response."
example: public
in: query
name: mode
required: false
schema:
enum:
- public
type: string
responses:
"200":
content:
application/octet-stream:
schema:
format: binary
type: string
description: Exported API definition file
"400":
content:
application/json:
example:
message: requesting API definition that is in Tyk classic format
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: API not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Not Found
"500":
content:
application/json:
example:
message: Unexpected error
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Download a Tyk OAS format API.
tags:
- Tyk OAS APIs
/tyk/apis/oas/{apiID}/versions:
get:
description: Listing versions of a Tyk OAS API.
operationId: listOASApiVersions
parameters:
- description: ID of the API you want to fetch.
example: 4c1c0d8fc885401053ddac4e39ef676b
in: path
name: apiID
required: true
schema:
type: string
- $ref: '#/components/parameters/SearchText'
- $ref: '#/components/parameters/AccessType'
responses:
"200":
content:
application/json:
example:
apis:
- expirationDate: ""
id: keyless
internal: false
isDefaultVersion: false
name: Tyk Test Keyless API
versionName: ""
- expirationDate: ""
id: 1f20d5d2731d47ac9c79fddf826eda00
internal: false
isDefaultVersion: true
name: Version three Api
versionName: v2
status: success
schema:
$ref: '#/components/schemas/VersionMetas'
description: API version metas.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: API not found.
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: API not found
summary: Listing versions of a Tyk OAS API.
tags:
- Tyk OAS APIs
/tyk/apis/oas/export:
get:
description: Download all Tyk OAS format APIs, from the Gateway.
operationId: downloadApisOASPublic
parameters:
- description: "By default mode is empty which means it will return the Tyk
API OAS spec including the x-tyk-api-gateway part. \n When mode=public,
the Tyk OAS API spec will exclude the x-tyk-api-gateway part in the response."
example: public
in: query
name: mode
required: false
schema:
enum:
- public
type: string
responses:
"200":
content:
application/octet-stream:
schema:
format: binary
type: string
description: Get a list of Tyk OAS APIs definitions.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"500":
content:
application/json:
example:
message: Unexpected error
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Download all Tyk OAS format APIs.
tags:
- Tyk OAS APIs
/tyk/apis/oas/import:
post:
description: |-
Import an Tyk OAS format API without x-tyk-gateway.
For use with an existing Tyk OAS API that you want to expose via your Tyk Gateway.
operationId: importOAS
parameters:
- $ref: '#/components/parameters/UpstreamURL'
- $ref: '#/components/parameters/ListenPath'
- $ref: '#/components/parameters/CustomDomain'
- $ref: '#/components/parameters/AllowList'
- $ref: '#/components/parameters/ValidateRequest'
- $ref: '#/components/parameters/MockResponse'
- $ref: '#/components/parameters/Authentication'
- description: The base API which the new version will be linked to.
example: 663a4ed9b6be920001b191ae
in: query
name: base_api_id
required: false
schema:
type: string
- description: The version name of the base API while creating the first version.
This doesn't have to be sent for the next versions but if it is set, it
will override base API version name.
example: Default
in: query
name: base_api_version_name
required: false
schema:
type: string
- description: The version name of the created version.
example: v2
in: query
name: new_version_name
required: false
schema:
type: string
- description: If true, the new version is set as default version.
example: true
in: query
name: set_default
required: false
schema:
type: boolean
requestBody:
content:
application/json:
example:
components:
securitySchemes:
bearerAuth:
description: The API Access Credentials
scheme: bearer
type: http
info:
description: This is a sample OAS.
title: OAS Sample
version: 1.0.0
openapi: 3.0.3
paths:
/api/sample/users:
get:
operationId: getUsers
responses:
"200":
content:
application/json:
schema:
items:
properties:
name:
type: string
type: object
type: array
description: fetched users
summary: Get users
tags:
- users
security:
- bearerAuth: []
servers:
- url: https://localhost:8080
schema:
$ref: '#/components/schemas/OpenAPI3Schema'
responses:
"200":
content:
application/json:
example:
action: added
key: e30bee13ad4248c3b529a4c58bb7be4e
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: API imported.
"400":
content:
application/json:
example:
message: the import payload should not contain x-tyk-api-gateway
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"500":
content:
application/json:
example:
message: file object creation failed, write error
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Import an API in Tyk OAS format.
tags:
- Tyk OAS APIs
/tyk/cache/{apiID}:
delete:
description: Invalidate cache for the given API.
operationId: invalidateCache
parameters:
- description: The API ID.
example: ae67bb862a3241a49117508e0f9ee839
in: path
name: apiID
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
message: cache invalidated
status: ok
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Cache invalidated.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"500":
content:
application/json:
example:
message: Cache invalidation failed.
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Invalidate cache.
tags:
- Cache Invalidation
/tyk/cache/jwks/{apiID}:
delete:
description: Invalidate JWK cache for the given API.
operationId: invalidateJWKCache
parameters:
- description: The API ID.
example: ae67bb862a3241a49117508e0f9ee839
in: path
name: apiID
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
message: cache invalidated
status: ok
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Cache invalidated.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
summary: Invalidate cache for given API ID.
tags:
- JWK cache invalidation
/tyk/cache/jwks:
delete:
description: Invalidate JWK cache for all APIs.
operationId: invalidateJWKCacheForAllAPIs
responses:
"200":
content:
application/json:
example:
message: cache invalidated
status: ok
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Cache invalidated.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
summary: Invalidate JWK cache for all APIs
tags:
- JWK cache invalidation
/tyk/certs:
get:
description: List all certificates in the Tyk Gateway.
operationId: listCerts
parameters:
- description: Organisation ID to list the certificates.
example: 5e9d9544a1dcd60001d0ed20
in: query
name: org_id
required: false
schema:
type: string
- description: Mode to list the certificate details.
example: detailed
in: query
name: mode
required: false
schema:
enum:
- detailed
type: string
responses:
"200":
content:
application/json:
examples:
certIdList:
$ref: '#/components/examples/certIdList'
certificateBasicList:
$ref: '#/components/examples/certificateBasicList'
schema:
oneOf:
- $ref: '#/components/schemas/APIAllCertificateBasics'
- $ref: '#/components/schemas/APIAllCertificates'
description: OK
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
summary: List certificates.
tags:
- Certs
post:
description: Add a certificate to the Tyk Gateway.
operationId: addCert
parameters:
- description: Organisation ID to add the certificate to.
example: 5e9d9544a1dcd60001d0ed20
in: query
name: org_id
required: false
schema:
type: string
requestBody:
content:
text/plain:
schema:
type: string
responses:
"200":
content:
application/json:
example:
id: 5e9d9544a1dcd60001d0ed207c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90
message: Certificate added
status: ok
schema:
$ref: '#/components/schemas/APICertificateStatusMessage'
description: New certificate added.
"403":
content:
application/json:
example:
message: Certificate with ID already exists.
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: When certificates you send already exist in the gateway.
"405":
content:
application/json:
example:
message: Malformed request body
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Malformed request body.
summary: Add a certificate.
tags:
- Certs
/tyk/certs/{certID}:
delete:
description: Delete certificate by ID.
operationId: deleteCerts
parameters:
- description: Certificate ID to be deleted.
example: 5e9d9544a1dcd60001d0ed20a6ab77653d5da938f452bb8cc9b55b0630a6743dabd8dc92bfb025abb09ce035
in: path
name: certID
required: true
schema:
type: string
- description: Organisation ID to delete the certificates from.
example: 5e9d9544a1dcd60001d0ed20
in: query
name: org_id
required: false
schema:
type: string
responses:
"200":
content:
application/json:
example:
message: removed
status: ok
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Deleted certificate.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
summary: Delete certificate.
tags:
- Certs
get:
description: |-
Note that the certID path parameter can take a list of certIDs separated with commas (e.g /tyk/certs/certIDOne,certIDTwo).
If you send a single certID it will return a single CertificateMeta object otherwise if you send more than two certIDs is will return an array of certificateMeta objects.
operationId: listCertsWithIDs
parameters:
- description: Comma separated list of certificates to list.
example: e6ce2b49-3e31-44de-95a7-12f054724283,5e9d9544a1dcd60001d0ed20a6ab77653d5da938f452bb8cc9b55b0630a6743dabd8dc92bfb025abb09ce035
in: path
name: certID
required: true
schema:
type: string
responses:
"200":
content:
application/json:
examples:
certificateMetaExample:
$ref: '#/components/examples/certificateMetaExample'
certificateMetaListExample:
$ref: '#/components/examples/certificateMetaListExample'
schema:
oneOf:
- $ref: '#/components/schemas/CertsCertificateMeta'
- items:
$ref: '#/components/schemas/CertsCertificateMeta'
nullable: true
type: array
description: OK
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: Certificate with given SHA256 fingerprint not found.
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Not Found
summary: Return one certificate or list multiple certificates in the Tyk Gateway
given a comma separated list of cert IDs.
tags:
- Certs
/tyk/debug:
post:
description: Used to test API definition by sending sample request and analysing
output of both response and logs.
operationId: debugApiDefinition
requestBody:
content:
application/json:
examples:
apiDefinition:
summary: Calling debug endpoint with classic API definition.
value:
request:
method: GET
path: /update-listen-path
spec:
api_id: b84fe1a04e5648927971c0557971565c
auth:
auth_header_name: authorization
definition:
key: version
location: header
name: Tyk Test API
org_id: 664a14650619d40001f1f00f
proxy:
listen_path: /tyk-api-test/
strip_listen_path: true
target_url: https://httpbin.org
use_oauth2: true
version_data:
not_versioned: true
versions:
Default:
name: Default
oasApiDefinition:
summary: Calling debug endpoint with Tyk OAS API definition.
value:
request:
method: GET
path: /get
oas:
info:
title: testdebug
version: 1.0.0
openapi: 3.0.3
servers:
- url: http://localhost:8181/testdebug/
security: []
paths: {}
components:
securitySchemes: {}
x-tyk-api-gateway:
info:
dbId: 67a25ff65b60081c8731464f
id: d37ea0e360c245cf406d640f1dbf788d
orgId: 645b3db586341f751f4258aa
name: testdebug
state:
active: true
internal: false
middleware:
global:
contextVariables:
enabled: true
trafficLogs:
enabled: true
server:
listenPath:
strip: true
value: "/testdebug/"
upstream:
url: http://httpbin.org/
schema:
$ref: '#/components/schemas/TraceRequest'
responses:
"200":
content:
application/json:
example:
logs: '{"level":"warning","msg":"Legacy path detected! Upgrade to
extended....'
message: ok
response: "====== Request ======\nGET / HTTP/1.1\r\nHost: httpbin.org\r\n\r\n\n======
Response..."
schema:
$ref: '#/components/schemas/TraceResponse'
description: Success tracing request.
"400":
content:
application/json:
example:
message: Request malformed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"500":
content:
application/json:
example:
message: 'Unexpected failure:'
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Test a Tyk Classic or Tyk OAS API definition.
tags:
- Debug
/tyk/keys:
get:
description: List all the API keys.
operationId: listKeys
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/ApiAllKeys'
description: List of all API keys.
"403":
content:
application/json:
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Disabled hashed key listing.
summary: List keys.
tags:
- Keys
post:
description: |-
Tyk will generate the access token based on the OrgID specified in the API Definition and a random UUID. This ensures that keys can be owned by different API Owners should segmentation be needed at an organisational level.
API keys without access_rights data will be written to all APIs on the system (this also means that they will be created across all SessionHandlers and StorageHandlers, it is recommended to always embed access_rights data in a key to ensure that only targeted APIs and their back-ends are written to.
operationId: addKey
parameters:
- description: When set to true the key_hash returned will be similar to the
un-hashed key name.
example: true
in: query
name: hashed
required: false
schema:
type: boolean
requestBody:
content:
application/json:
example:
access_rights:
itachi-api:
allowed_urls:
- methods:
- GET
url: /users
api_id: 8ddd91f3cda9453442c477b06c4e2da4
api_name: Itachi api
limit:
per: 60
quota_max: 10000
quota_remaining: 10000
quota_renewal_rate: 3600
rate: 1000
throttle_interval: 10
throttle_retry_limit: 10
versions:
- Default
alias: portal-key
allowance: 1000
apply_policies:
- 5ead7120575961000181867e
date_created: "2024-08-09T14:40:34.87614+03:00"
enable_detailed_recording: true
last_updated: "1723203634"
meta_data:
new-update-key-sample: update-key-sample
tyk_developer_id: 62b3fb9a1d5e4f00017226f5
update: sample policy update
user_type: mobile_user
org_id: 5e9d9544a1dcd60001d0ed20
per: 60
quota_max: 10000
quota_renewal_rate: 3600
quota_renews: 1.723207234e+09
rate: 1000
tags:
- security
- edge
- edge-eu
throttle_interval: 10
throttle_retry_limit: 10
schema:
$ref: '#/components/schemas/SessionState'
responses:
"200":
content:
application/json:
example:
action: added
key: 5e9d9544a1dcd60001d0ed20a2290376f89846b798b7e5197584ef6d
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: New key added.
"400":
content:
application/json:
example:
message: Request malformed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"500":
content:
application/json:
example:
message: Failed to create key, ensure security settings are correct.
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Create a key.
tags:
- Keys
/tyk/keys/{keyID}:
delete:
description: Deleting a key will remove it permanently from the system, however
analytics relating to that key will still be available.
operationId: deleteKey
parameters:
- description: Use the hash of the key as input instead of the full key.
example: false
in: query
name: hashed
required: false
schema:
type: boolean
- description: The key ID.
example: 5e9d9544a1dcd60001d0ed20e7f75f9e03534825b7aef9df749582e5
in: path
name: keyID
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
action: deleted
key: 5e9d9544a1dcd60001d0ed20e7f75f9e03534825b7aef9df749582e5
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: Key deleted.
"400":
content:
application/json:
example:
message: Failed to remove the key
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: There is no such key found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Key not found.
summary: Delete a key.
tags:
- Keys
get:
description: Get session info about the specified key. Should return up to date
rate limit and quota usage numbers.
operationId: getKey
parameters:
- description: Use the hash of the key as input instead of the full key.
example: true
in: query
name: hashed
required: false
schema:
type: boolean
- description: The key ID.
example: 5e9d9544a1dcd60001d0ed20e7f75f9e03534825b7aef9df749582e5
in: path
name: keyID
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
access_rights:
itachi-api:
allowed_urls:
- methods:
- GET
url: /users
api_id: 8ddd91f3cda9453442c477b06c4e2da4
api_name: Itachi api
limit:
per: 60
quota_max: 10000
quota_remaining: 10000
quota_renewal_rate: 3600
rate: 1000
throttle_interval: 10
throttle_retry_limit: 10
versions:
- Default
alias: portal-key
allowance: 1000
apply_policies:
- 5ead7120575961000181867e
date_created: "2024-08-09T14:40:34.87614+03:00"
enable_detailed_recording: true
last_updated: "1723203634"
meta_data:
new-update-key-sample: update-key-sample
tyk_developer_id: 62b3fb9a1d5e4f00017226f5
update: sample policy update
user_type: mobile_user
org_id: 5e9d9544a1dcd60001d0ed20
per: 60
quota_max: 10000
quota_renewal_rate: 3600
quota_renews: 1.723207234e+09
rate: 1000
tags:
- security
- edge
- edge-eu
throttle_interval: 10
throttle_retry_limit: 10
schema:
$ref: '#/components/schemas/SessionState'
description: Key fetched.
"400":
content:
application/json:
example:
message: Key requested by hash but key hashing is not enabled.
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: Key not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Key not found.
summary: Get a key with ID.
tags:
- Keys
post:
description: You can use this endpoint to import existing keys into Tyk or to
create a new custom key.
operationId: createCustomKey
parameters:
- description: Adding the suppress_reset parameter and setting it to 1, will
cause Tyk not to reset the quota limit that is in the current live quota
manager. By default Tyk will reset the quota in the live quota manager (initialising
it) when adding a key. Adding the `suppress_reset` flag to the URL parameters
will avoid this behaviour.
example: "1"
in: query
name: suppress_reset
required: false
schema:
enum:
- "1"
type: string
- description: When set to true the key_hash returned will be similar to the
un-hashed key name.
example: true
in: query
name: hashed
required: false
schema:
type: boolean
- description: Name to give the custom key.
example: customKey
in: path
name: keyID
required: true
schema:
type: string
requestBody:
content:
application/json:
example:
access_rights:
itachi-api:
allowed_urls:
- methods:
- GET
url: /users
api_id: 8ddd91f3cda9453442c477b06c4e2da4
api_name: Itachi api
limit:
per: 60
quota_max: 10000
quota_remaining: 10000
quota_renewal_rate: 3600
rate: 1000
throttle_interval: 10
throttle_retry_limit: 10
versions:
- Default
alias: portal-key
allowance: 1000
apply_policies:
- 5ead7120575961000181867e
date_created: "2024-08-09T14:40:34.87614+03:00"
enable_detailed_recording: true
last_updated: "1723203634"
meta_data:
new-update-key-sample: update-key-sample
tyk_developer_id: 62b3fb9a1d5e4f00017226f5
update: sample policy update
user_type: mobile_user
org_id: 5e9d9544a1dcd60001d0ed20
per: 60
quota_max: 10000
quota_renewal_rate: 3600
quota_renews: 1.723207234e+09
rate: 1000
tags:
- security
- edge
- edge-eu
throttle_interval: 10
throttle_retry_limit: 10
schema:
$ref: '#/components/schemas/SessionState'
responses:
"200":
content:
application/json:
example:
action: added
key: 5e9d9544a1dcd60001d0ed20customKey
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: New custom key added.
"400":
content:
application/json:
example:
message: Request malformed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"500":
content:
application/json:
example:
message: Failed to create key, ensure security settings are correct.
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Create custom key / Import key
tags:
- Keys
put:
description: ' You can also manually add keys to Tyk using your own key-generation
algorithm. It is recommended that when using this approach to ensure that
the OrgID being used in the API Definition and the key data is blank so that
Tyk does not try to prepend or manage the key in any way.'
operationId: updateKey
parameters:
- description: Adding the suppress_reset parameter and setting it to 1 will
cause Tyk not to reset the quota limit that is in the current live quota
manager. By default Tyk will reset the quota in the live quota manager (initialising
it) when adding a key. Adding the `suppress_reset` flag to the URL parameters
will avoid this behaviour.
example: "1"
in: query
name: suppress_reset
required: false
schema:
enum:
- "1"
type: string
- description: When set to true the key_hash returned will be similar to the
un-hashed key name.
example: true
in: query
name: hashed
required: false
schema:
type: boolean
- description: ID of the key you want to update.
example: 5e9d9544a1dcd60001d0ed20766d9a6ec6b4403b93a554feefef4708
in: path
name: keyID
required: true
schema:
type: string
requestBody:
content:
application/json:
example:
access_rights:
itachi-api:
allowed_urls:
- methods:
- GET
url: /users
api_id: 8ddd91f3cda9453442c477b06c4e2da4
api_name: Itachi api
limit:
per: 60
quota_max: 10000
quota_remaining: 10000
quota_renewal_rate: 3600
rate: 1000
throttle_interval: 10
throttle_retry_limit: 10
versions:
- Default
alias: portal-key
allowance: 1000
apply_policies:
- 5ead7120575961000181867e
date_created: "2024-08-09T14:40:34.87614+03:00"
enable_detailed_recording: true
last_updated: "1723203634"
meta_data:
new-update-key-sample: update-key-sample
tyk_developer_id: 62b3fb9a1d5e4f00017226f5
update: sample policy update
user_type: mobile_user
org_id: 5e9d9544a1dcd60001d0ed20
per: 60
quota_max: 10000
quota_renewal_rate: 3600
quota_renews: 1.723207234e+09
rate: 1000
tags:
- security
- edge
- edge-eu
- update-sample-tag
throttle_interval: 10
throttle_retry_limit: 10
schema:
$ref: '#/components/schemas/SessionState'
responses:
"200":
content:
application/json:
example:
action: modified
key: 5e9d9544a1dcd60001d0ed20766d9a6ec6b4403b93a554feefef4708
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: Key updated.
"400":
content:
application/json:
example:
message: Request malformed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: Key is not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Key not found.
"500":
content:
application/json:
example:
message: Failed to create key, ensure security settings are correct.
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Update key.
tags:
- Keys
/tyk/keys/create:
post:
description: Create a key.
operationId: createKey
requestBody:
content:
application/json:
example:
access_rights:
itachi-api:
allowed_urls:
- methods:
- GET
url: /users
api_id: 8ddd91f3cda9453442c477b06c4e2da4
api_name: Itachi api
limit:
per: 60
quota_max: 10000
quota_remaining: 10000
quota_renewal_rate: 3600
rate: 1000
throttle_interval: 10
throttle_retry_limit: 10
versions:
- Default
alias: portal-key
allowance: 1000
apply_policies:
- 5ead7120575961000181867e
date_created: "2024-08-09T14:40:34.87614+03:00"
enable_detailed_recording: true
last_updated: "1723203634"
meta_data:
new-update-key-sample: update-key-sample
tyk_developer_id: 62b3fb9a1d5e4f00017226f5
update: sample policy update
user_type: mobile_user
org_id: 5e9d9544a1dcd60001d0ed20
per: 60
quota_max: 10000
quota_renewal_rate: 3600
quota_renews: 1.723207234e+09
rate: 1000
tags:
- security
- edge
- edge-eu
throttle_interval: 10
throttle_retry_limit: 10
schema:
$ref: '#/components/schemas/SessionState'
responses:
"200":
content:
application/json:
example:
action: added
key: 5e9d9544a1dcd60001d0ed207eb558517c3c48fb826c62cc6f6161eb
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: Key created.
"400":
content:
application/json:
example:
message: Failed to create key, keys must have at least one Access
Rights record set.
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: No access right.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"500":
content:
application/json:
example:
message: Unmarshalling failed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Malformed body.
summary: Create a key.
tags:
- Keys
/tyk/keys/policy/{keyID}:
post:
description: This will set policies to a hashed key.
operationId: setPoliciesToHashedKey
parameters:
- description: Name to give the custom key.
example: 5e9d9544a1dcd60001d0ed207eb558517c3c48fb826c62cc6f6161eb
in: path
name: keyID
required: true
schema:
type: string
requestBody:
content:
application/json:
example:
apply_policies:
- 5ead7120575961000181867e
policy: ""
schema:
$ref: '#/components/schemas/PolicyUpdateObj'
responses:
"200":
content:
application/json:
example:
action: updated
key: 5e9d9544a1dcd60001d0ed207eb558517c3c48fb826c62cc6f6161eb
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: Updated hashed key.
"400":
content:
application/json:
example:
message: Couldn't decode instruction
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Malformed request body.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: Key not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Key not found.
"500":
content:
application/json:
example:
message: Could not write key data.
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Set policies for a hashed key.
tags:
- Keys
/tyk/keys/preview:
post:
description: This will check if the body of a key definition is valid. And return
a response with how the key would look like if you were to create it.
operationId: validateAKeyDefinition
requestBody:
content:
application/json:
example:
access_rights:
itachi-api:
allowed_urls:
- methods:
- GET
url: /users
api_id: 8ddd91f3cda9453442c477b06c4e2da4
api_name: Itachi api
limit:
per: 60
quota_max: 10000
quota_remaining: 10000
quota_renewal_rate: 3600
rate: 1000
throttle_interval: 10
throttle_retry_limit: 10
versions:
- Default
alias: portal-key
allowance: 1000
apply_policies:
- 5ead7120575961000181867e
date_created: "2024-08-09T14:40:34.87614+03:00"
enable_detailed_recording: true
last_updated: "1723203634"
meta_data:
new-update-key-sample: update-key-sample
tyk_developer_id: 62b3fb9a1d5e4f00017226f5
update: sample policy update
user_type: mobile_user
org_id: 5e9d9544a1dcd60001d0ed20
per: 60
quota_max: 10000
quota_renewal_rate: 3600
quota_renews: 1.723207234e+09
rate: 1000
tags:
- security
- edge
- edge-eu
throttle_interval: 10
throttle_retry_limit: 10
schema:
$ref: '#/components/schemas/SessionState'
responses:
"200":
content:
application/json:
example:
access_rights:
itachi-api:
allowed_urls:
- methods:
- GET
url: /users
api_id: 8ddd91f3cda9453442c477b06c4e2da4
api_name: Itachi api
limit:
per: 60
quota_max: 10000
quota_remaining: 10000
quota_renewal_rate: 3600
rate: 1000
throttle_interval: 10
throttle_retry_limit: 10
versions:
- Default
alias: portal-key
allowance: 1000
apply_policies:
- 5ead7120575961000181867e
date_created: "2024-08-09T14:40:34.87614+03:00"
enable_detailed_recording: true
last_updated: "1723203634"
meta_data:
new-update-key-sample: update-key-sample
tyk_developer_id: 62b3fb9a1d5e4f00017226f5
update: sample policy update
user_type: mobile_user
org_id: 5e9d9544a1dcd60001d0ed20
per: 60
quota_max: 10000
quota_renewal_rate: 3600
quota_renews: 1.723207234e+09
rate: 1000
tags:
- security
- edge
- edge-eu
throttle_interval: 10
throttle_retry_limit: 10
schema:
$ref: '#/components/schemas/SessionState'
description: Key definition is valid.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"500":
content:
application/json:
example:
message: Unmarshalling failed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: This will validate a key definition.
tags:
- Keys
/tyk/oauth/clients/{apiID}:
get:
description: OAuth Clients are organised by API ID, and therefore are queried
as such.
operationId: listOAuthClients
parameters:
- description: The API ID
example: 1bd5c61b0e694082902cf15ddcc9e6a7
in: path
name: apiID
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
- api_id: b84fe1a04e5648927971c0557971565c
client_id: 2a06b398c17f46908de3dffcb71ef87df
description: google client
meta_data:
user_id: 362b3fb9a1d5e4f00017226f5
redirect_uri: https://httpbin.org/ip
secret: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0
schema:
items:
$ref: '#/components/schemas/NewClientRequest'
type: array
description: Get OAuth client details or a list of OAuth clients
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
description: Api no found
summary: List oAuth clients
tags:
- OAuth
/tyk/oauth/clients/{apiID}/{keyName}:
delete:
description: Please note that tokens issued with the client ID will still be
valid until they expire.
operationId: deleteOAuthClient
parameters:
- description: The API id
example: b84fe1a04e5648927971c0557971565c
in: path
name: apiID
required: true
schema:
type: string
- description: The Client ID
example: 2a06b398c17f46908de3dffcb71ef87df
in: path
name: keyName
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
action: deleted
key: 2a06b398c17f46908de3dffcb71ef87df
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: OAuth client deleted
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: OAuth Client ID not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Not found
"500":
content:
application/json:
example:
message: Delete failed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Delete OAuth client
tags:
- OAuth
get:
description: Get OAuth client details tied to an api
operationId: getOAuthClient
parameters:
- description: The API id
example: b84fe1a04e5648927971c0557971565c
in: path
name: apiID
required: true
schema:
type: string
- description: The Client ID
example: 2a06b398c17f46908de3dffcb71ef87df
in: path
name: keyName
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
client_id: 2a06b398c17f46908de3dffcb71ef87df
description: changed description sample
meta_data:
user_id: 362b3fb9a1d5e4f00017226f5
redirect_uri: https://httpbin.org/ip
secret: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0
schema:
$ref: '#/components/schemas/NewClientRequest'
description: OAuth client details
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: OAuth Client ID not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: OAuth Client not found
summary: Get OAuth client
tags:
- OAuth
put:
description: Allows you to update the metadata,redirecturi,description and Policy
ID for an OAuth client.
operationId: updateOAuthClient
parameters:
- description: The API id
example: b84fe1a04e5648927971c0557971565c
in: path
name: apiID
required: true
schema:
type: string
- description: The Client ID
example: 2a06b398c17f46908de3dffcb71ef87df
in: path
name: keyName
required: true
schema:
type: string
requestBody:
content:
application/json:
example:
api_id: b84fe1a04e5648927971c0557971565c
client_id: 2a06b398c17f46908de3dffcb71ef87df
description: changed description sample
meta_data:
user_id: 362b3fb9a1d5e4f00017226f5
redirect_uri: https://httpbin.org/ip
secret: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0
schema:
$ref: '#/components/schemas/NewClientRequest'
responses:
"200":
content:
application/json:
example:
client_id: 2a06b398c17f46908de3dffcb71ef87df
description: changed description sample
meta_data:
user_id: 362b3fb9a1d5e4f00017226f5
redirect_uri: https://httpbin.org/ip
secret: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0
schema:
$ref: '#/components/schemas/NewClientRequest'
description: OAuth client updated
"400":
content:
application/json:
example:
message: Policy access rights doesn't contain API this OAuth client
belongs to
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: API doesn't exist
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Not Found
"500":
content:
application/json:
example:
message: Unmarshalling failed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: malformed request body
summary: Update OAuth metadata,redirecturi,description and Policy ID
tags:
- OAuth
/tyk/oauth/clients/{apiID}/{keyName}/rotate:
put:
description: Generate a new secret
operationId: rotateOauthClient
parameters:
- description: The API id
example: b84fe1a04e5648927971c0557971565c
in: path
name: apiID
required: true
schema:
type: string
- description: The Client ID
example: 2a06b398c17f46908de3dffcb71ef87df
in: path
name: keyName
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
client_id: 2a06b398c17f46908de3dffcb71ef87df
description: google client
meta_data:
user_id: 362b3fb9a1d5e4f00017226f5
redirect_uri: https://httpbin.org/ip
secret: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0
schema:
$ref: '#/components/schemas/NewClientRequest'
description: New secret has been created
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: API doesn't exist
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Not Found
"500":
content:
application/json:
example:
message: Failure in storing client data
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Rotate the oath client secret
tags:
- OAuth
/tyk/oauth/clients/{apiID}/{keyName}/tokens:
get:
description: |-
This endpoint allows you to retrieve a list of all current tokens and their expiry date for a provided API ID and OAuth-client ID .If page query parameter is sent the tokens will be paginated. This endpoint will work only for newly created tokens.
You can control how long you want to store expired tokens in this list using `oauth_token_expired_retain_period` gateway option, which specifies retain period for expired tokens stored in Redis. By default expired token not get removed. See here for more details.
operationId: getOAuthClientTokens
parameters:
- description: The API id
example: b84fe1a04e5648927971c0557971565c
in: path
name: apiID
required: true
schema:
type: string
- description: The Client ID
example: 2a06b398c17f46908de3dffcb71ef87df
in: path
name: keyName
required: true
schema:
type: string
- description: Use page query parameter to say which page number you want returned.
example: 1
in: query
name: page
required: false
schema:
default: 1
type: integer
responses:
"200":
content:
application/json:
examples:
paginatedTokenExample:
$ref: '#/components/examples/paginatedTokenExample'
tokenListExample:
$ref: '#/components/examples/tokenListExample'
schema:
oneOf:
- $ref: '#/components/schemas/PaginatedOAuthClientTokens'
- items:
$ref: '#/components/schemas/OAuthClientToken'
nullable: true
type: array
description: Tokens returned successfully.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: OAuth Client ID not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: OAuth Client ID not found
"500":
content:
application/json:
example:
message: Get client tokens failed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: List tokens for a provided API ID and OAuth-client ID
tags:
- OAuth
/tyk/oauth/clients/apis/{appID}:
get:
description: Get all API IDs for APIs that have use_oauth2 enabled and use the
client_id (appID) specified in the path parameter for OAuth2. You can use
the org_id query parameter to specify from which organization you want the
API IDs to be returned. To return APIs from all organizations, send org_id
as an empty string.
operationId: getApisForOauthApp
parameters:
- description: The Client ID
example: 2a06b398c17f46908de3dffcb71ef87df
in: path
name: appID
required: true
schema:
type: string
- description: The Org Id
in: query
name: orgID
required: false
schema:
type: string
responses:
"200":
content:
application/json:
example:
- b84fe1a04e5648927971c0557971565c
schema:
items:
type: string
type: array
description: Return an array of apis ids
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
summary: Get API IDs for APIS that use the specified client_id(appID) for OAuth
tags:
- OAuth
/tyk/oauth/clients/create:
post:
description: |
Any OAuth keys must be generated with the help of a client ID. These need to be pre-registered with Tyk before they can be used (in a similar vein to how you would register your app with Twitter before attempting to ask user permissions using their API).
Creating OAuth clients with Access to Multiple APIs
New from Tyk Gateway 2.6.0 is the ability to create OAuth clients with access to more than one API. If you provide the api_id it works the same as in previous releases. If you don't provide the api_id the request uses policy access rights and enumerates APIs from their setting in the newly created OAuth-client.
operationId: createOAuthClient
requestBody:
content:
application/json:
example:
api_id: b84fe1a04e5648927971c0557971565c
client_id: 2a06b398c17f46908de3dffcb71ef87df
description: google client
meta_data:
user_id: 362b3fb9a1d5e4f00017226f5
redirect_uri: https://httpbin.org/ip
secret: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0
schema:
$ref: '#/components/schemas/NewClientRequest'
responses:
"200":
content:
application/json:
example:
client_id: 2a06b398c17f46908de3dffcb71ef87df
description: google client
meta_data:
user_id: 362b3fb9a1d5e4f00017226f5
redirect_uri: https://httpbin.org/ip
secret: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0
schema:
$ref: '#/components/schemas/NewClientRequest'
description: Client created
"400":
content:
application/json:
example:
message: API doesn't exist
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Api Not found
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"500":
content:
application/json:
example:
message: Unmarshalling failed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Unmarshalling failed
summary: Create new OAuth client
tags:
- OAuth
/tyk/oauth/refresh/{keyName}:
delete:
description: It is possible to invalidate refresh tokens in order to manage
OAuth client access more robustly.
operationId: invalidateOAuthRefresh
parameters:
- description: The Client ID
example: 2a06b398c17f46908de3dffcb71ef87df
in: path
name: keyName
required: true
schema:
type: string
- description: The API id
example: b84fe1a04e5648927971c0557971565c
in: query
name: api_id
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
action: deleted
key: 2a06b398c17f46908de3dffcb71ef87df
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: Deleted
"400":
content:
application/json:
example:
message: Missing parameter api_id
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: missing api_Id query parameter
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: API for this refresh token not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Not Found
"500":
content:
application/json:
example:
message: Failed to invalidate refresh token
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Invalidate OAuth refresh token
tags:
- OAuth
/tyk/oauth/revoke:
post:
description: revoke a single token
operationId: revokeSingleToken
requestBody:
content:
application/x-www-form-urlencoded:
schema:
properties:
client_id:
description: id of oauth client
example: 2a06b398c17f46908de3dffcb71ef87df
type: string
org_id:
example: 6492f66e6ebbc56c6a6bf022
type: string
token:
description: token to be revoked
example: eyJvcmciOiI1ZTIwOTFjNGQ0YWVmY2U2MGMwNGZiOTIiLCJpZCI6IjIyODQ1NmFjNmJlMjRiMzI5MTIyOTdlODQ5NTc4NjJhIiwiaCI6Im11cm11cjY0In0=
type: string
token_type_hint:
description: type of token to be revoked, if sent then the accepted
values are access_token and refresh_token. String value and optional,
of not provided then it will attempt to remove access and refresh
tokens that matches
example: access_token
type: string
required:
- token
- client_id
type: object
description: token revoked successfully
responses:
"200":
content:
application/json:
example:
message: token revoked successfully
status: ok
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: token revoked
"400":
content:
application/json:
example:
message: cannot parse form. Form malformed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: malformed form data
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
summary: revoke token
tags:
- OAuth
/tyk/oauth/revoke_all:
post:
description: Revoke all the tokens for a given oauth client
operationId: revokeAllTokens
requestBody:
content:
application/x-www-form-urlencoded:
schema:
properties:
client_id:
description: id of oauth client
example: 2a06b398c17f46908de3dffcb71ef87df
type: string
client_secret:
description: OAuth client secret to ensure that its a valid operation
example: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0
type: string
org_id:
example: 6492f66e6ebbc56c6a6bf022
type: string
required:
- client_secret
- client_id
type: object
responses:
"200":
content:
application/json:
example:
message: tokens revoked successfully
status: ok
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: tokens revoked
"400":
content:
application/json:
example:
message: cannot parse form. Form malformed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"401":
content:
application/json:
example:
message: client_id is required
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: missing client id
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: oauth client doesn't exist
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: not found
summary: Revoke all client's tokens
tags:
- OAuth
/tyk/oauth/tokens:
delete:
description: Purge all lapsed OAuth token
operationId: purgeLapsedOAuthTokens
parameters:
- description: purge lapsed tokens
example: lapsed
in: query
name: scope
required: true
schema:
enum:
- lapsed
type: string
responses:
"200":
content:
application/json:
example:
message: lapsed tokens purged
status: ok
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: lapsed tokens purged successfully
"400":
content:
application/json:
example:
message: unknown scope
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Sending a value other than lapsed in scope query
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"422":
content:
application/json:
example:
message: scope parameter is required
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Missing lapsed query parameter
"500":
content:
application/json:
example:
message: error purging lapsed tokens
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Purge lapsed OAuth tokens
tags:
- OAuth
/tyk/org/keys:
get:
description: You can now set rate limits at the organisation level by using
the following fields - allowance and rate. These are the number of allowed
requests for the specified per value, and need to be set to the same value.
If you don't want to have organisation level rate limiting, set 'rate' or
'per' to zero, or don't add them to your request.
operationId: listOrgKeys
parameters:
- description: Retrieves all keys starting with the specified filter(filter
is a prefix - e.g. default* or default will return all keys starting with
default like defaultbd,defaulttwo etc).We don't use filter for hashed keys
example: default*
in: query
name: filter
required: false
schema:
type: string
responses:
"200":
content:
application/json:
example:
keys:
- 5e9d9544a1dcd60001d0ed2008500e44fa644f939b640a4b8b4ea58c
schema:
$ref: '#/components/schemas/ApiAllKeys'
description: List of all org keys
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: ORG not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: ORG not found
summary: List Organisation Keys
tags:
- Organisation Quotas
/tyk/org/keys/{keyID}:
delete:
description: Deleting a key will remove all limits from organisation. It does
not affects regular keys created within organisation.
operationId: deleteOrgKey
parameters:
- description: The Key ID
example: e389ae00a2b145feaf28d6cc11f0f86d
in: path
name: keyID
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
action: deleted
key: e389ae00a2b145feaf28d6cc11f0f86d
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: OK
"400":
content:
application/json:
example:
message: Failed to remove the key
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: Org not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Org not found
summary: Delete Key
tags:
- Organisation Quotas
get:
description: Get session info about specified organisation key. Should return
up to date rate limit and quota usage numbers.
operationId: getOrgKey
parameters:
- description: The Org ID
example: 664a14650619d40001f1f00f
in: query
name: orgID
required: false
schema:
type: string
- description: The Key ID
example: e389ae00a2b145feaf28d6cc11f0f86d
in: path
name: keyID
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
access_rights:
itachi-api:
allowed_urls:
- methods:
- GET
url: /users
api_id: 8ddd91f3cda9453442c477b06c4e2da4
api_name: Itachi api
limit:
per: 60
quota_max: 10000
quota_remaining: 10000
quota_renewal_rate: 3600
rate: 1000
throttle_interval: 10
throttle_retry_limit: 10
versions:
- Default
alias: portal-key
allowance: 1000
apply_policies:
- 5ead7120575961000181867e
date_created: "2024-08-09T14:40:34.87614+03:00"
enable_detailed_recording: true
last_updated: "1723203634"
meta_data:
new-update-key-sample: update-key-sample
tyk_developer_id: 62b3fb9a1d5e4f00017226f5
update: sample policy update
user_type: mobile_user
org_id: 5e9d9544a1dcd60001d0ed20
per: 60
quota_max: 10000
quota_renewal_rate: 3600
quota_renews: 1.723207234e+09
rate: 1000
tags:
- security
- edge
- edge-eu
throttle_interval: 10
throttle_retry_limit: 10
schema:
properties:
access_rights:
additionalProperties:
properties:
allowed_urls:
items:
properties:
methods:
items:
type: string
nullable: true
type: array
url:
type: string
type: object
nullable: true
type: array
api_id:
type: string
api_name:
type: string
limit:
properties:
per:
type: integer
quota_max:
type: integer
quota_remaining:
type: integer
quota_renewal_rate:
type: integer
rate:
type: integer
throttle_interval:
type: integer
throttle_retry_limit:
type: integer
type: object
versions:
items:
type: string
nullable: true
type: array
type: object
nullable: true
type: object
alias:
type: string
allowance:
type: integer
apply_policies:
items:
type: string
nullable: true
type: array
date_created:
format: date-time
type: string
enable_detailed_recording:
type: boolean
last_updated:
type: string
meta_data:
additionalProperties:
type: string
nullable: true
type: object
org_id:
type: string
per:
type: integer
quota_max:
type: integer
quota_renewal_rate:
type: integer
quota_renews:
type: integer
rate:
type: integer
tags:
items:
type: string
nullable: true
type: array
throttle_interval:
type: integer
throttle_retry_limit:
type: integer
type: object
description: OK
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: Org not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Org not found
summary: Get an Organisation Key
tags:
- Organisation Quotas
post:
description: This work similar to Keys API except that Key ID is always equals
Organisation ID
operationId: addOrgKey
parameters:
- description: The Key ID
example: e389ae00a2b145feaf28d6cc11f0f86d
in: path
name: keyID
required: true
schema:
type: string
- description: Adding the reset_quota parameter and setting it to 1, will cause
Tyk reset the organisations quota in the live quota manager, it is recommended
to use this mechanism to reset organisation-level access if a monthly subscription
is in place.
example: "1"
in: query
name: reset_quota
required: false
schema:
enum:
- "1"
type: string
requestBody:
content:
application/json:
example:
access_rights:
itachi-api:
allowed_urls:
- methods:
- GET
url: /users
api_id: 8ddd91f3cda9453442c477b06c4e2da4
api_name: Itachi api
limit:
per: 60
quota_max: 10000
quota_remaining: 10000
quota_renewal_rate: 3600
rate: 1000
throttle_interval: 10
throttle_retry_limit: 10
versions:
- Default
alias: portal-key
allowance: 1000
apply_policies:
- 5ead7120575961000181867e
date_created: "2024-08-09T14:40:34.87614+03:00"
enable_detailed_recording: true
last_updated: "1723203634"
meta_data:
new-update-key-sample: update-key-sample
tyk_developer_id: 62b3fb9a1d5e4f00017226f5
update: sample policy update
user_type: mobile_user
org_id: 5e9d9544a1dcd60001d0ed20
per: 60
quota_max: 10000
quota_renewal_rate: 3600
quota_renews: 1.723207234e+09
rate: 1000
tags:
- security
- edge
- edge-eu
throttle_interval: 10
throttle_retry_limit: 10
schema:
$ref: '#/components/schemas/SessionState'
responses:
"200":
content:
application/json:
example:
action: added
key: e389ae00a2b145feaf28d6cc11f0f86d
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: OK
"400":
content:
application/json:
example:
message: Request malformed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: No such organisation found in Active API list
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Not Found
"500":
content:
application/json:
example:
message: 'Error writing to key store '
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Create an organisation key
tags:
- Organisation Quotas
put:
description: |-
This work similar to Keys API except that Key ID is always equals Organisation ID
For Gateway v2.6.0 onwards, you can now set rate limits at the organisation level by using the following fields - allowance and rate. These are the number of allowed requests for the specified per value, and need to be set to the same value. If you don't want to have organisation level rate limiting, set `rate` or `per` to zero, or don't add them to your request.
operationId: updateOrgKey
parameters:
- description: Adding the reset_quota parameter and setting it to 1, will cause
Tyk reset the organisations quota in the live quota manager, it is recommended
to use this mechanism to reset organisation-level access if a monthly subscription
is in place.
example: "1"
in: query
name: reset_quota
required: false
schema:
enum:
- "1"
type: string
- description: The Key ID
example: e389ae00a2b145feaf28d6cc11f0f86d
in: path
name: keyID
required: true
schema:
type: string
requestBody:
content:
application/json:
example:
access_rights:
itachi-api:
allowed_urls:
- methods:
- GET
url: /users
api_id: 8ddd91f3cda9453442c477b06c4e2da4
api_name: Itachi api
limit:
per: 60
quota_max: 10000
quota_remaining: 10000
quota_renewal_rate: 3600
rate: 1000
throttle_interval: 10
throttle_retry_limit: 10
versions:
- Default
alias: portal-key
allowance: 1000
apply_policies:
- 5ead7120575961000181867e
date_created: "2024-08-09T14:40:34.87614+03:00"
enable_detailed_recording: true
last_updated: "1723203634"
meta_data:
new-update-key-sample: update-key-sample
tyk_developer_id: 62b3fb9a1d5e4f00017226f5
update: sample policy update
user_type: mobile_user
org_id: 5e9d9544a1dcd60001d0ed20
per: 60
quota_max: 10000
quota_renewal_rate: 3600
quota_renews: 1.723207234e+09
rate: 1000
tags:
- security
- edge
- edge-eu
- update-sample-tag
throttle_interval: 10
throttle_retry_limit: 10
schema:
$ref: '#/components/schemas/SessionState'
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: OK
"400":
content:
application/json:
example:
message: Request malformed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: No such organisation found in Active API list
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Not Found
"500":
content:
application/json:
example:
message: 'Error writing to key store '
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Update Organisation Key
tags:
- Organisation Quotas
/tyk/policies:
get:
description: Retrieve all the policies in your Tyk instance. Returns an array
policies.
operationId: listPolicies
responses:
"200":
content:
application/json:
examples:
policiesExample:
$ref: '#/components/examples/policiesExample'
schema:
items:
$ref: '#/components/schemas/Policy'
type: array
description: List of all policies.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
summary: List policies.
tags:
- Policies
post:
description: Create a policy in your Tyk Instance.
operationId: addPolicy
requestBody:
content:
application/json:
example:
access_rights:
itachi-api:
allowed_urls:
- methods:
- GET
url: /users
api_id: 8ddd91f3cda9453442c477b06c4e2da4
api_name: Itachi api
disable_introspection: false
versions:
- Default
active: true
hmac_enabled: false
id: 5ead7120575961000181867e
is_inactive: false
key_expires_in: 2.592e+06
max_query_depth: -1
meta_data:
update: sample policy update
user_type: mobile_user
name: Sample policy
partitions:
acl: true
complexity: false
per_api: false
quota: true
rate_limit: true
per: 60
quota_max: 10000
quota_renewal_rate: 3600
rate: 1000
tags:
- security
throttle_interval: 10
throttle_retry_limit: 10
schema:
$ref: '#/components/schemas/Policy'
responses:
"200":
content:
application/json:
example:
action: added
key: 5ead7120575961000181867e
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: Policy created.
"400":
content:
application/json:
example:
message: Request malformed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Malformed request.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"500":
content:
application/json:
example:
message: Due to enabled service policy source, please use the Dashboard
API.
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Create a policy.
tags:
- Policies
/tyk/policies/{polID}:
delete:
description: Delete a policy by ID in your Tyk instance.
operationId: deletePolicy
parameters:
- description: You can retrieve details of a single policy by ID in your Tyk
instance.
example: 5ead7120575961000181867e
in: path
name: polID
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
action: deleted
key: 5ead7120575961000181867e
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: Deleted policy by ID
"400":
content:
application/json:
example:
message: Must specify an apiID to update
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Policy Id not provided
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"500":
content:
application/json:
example:
message: Delete failed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Delete a policy.
tags:
- Policies
get:
description: You can retrieve details of a single policy by ID in your Tyk instance.
operationId: getPolicy
parameters:
- description: You can retrieve details of a single policy by ID in your Tyk
instance.
example: 5ead7120575961000181867e
in: path
name: polID
required: true
schema:
type: string
responses:
"200":
content:
application/json:
example:
access_rights:
itachi-api:
allowed_urls:
- methods:
- GET
url: /users
api_id: 8ddd91f3cda9453442c477b06c4e2da4
api_name: Itachi api
disable_introspection: false
versions:
- Default
active: true
hmac_enabled: false
id: 5ead7120575961000181867e
is_inactive: false
key_expires_in: 2.592e+06
max_query_depth: -1
meta_data:
update: sample policy update
user_type: mobile_user
name: Sample policy
partitions:
acl: true
complexity: false
per_api: false
quota: true
rate_limit: true
per: 60
quota_max: 10000
quota_renewal_rate: 3600
rate: 1000
tags:
- security
throttle_interval: 10
throttle_retry_limit: 10
schema:
$ref: '#/components/schemas/Policy'
description: Get details of a single policy.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: Policy not found
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Policy not found
summary: Get a policy.
tags:
- Policies
put:
description: You can update a Policy in your Tyk Instance by ID.
operationId: updatePolicy
parameters:
- description: You can retrieve details of a single policy by ID in your Tyk
instance.
example: 5ead7120575961000181867e
in: path
name: polID
required: true
schema:
type: string
requestBody:
content:
application/json:
example:
access_rights:
itachi-api:
allowed_urls:
- methods:
- GET
url: /users
api_id: 8ddd91f3cda9453442c477b06c4e2da4
api_name: Itachi api
disable_introspection: false
versions:
- Default
active: true
hmac_enabled: false
id: 5ead7120575961000181867e
is_inactive: false
key_expires_in: 2.592e+06
max_query_depth: -1
meta_data:
update: sample policy update
user_type: mobile_user
name: update policy sample
partitions:
acl: true
complexity: false
per_api: false
quota: true
rate_limit: true
per: 60
quota_max: 10000
quota_renewal_rate: 3600
rate: 1000
tags:
- security
throttle_interval: 10
throttle_retry_limit: 10
schema:
$ref: '#/components/schemas/Policy'
responses:
"200":
content:
application/json:
example:
action: modified
key: 5ead7120575961000181867e
status: ok
schema:
$ref: '#/components/schemas/ApiModifyKeySuccess'
description: Policy updated
"400":
content:
application/json:
example:
message: Request malformed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: malformed request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"500":
content:
application/json:
example:
message: Failed to create file!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Internal server error.
summary: Update a policy.
tags:
- Policies
/tyk/reload:
get:
description: Tyk is capable of reloading configurations without having to stop
serving requests. This means that API configurations can be added at runtime,
or even modified at runtime and those rules applied immediately without any
downtime.
operationId: hotReload
parameters:
- description: Block a response until the reload is performed. This can be useful
in scripting environments like CI/CD workflows.
example: false
in: query
name: block
required: false
schema:
type: boolean
responses:
"200":
content:
application/json:
example:
message: ""
status: ok
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Reload gateway.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
summary: Hot-reload a single node.
tags:
- Hot Reload
/tyk/reload/group:
get:
description: To reload a whole group of Tyk nodes (without using the Dashboard
or host manager). You can send an API request to a single node, this node
will then send a notification through the pub/sub infrastructure to all other
listening nodes (including the host manager if it is being used to manage
Nginx) which will then trigger a global reload.
operationId: hotReloadGroup
responses:
"200":
content:
application/json:
example:
message: ""
status: ok
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Reload the Tyk Gateway.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
summary: Hot-reload a group of Tyk nodes.
tags:
- Hot Reload
/{listen_path}/tyk/batch:
post:
description: Endpoint to run batch request.
operationId: batch
parameters:
- description: API listen path
example: get
in: path
name: listen_path
required: true
schema:
type: string
requestBody:
content:
application/json:
example:
requests:
- body: ""
headers:
authorization: 1dbc83b9c431649d7698faa9797e2900f
x-tyk-test: "1"
x-tyk-version: "1.2"
method: GET
relative_url: get
- body: ""
headers:
authorization: 1dbc83b9c431649d7698faa9797e2900f
x-tyk-test: "2"
x-tyk-version: "1.2"
method: GET
relative_url: get
suppress_parallel_execution: false
schema:
$ref: '#/components/schemas/BatchRequestStructure'
responses:
"200":
content:
application/json:
example:
- body: '{"message": "success"}'
code: 200
headers:
Access-Control-Allow-Credentials:
- "true"
Content-Type:
- application/json
relative_url: get
schema:
items:
$ref: '#/components/schemas/BatchReplyUnit'
type: array
description: Success.
"400":
content:
application/json:
example:
message: Batch request malformed
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Bad Request
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
summary: Run batch request.
tags:
- Batch requests
/tyk/schema:
get:
description: Get OAS schema definition using a version.
operationId: getSchema
parameters:
- description: The OAS version to fetch.
example: 3.0.3
in: query
name: oasVersion
required: false
schema:
type: string
responses:
"200":
content:
application/json:
example:
message: ""
status: Success
schema:
$ref: '#/components/schemas/OASSchemaResponse'
description: OAS schema response.
"403":
content:
application/json:
example:
message: Attempted administrative access with invalid or missing key!
status: error
schema:
$ref: '#/components/schemas/ApiStatusMessage'
description: Forbidden
"404":
content:
application/json:
example:
message: Schema not found for version "4"
status: Failed
schema:
$ref: '#/components/schemas/OASSchemaResponse'
description: Version not found
summary: Get OAS schema.
tags:
- Schema
components:
examples:
certIdList:
value:
certs:
- 5e9d9544a1dcd60001d0ed20a6ab77653d5da938f452bb8cc9b55b0630a6743dabd8dc92bfb025abb09ce035
- 5e9d9544a1dcd60001d0ed207c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90
certificateBasicList:
value:
certs:
- dns_names:
- example.com
- www.example.com
has_private: true
id: 5e9d9544a1dcd60001d0ed20a6ab77653d5da938f452bb8cc9b55b0630a6743dabd8dc92bfb025abb09ce035
is_ca: false
issuer_cn: Issuer 1
not_after: "2024-01-01T00:00:00Z"
not_before: "2023-01-01T00:00:00Z"
subject_cn: Subject 1
- dns_names:
- example.org
- www.example.org
has_private: false
id: 5e9d9544a1dcd60001d0ed207c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90
is_ca: true
issuer_cn: Issuer 2
not_after: "2024-02-01T00:00:00Z"
not_before: "2023-02-01T00:00:00Z"
subject_cn: Subject 2
certificateMetaExample:
value:
dns_names:
- .*tyk.io
fingerprint: 7c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90
has_private: false
id: 5e9d9544a1dcd60001d0ed207c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90
is_ca: false
issuer:
CommonName: tyk.io
Country:
- Peachtree
ExtraNames: null
Locality: null
Names:
- Type:
- 2
- 5
- 4
- 6
Value: Peachtree
- Type:
- 2
- 5
- 4
- 10
Value: tyk
- Type:
- 2
- 5
- 4
- 11
Value: tyk
- Type:
- 2
- 5
- 4
- 3
Value: tyk.io
- Type:
- 1
- 2
- 840
- 113549
- 1
- 9
- 1
Value: support@tyk.io
Organization:
- tyk
OrganizationalUnit:
- tyk
PostalCode: null
Province: null
SerialNumber: ""
StreetAddress: null
not_after: "2034-03-26T08:46:37Z"
not_before: "2024-03-25T08:46:37Z"
subject:
CommonName: tyk.io
Country:
- Peachtree
ExtraNames: null
Locality: null
Names:
- Type:
- 2
- 5
- 4
- 6
Value: Peachtree
- Type:
- 2
- 5
- 4
- 10
Value: tyk
- Type:
- 2
- 5
- 4
- 11
Value: tyk
- Type:
- 2
- 5
- 4
- 3
Value: tyk.io
- Type:
- 1
- 2
- 840
- 113549
- 1
- 9
- 1
Value: support@tyk.io
Organization:
- tyk
OrganizationalUnit:
- tyk
PostalCode: null
Province: null
SerialNumber: ""
StreetAddress: null
certificateMetaListExample:
value:
- dns_names:
- .*tyk.io
fingerprint: 7c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90
has_private: false
id: 5e9d9544a1dcd60001d0ed207c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90
is_ca: false
issuer:
CommonName: tyk.io
Country:
- Peachtree
ExtraNames: null
Locality: null
Names:
- Type:
- 2
- 5
- 4
- 6
Value: Peachtree
- Type:
- 2
- 5
- 4
- 10
Value: tyk
- Type:
- 2
- 5
- 4
- 11
Value: tyk
- Type:
- 2
- 5
- 4
- 3
Value: tyk.io
- Type:
- 1
- 2
- 840
- 113549
- 1
- 9
- 1
Value: support@tyk.io
Organization:
- tyk
OrganizationalUnit:
- tyk
PostalCode: null
Province: null
SerialNumber: ""
StreetAddress: null
not_after: "2034-03-26T08:46:37Z"
not_before: "2024-03-25T08:46:37Z"
subject:
CommonName: tyk.io
Country:
- Peachtree
ExtraNames: null
Locality: null
Names:
- Type:
- 2
- 5
- 4
- 6
Value: Peachtree
- Type:
- 2
- 5
- 4
- 10
Value: tyk
- Type:
- 2
- 5
- 4
- 11
Value: tyk
- Type:
- 2
- 5
- 4
- 3
Value: tyk.io
- Type:
- 1
- 2
- 840
- 113549
- 1
- 9
- 1
Value: support@tyk.io
Organization:
- tyk
OrganizationalUnit:
- tyk
PostalCode: null
Province: null
SerialNumber: ""
StreetAddress: null
oasExample:
value:
components:
securitySchemes:
bearerAuth:
description: The API Access Credentials
scheme: bearer
type: http
info:
description: This is a sample OAS.
title: OAS Sample
version: 1.0.0
openapi: 3.0.3
paths:
/api/sample/users:
get:
operationId: getUsers
responses:
"200":
content:
application/json:
schema:
items:
properties:
name:
type: string
type: object
type: array
description: fetched users
summary: Get users
tags:
- users
security:
- bearerAuth: []
servers:
- url: https://localhost:8080
x-tyk-api-gateway:
info:
name: user
state:
active: true
server:
listenPath:
strip: true
value: /user-test/
upstream:
url: https://localhost:8080
oasExampleList:
value:
- components:
securitySchemes:
bearerAuth:
description: The API Access Credentials
scheme: bearer
type: http
info:
description: This is a sample OAS.
title: OAS Sample
version: 1.0.0
openapi: 3.0.3
paths:
/api/sample/users:
get:
operationId: getUsers
responses:
"200":
content:
application/json:
schema:
items:
properties:
name:
type: string
type: object
type: array
description: fetched users
summary: Get users
tags:
- users
security:
- bearerAuth: []
servers:
- url: https://localhost:8080
x-tyk-api-gateway:
info:
name: user
state:
active: true
server:
listenPath:
strip: true
value: /user-test/
upstream:
url: https://localhost:8080
paginatedTokenExample:
value:
Pagination:
page_num: 1
page_size: 100
page_total: 0
Tokens:
- code: 5a7d110be6355b0c071cc339327563cb45174ae387f52f87a80d2496
expires: 1.518158407e+09
- code: 5a7d110be6355b0c071cc33988884222b0cf436eba7979c6c51d6dbd
expires: 1.518158594e+09
- code: 5a7d110be6355b0c071cc33990bac8b5261041c5a7d585bff291fec4
expires: 1.518158638e+09
- code: 5a7d110be6355b0c071cc339a66afe75521f49388065a106ef45af54
expires: 1.518159792e+09
policiesExample:
value:
- _id: ""
access_rights:
8ddd91f3cda9453442c477b06c4e2da4:
allowance_scope: ""
allowed_types: []
allowed_urls:
- methods:
- GET
url: /users
api_id: 8ddd91f3cda9453442c477b06c4e2da4
api_name: Itachi api
disable_introspection: false
field_access_rights: []
limit:
max_query_depth: 0
per: 0
quota_max: 0
quota_remaining: 0
quota_renewal_rate: 0
quota_renews: 0
rate: 0
smoothing:
delay: 30
enabled: false
step: 100
threshold: 500
trigger: 0.8
throttle_interval: 0
throttle_retry_limit: 0
restricted_types: []
versions:
- Default
active: true
enable_http_signature_validation: false
graphql_access_rights: null
hmac_enabled: false
id: 5ead7120575961000181867e
is_inactive: false
key_expires_in: 2.592e+06
last_updated: "1716980105"
max_query_depth: -1
meta_data:
user_type: mobile_user
name: Sample policy
org_id: 664a14650619d40001f1f00f
partitions:
acl: true
complexity: false
per_api: false
quota: true
rate_limit: true
per: 60
quota_max: 10000
quota_renewal_rate: 3600
rate: 1000
smoothing:
delay: 30
enabled: false
step: 100
threshold: 500
trigger: 0.8
tags:
- security
throttle_interval: 10
throttle_retry_limit: 10
tokenListExample:
value:
- code: 5a7d110be6355b0c071cc339327563cb45174ae387f52f87a80d2496
expires: 1.518158407e+09
- code: 5a7d110be6355b0c071cc33988884222b0cf436eba7979c6c51d6dbd
expires: 1.518158594e+09
- code: 5a7d110be6355b0c071cc33990bac8b5261041c5a7d585bff291fec4
expires: 1.518158638e+09
- code: 5a7d110be6355b0c071cc339a66afe75521f49388065a106ef45af54
expires: 1.518159792e+09
parameters:
AccessType:
description: Filter for internal or external API versions
example: internal
in: query
name: accessType
required: false
schema:
enum:
- internal
- external
type: string
AllowList:
description: Enable allowList middleware for all endpoints
in: query
name: allowList
required: false
schema:
$ref: '#/components/schemas/BooleanQueryParam'
Authentication:
description: Enable/disable the authentication mechanism in your Tyk Gateway
for your OAS API
in: query
name: authentication
schema:
$ref: '#/components/schemas/BooleanQueryParam'
CustomDomain:
description: Custom domain for the API
example: tyk.io
in: query
name: customDomain
required: false
schema:
type: string
ListenPath:
description: Listen path for the API
example: /user-test/
in: query
name: listenPath
required: false
schema:
type: string
MockResponse:
description: Enable mockResponse middleware for all endpoints having responses
configured.
in: query
name: mockResponse
required: false
schema:
$ref: '#/components/schemas/BooleanQueryParam'
SearchText:
description: Search for API version name
example: Sample oas
in: query
name: searchText
required: false
schema:
type: string
UpstreamURL:
description: Upstream URL for the API
example: https://localhost:8080
in: query
name: upstreamURL
required: false
schema:
type: string
ValidateRequest:
description: Enable validateRequest middleware for all endpoints having a request
body with media type application/json
in: query
name: validateRequest
required: false
schema:
$ref: '#/components/schemas/BooleanQueryParam'
schemas:
OpenAPI3Schema:
type: object
additionalProperties: true
APIAllCertificateBasics:
properties:
certs:
items:
$ref: '#/components/schemas/CertsCertificateBasics'
nullable: true
type: array
type: object
APIAllCertificates:
properties:
certs:
items:
type: string
nullable: true
type: array
type: object
APICertificateStatusMessage:
properties:
id:
example: 5e9d9544a1dcd60001d0ed207c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90
type: string
message:
example: Certificate added
type: string
status:
example: ok
type: string
type: object
APIDefinition:
properties:
CORS:
$ref: '#/components/schemas/CORSConfig'
active:
type: boolean
allowed_ips:
items:
type: string
nullable: true
type: array
analytics_plugin:
$ref: '#/components/schemas/AnalyticsPluginConfig'
api_id:
type: string
auth:
$ref: '#/components/schemas/AuthConfig'
auth_configs:
additionalProperties:
$ref: '#/components/schemas/AuthConfig'
nullable: true
type: object
auth_provider:
$ref: '#/components/schemas/AuthProviderMeta'
base_identity_provided_by:
type: string
basic_auth:
properties:
body_password_regexp:
type: string
body_user_regexp:
type: string
cache_ttl:
type: integer
disable_caching:
type: boolean
extract_from_body:
type: boolean
type: object
blacklisted_ips:
items:
type: string
nullable: true
type: array
cache_options:
$ref: '#/components/schemas/CacheOptions'
certificate_pinning_disabled:
type: boolean
certificates:
items:
type: string
nullable: true
type: array
client_certificates:
items:
type: string
nullable: true
type: array
config_data:
additionalProperties: {}
nullable: true
type: object
config_data_disabled:
type: boolean
custom_middleware:
$ref: '#/components/schemas/MiddlewareSection'
custom_middleware_bundle:
type: string
custom_middleware_bundle_disabled:
type: boolean
custom_plugin_auth_enabled:
type: boolean
definition:
$ref: '#/components/schemas/VersionDefinition'
detailed_tracing:
type: boolean
disable_quota:
type: boolean
disable_rate_limit:
type: boolean
do_not_track:
type: boolean
domain:
type: string
domain_disabled:
type: boolean
dont_set_quota_on_create:
type: boolean
enable_batch_request_support:
type: boolean
enable_context_vars:
type: boolean
enable_coprocess_auth:
type: boolean
enable_detailed_recording:
type: boolean
enable_ip_blacklisting:
type: boolean
enable_ip_whitelisting:
type: boolean
enable_jwt:
type: boolean
enable_proxy_protocol:
type: boolean
enable_signature_checking:
type: boolean
event_handlers:
$ref: '#/components/schemas/EventHandlerMetaConfig'
expiration:
type: string
expire_analytics_after:
type: integer
external_oauth:
$ref: '#/components/schemas/ExternalOAuth'
global_rate_limit:
$ref: '#/components/schemas/GlobalRateLimit'
graphql:
$ref: '#/components/schemas/GraphQLConfig'
hmac_allowed_algorithms:
items:
type: string
nullable: true
type: array
hmac_allowed_clock_skew:
type: number
id:
type: string
idp_client_id_mapping_disabled:
type: boolean
internal:
type: boolean
is_oas:
type: boolean
jwt_client_base_field:
type: string
jwt_default_policies:
items:
type: string
nullable: true
type: array
jwt_expires_at_validation_skew:
minimum: 0
type: integer
jwt_identity_base_field:
type: string
jwt_issued_at_validation_skew:
minimum: 0
type: integer
jwt_not_before_validation_skew:
minimum: 0
type: integer
jwt_policy_field_name:
type: string
jwt_scope_claim_name:
type: string
jwt_scope_to_policy_mapping:
additionalProperties:
type: string
nullable: true
type: object
jwt_signing_method:
type: string
jwt_skip_kid:
type: boolean
jwt_source:
type: string
listen_port:
type: integer
name:
type: string
notifications:
$ref: '#/components/schemas/NotificationsManager'
oauth_meta:
properties:
allowed_access_types:
items:
type: string
nullable: true
type: array
allowed_authorize_types:
items:
type: string
nullable: true
type: array
auth_login_redirect:
type: string
type: object
openid_options:
$ref: '#/components/schemas/OpenIDOptions'
org_id:
type: string
pinned_public_keys:
additionalProperties:
type: string
nullable: true
type: object
protocol:
type: string
proxy:
$ref: '#/components/schemas/ProxyConfig'
request_signing:
$ref: '#/components/schemas/RequestSigningMeta'
response_processors:
items:
$ref: '#/components/schemas/ResponseProcessor'
nullable: true
type: array
scopes:
$ref: '#/components/schemas/Scopes'
session_lifetime:
type: integer
session_lifetime_respects_key_expiration:
type: boolean
session_provider:
$ref: '#/components/schemas/SessionProviderMeta'
slug:
type: string
strip_auth_data:
type: boolean
tag_headers:
items:
type: string
nullable: true
type: array
tags:
example:
- Default
- v1
items:
type: string
nullable: true
type: array
tags_disabled:
type: boolean
upstream_certificates:
additionalProperties:
type: string
nullable: true
type: object
upstream_certificates_disabled:
type: boolean
uptime_tests:
$ref: '#/components/schemas/UptimeTests'
use_basic_auth:
type: boolean
use_go_plugin_auth:
type: boolean
use_keyless:
type: boolean
use_mutual_tls_auth:
type: boolean
use_oauth2:
type: boolean
use_openid:
type: boolean
use_standard_auth:
type: boolean
version_data:
$ref: '#/components/schemas/VersionData'
type: object
APILimit:
properties:
max_query_depth:
type: integer
per:
type: number
quota_max:
type: integer
quota_remaining:
type: integer
quota_renewal_rate:
type: integer
quota_renews:
type: integer
rate:
type: number
smoothing:
$ref: '#/components/schemas/RateLimitSmoothing'
throttle_interval:
type: number
throttle_retry_limit:
type: integer
type: object
AccessDefinition:
properties:
allowance_scope:
example: d371b83b249845a2497ab9a947fd6210
type: string
allowed_types:
items:
$ref: '#/components/schemas/GraphqlType'
nullable: true
type: array
allowed_urls:
items:
$ref: '#/components/schemas/AccessSpec'
nullable: true
type: array
api_id:
example: d1dfc6a927a046c54c0ed470f19757cc
type: string
api_name:
example: Rate Limit Proxy API
type: string
disable_introspection:
example: false
type: boolean
endpoints:
$ref: '#/components/schemas/Endpoints'
field_access_rights:
items:
$ref: '#/components/schemas/FieldAccessDefinition'
nullable: true
type: array
limit:
$ref: '#/components/schemas/APILimit'
restricted_types:
items:
$ref: '#/components/schemas/GraphqlType'
nullable: true
type: array
versions:
example:
- Default
- v2
items:
type: string
nullable: true
type: array
type: object
AccessSpec:
properties:
methods:
example:
- GET
- POST
- DELETE
- PUT
items:
type: string
nullable: true
type: array
url:
example: anything/rate-limit-1-per-5
type: string
type: object
Allowance:
properties:
enabled:
type: boolean
ignoreCase:
type: boolean
type: object
AnalyticsPluginConfig:
properties:
enable:
type: boolean
func_name:
type: string
plugin_path:
type: string
type: object
ApiAllKeys:
properties:
keys:
items:
type: string
nullable: true
type: array
type: object
ApiModifyKeySuccess:
properties:
action:
example: modified
type: string
key:
example: b13d928b9972bd18
type: string
key_hash:
type: string
status:
example: ok
type: string
type: object
ApiStatusMessage:
properties:
message:
type: string
status:
type: string
type: object
AuthConfig:
properties:
auth_header_name:
example: Authorization
type: string
cookie_name:
type: string
disable_header:
type: boolean
name:
type: string
param_name:
type: string
signature:
$ref: '#/components/schemas/SignatureConfig'
use_certificate:
type: boolean
use_cookie:
type: boolean
use_param:
type: boolean
validate_signature:
type: boolean
type: object
AuthProviderMeta:
properties:
meta:
additionalProperties: {}
nullable: true
type: object
name:
type: string
storage_engine:
type: string
type: object
AuthSource:
properties:
enabled:
type: boolean
name:
type: string
type: object
AuthSources:
properties:
cookie:
$ref: '#/components/schemas/AuthSource'
header:
$ref: '#/components/schemas/AuthSource'
query:
$ref: '#/components/schemas/AuthSource'
type: object
Authentication:
properties:
baseIdentityProvider:
type: string
custom:
$ref: '#/components/schemas/CustomPluginAuthentication'
enabled:
type: boolean
hmac:
$ref: '#/components/schemas/HMAC'
oidc:
$ref: '#/components/schemas/OIDC'
securitySchemes:
$ref: '#/components/schemas/SecuritySchemes'
stripAuthorizationData:
type: boolean
type: object
AuthenticationPlugin:
properties:
enabled:
type: boolean
functionName:
type: string
idExtractor:
$ref: '#/components/schemas/IDExtractor'
path:
type: string
rawBodyOnly:
type: boolean
type: object
BasicAuthData:
properties:
hash_type:
type: string
password:
type: string
type: object
BatchReplyUnit:
properties:
body:
type: string
code:
type: integer
headers:
$ref: '#/components/schemas/HttpHeader'
relative_url:
type: string
type: object
BatchRequestStructure:
properties:
requests:
items:
$ref: '#/components/schemas/RequestDefinition'
nullable: true
type: array
suppress_parallel_execution:
type: boolean
type: object
RequestDefinition:
properties:
body:
type: string
headers:
additionalProperties:
type: string
nullable: true
type: object
method:
type: string
relative_url:
type: string
type: object
BooleanQueryParam:
example: true
type: boolean
CORS:
properties:
allowCredentials:
type: boolean
allowedHeaders:
items:
type: string
type: array
allowedMethods:
items:
type: string
type: array
allowedOrigins:
items:
type: string
type: array
debug:
type: boolean
enabled:
type: boolean
exposedHeaders:
items:
type: string
type: array
maxAge:
type: integer
optionsPassthrough:
type: boolean
type: object
CORSConfig:
properties:
allow_credentials:
example: false
type: boolean
allowed_headers:
example:
- Origin
- Accept
- Content-Type
- Authorization
items:
type: string
nullable: true
type: array
allowed_methods:
example:
- GET
- HEAD
- POST
items:
type: string
nullable: true
type: array
allowed_origins:
example:
- https://*.foo.com
items:
type: string
nullable: true
type: array
debug:
example: true
type: boolean
enable:
example: false
type: boolean
exposed_headers:
example:
- Accept
- Content-Type
items:
type: string
nullable: true
type: array
max_age:
example: 24
type: integer
options_passthrough:
example: false
type: boolean
type: object
Cache:
properties:
cacheAllSafeRequests:
type: boolean
cacheByHeaders:
items:
type: string
type: array
cacheResponseCodes:
items:
type: integer
type: array
controlTTLHeaderName:
type: string
enableUpstreamCacheControl:
type: boolean
enabled:
type: boolean
timeout:
type: integer
type: object
CacheMeta:
properties:
cache_key_regex:
type: string
cache_response_codes:
items:
type: integer
nullable: true
type: array
disabled:
type: boolean
method:
type: string
path:
type: string
timeout:
format: int64
type: integer
type: object
CacheOptions:
properties:
cache_all_safe_requests:
example: false
type: boolean
cache_by_headers:
items:
type: string
nullable: true
type: array
cache_control_ttl_header:
type: string
cache_response_codes:
items:
type: integer
nullable: true
type: array
cache_timeout:
example: 60
format: int64
type: integer
enable_cache:
example: true
type: boolean
enable_upstream_cache_control:
example: false
type: boolean
type: object
CachePlugin:
properties:
cacheByRegex:
type: string
cacheResponseCodes:
items:
type: integer
type: array
enabled:
type: boolean
timeout:
type: integer
type: object
CertificatePinning:
properties:
domainToPublicKeysMapping:
$ref: '#/components/schemas/PinnedPublicKeys'
enabled:
type: boolean
type: object
CertsCertificateBasics:
properties:
dns_names:
items:
type: string
nullable: true
type: array
has_private:
type: boolean
id:
type: string
is_ca:
type: boolean
issuer_cn:
type: string
not_after:
format: date-time
type: string
not_before:
format: date-time
type: string
subject_cn:
type: string
type: object
CertsCertificateMeta:
properties:
dns_names:
example:
- .*tyk.io
items:
type: string
type: array
fingerprint:
example: 7c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90
type: string
has_private:
example: false
type: boolean
id:
example: 5e9d9544a1dcd60001d0ed207c440d66ebb0a4629d21329808dce9091acf5f2fde328067a6e60e5347271d90
type: string
is_ca:
type: boolean
issuer:
$ref: '#/components/schemas/PkixName'
not_after:
example: "2034-03-26T08:46:37Z"
format: date-time
type: string
not_before:
example: "2024-03-25T08:46:37Z"
format: date-time
type: string
subject:
$ref: '#/components/schemas/PkixName'
type: object
CheckCommand:
properties:
message:
type: string
name:
type: string
type: object
CircuitBreaker:
properties:
coolDownPeriod:
type: integer
enabled:
type: boolean
halfOpenStateEnabled:
type: boolean
sampleSize:
type: integer
threshold:
type: number
type: object
CircuitBreakerMeta:
properties:
disable_half_open_state:
type: boolean
disabled:
type: boolean
method:
type: string
path:
type: string
return_to_service_after:
type: integer
samples:
format: int64
type: integer
threshold_percent:
type: number
type: object
ClientCertificates:
properties:
allowlist:
items:
type: string
nullable: true
type: array
enabled:
type: boolean
type: object
ClientToPolicy:
properties:
clientId:
type: string
policyId:
type: string
type: object
ContextVariables:
properties:
enabled:
type: boolean
type: object
CustomPlugin:
properties:
enabled:
type: boolean
functionName:
type: string
path:
type: string
rawBodyOnly:
type: boolean
requireSession:
type: boolean
type: object
CustomPluginAuthentication:
properties:
AuthSources:
$ref: '#/components/schemas/AuthSources'
config:
$ref: '#/components/schemas/AuthenticationPlugin'
enabled:
type: boolean
type: object
CustomPlugins:
items:
$ref: '#/components/schemas/CustomPlugin'
type: array
DatasourceMappingConfiguration:
properties:
disabled:
type: boolean
path:
type: string
type: object
DatasourceSourceConfig:
properties:
data_source_config: {}
kind:
type: string
type: object
DatasourceTypeFieldConfiguration:
properties:
data_source:
$ref: '#/components/schemas/DatasourceSourceConfig'
field_name:
type: string
mapping:
$ref: '#/components/schemas/DatasourceMappingConfiguration'
type_name:
type: string
type: object
DetailedActivityLogs:
properties:
enabled:
type: boolean
type: object
DetailedTracing:
properties:
enabled:
type: boolean
type: object
Domain:
properties:
certificates:
items:
type: string
type: array
enabled:
type: boolean
name:
type: string
type: object
DomainToCertificate:
properties:
certificate:
type: string
domain:
type: string
type: object
EndPointMeta:
properties:
disabled:
type: boolean
ignore_case:
type: boolean
method:
type: string
method_actions:
additionalProperties:
$ref: '#/components/schemas/EndpointMethodMeta'
type: object
path:
type: string
type: object
Endpoint:
properties:
methods:
$ref: '#/components/schemas/EndpointMethods'
path:
type: string
type: object
EndpointMethod:
properties:
limit:
$ref: '#/components/schemas/RateLimitType2'
name:
type: string
type: object
EndpointMethodMeta:
properties:
action:
enum:
- no_action
- reply
type: string
code:
type: integer
data:
type: string
headers:
additionalProperties:
type: string
nullable: true
type: object
type: object
EndpointMethods:
items:
$ref: '#/components/schemas/EndpointMethod'
type: array
EndpointPostPlugin:
properties:
enabled:
type: boolean
functionName:
type: string
name:
type: string
path:
type: string
type: object
EndpointPostPlugins:
items:
$ref: '#/components/schemas/EndpointPostPlugin'
type: array
Endpoints:
items:
$ref: '#/components/schemas/Endpoint'
type: array
EnforceTimeout:
properties:
enabled:
type: boolean
value:
type: integer
type: object
EventHandler:
properties:
enabled:
type: boolean
id:
type: string
name:
type: string
trigger:
type: string
type:
type: string
type: object
EventHandlerMetaConfig:
properties:
events:
additionalProperties:
items:
$ref: '#/components/schemas/EventHandlerTriggerConfig'
type: array
nullable: true
type: object
type: object
EventHandlerTriggerConfig:
properties:
handler_meta:
additionalProperties: {}
nullable: true
type: object
handler_name:
type: string
type: object
EventHandlers:
items:
$ref: '#/components/schemas/EventHandler'
type: array
ExtendedPathsSet:
properties:
advance_cache_config:
items:
$ref: '#/components/schemas/CacheMeta'
type: array
black_list:
items:
$ref: '#/components/schemas/EndPointMeta'
type: array
cache:
items:
type: string
type: array
circuit_breakers:
items:
$ref: '#/components/schemas/CircuitBreakerMeta'
type: array
do_not_track_endpoints:
items:
$ref: '#/components/schemas/TrackEndpointMeta'
type: array
go_plugin:
items:
$ref: '#/components/schemas/GoPluginMeta'
type: array
hard_timeouts:
items:
$ref: '#/components/schemas/HardTimeoutMeta'
type: array
ignored:
items:
$ref: '#/components/schemas/EndPointMeta'
type: array
internal:
items:
$ref: '#/components/schemas/InternalMeta'
type: array
method_transforms:
items:
$ref: '#/components/schemas/MethodTransformMeta'
type: array
mock_response:
items:
$ref: '#/components/schemas/MockResponseMeta'
type: array
persist_graphql:
items:
$ref: '#/components/schemas/PersistGraphQLMeta'
nullable: true
type: array
rate_limit:
items:
$ref: '#/components/schemas/RateLimitMeta'
nullable: true
type: array
size_limits:
items:
$ref: '#/components/schemas/RequestSizeMeta'
type: array
track_endpoints:
items:
$ref: '#/components/schemas/TrackEndpointMeta'
type: array
transform:
items:
$ref: '#/components/schemas/TemplateMeta'
type: array
transform_headers:
items:
$ref: '#/components/schemas/HeaderInjectionMeta'
type: array
transform_jq:
items:
$ref: '#/components/schemas/TransformJQMeta'
type: array
transform_jq_response:
items:
$ref: '#/components/schemas/TransformJQMeta'
type: array
transform_response:
items:
$ref: '#/components/schemas/TemplateMeta'
type: array
transform_response_headers:
items:
$ref: '#/components/schemas/HeaderInjectionMeta'
type: array
url_rewrites:
items:
$ref: '#/components/schemas/URLRewriteMeta'
type: array
validate_json:
items:
$ref: '#/components/schemas/ValidatePathMeta'
type: array
validate_request:
items:
$ref: '#/components/schemas/ValidateRequestMeta'
type: array
virtual:
items:
$ref: '#/components/schemas/VirtualMeta'
type: array
white_list:
items:
$ref: '#/components/schemas/EndPointMeta'
type: array
type: object
ExternalOAuth:
properties:
enabled:
type: boolean
providers:
items:
$ref: '#/components/schemas/Provider'
nullable: true
type: array
type: object
FieldAccessDefinition:
properties:
field_name:
type: string
limits:
$ref: '#/components/schemas/FieldLimits'
type_name:
type: string
type: object
FieldLimits:
properties:
max_query_depth:
type: integer
type: object
FromOASExamples:
properties:
code:
type: integer
contentType:
type: string
enabled:
type: boolean
exampleName:
type: string
type: object
GatewayTags:
properties:
enabled:
type: boolean
tags:
items:
type: string
nullable: true
type: array
type: object
Global:
properties:
cache:
$ref: '#/components/schemas/Cache'
contextVariables:
$ref: '#/components/schemas/ContextVariables'
cors:
$ref: '#/components/schemas/CORS'
pluginConfig:
$ref: '#/components/schemas/PluginConfig'
postAuthenticationPlugin:
$ref: '#/components/schemas/PostAuthenticationPlugin'
postAuthenticationPlugins:
$ref: '#/components/schemas/CustomPlugins'
postPlugin:
$ref: '#/components/schemas/PostPlugin'
postPlugins:
$ref: '#/components/schemas/CustomPlugins'
prePlugin:
$ref: '#/components/schemas/PrePlugin'
prePlugins:
$ref: '#/components/schemas/CustomPlugins'
responsePlugin:
$ref: '#/components/schemas/ResponsePlugin'
responsePlugins:
$ref: '#/components/schemas/CustomPlugins'
trafficLogs:
$ref: '#/components/schemas/TrafficLogs'
transformRequestHeaders:
$ref: '#/components/schemas/TransformHeaders'
transformResponseHeaders:
$ref: '#/components/schemas/TransformHeaders'
type: object
GlobalRateLimit:
properties:
disabled:
type: boolean
per:
type: number
rate:
type: number
type: object
GoPluginMeta:
properties:
disabled:
type: boolean
func_name:
type: string
method:
type: string
path:
type: string
plugin_path:
type: string
type: object
GraphAccessDefinition:
type: object
GraphQLConfig:
properties:
enabled:
type: boolean
engine:
$ref: '#/components/schemas/GraphQLEngineConfig'
execution_mode:
enum:
- proxyOnly
- executionEngine
- subgraph
- supergraph
- "" # Allow empty string
type: string
introspection:
$ref: '#/components/schemas/GraphQLIntrospectionConfig'
last_schema_update:
format: date-time
nullable: true
type: string
playground:
$ref: '#/components/schemas/GraphQLPlayground'
proxy:
$ref: '#/components/schemas/GraphQLProxyConfig'
schema:
type: string
subgraph:
$ref: '#/components/schemas/GraphQLSubgraphConfig'
supergraph:
$ref: '#/components/schemas/GraphQLSupergraphConfig'
type_field_configurations:
items:
$ref: '#/components/schemas/DatasourceTypeFieldConfiguration'
nullable: true
type: array
version:
enum:
- "1"
- "2"
- "" # Allow empty string
type: string
type: object
GraphQLEngineConfig:
properties:
data_sources:
items:
$ref: '#/components/schemas/GraphQLEngineDataSource'
nullable: true
type: array
field_configs:
items:
$ref: '#/components/schemas/GraphQLFieldConfig'
nullable: true
type: array
global_headers:
items:
$ref: '#/components/schemas/UDGGlobalHeader'
nullable: true
type: array
type: object
GraphQLEngineDataSource:
properties:
config: {}
internal:
type: boolean
kind:
type: string
name:
type: string
root_fields:
items:
$ref: '#/components/schemas/GraphQLTypeFields'
nullable: true
type: array
type: object
GraphQLFieldConfig:
properties:
disable_default_mapping:
type: boolean
field_name:
type: string
path:
items:
type: string
nullable: true
type: array
type_name:
type: string
type: object
GraphQLIntrospectionConfig:
properties:
disabled:
type: boolean
type: object
GraphQLPlayground:
properties:
enabled:
type: boolean
path:
type: string
type: object
GraphQLProxyConfig:
properties:
auth_headers:
additionalProperties:
type: string
nullable: true
type: object
features:
$ref: '#/components/schemas/GraphQLProxyFeaturesConfig'
request_headers:
additionalProperties:
type: string
nullable: true
type: object
request_headers_rewrite:
additionalProperties:
$ref: '#/components/schemas/RequestHeadersRewriteConfig'
nullable: true
type: object
subscription_type:
type: string
use_response_extensions:
$ref: '#/components/schemas/GraphQLResponseExtensions'
type: object
GraphQLProxyFeaturesConfig:
properties:
use_immutable_headers:
type: boolean
type: object
GraphQLResponseExtensions:
properties:
on_error_forwarding:
type: boolean
type: object
GraphQLSubgraphConfig:
properties:
sdl:
type: string
type: object
GraphQLSubgraphEntity:
properties:
api_id:
type: string
headers:
additionalProperties:
type: string
nullable: true
type: object
name:
type: string
sdl:
type: string
subscription_type:
type: string
url:
type: string
type: object
GraphQLSupergraphConfig:
properties:
disable_query_batching:
type: boolean
global_headers:
additionalProperties:
type: string
nullable: true
type: object
merged_sdl:
type: string
subgraphs:
items:
$ref: '#/components/schemas/GraphQLSubgraphEntity'
nullable: true
type: array
updated_at:
format: date-time
nullable: true
type: string
type: object
GraphQLTypeFields:
properties:
fields:
items:
type: string
nullable: true
type: array
type:
type: string
type: object
GraphqlType:
properties:
fields:
items:
type: string
nullable: true
type: array
name:
type: string
type: object
HMAC:
properties:
AuthSources:
$ref: '#/components/schemas/AuthSources'
allowedAlgorithms:
items:
type: string
type: array
allowedClockSkew:
type: number
enabled:
type: boolean
type: object
HardTimeoutMeta:
properties:
disabled:
type: boolean
method:
type: string
path:
type: string
timeout:
type: integer
type: object
Header:
properties:
name:
type: string
value:
type: string
type: object
HeaderInjectionMeta:
properties:
act_on:
type: boolean
add_headers:
additionalProperties:
type: string
nullable: true
type: object
delete_headers:
items:
type: string
nullable: true
type: array
disabled:
type: boolean
method:
type: string
path:
type: string
type: object
Headers:
items:
$ref: '#/components/schemas/Header'
type: array
HealthCheckItem:
properties:
componentId:
type: string
componentType:
type: string
output:
type: string
status:
enum:
- pass
- fail
- warn
type: string
time:
type: string
type: object
HealthCheckResponse:
properties:
description:
type: string
details:
additionalProperties:
$ref: '#/components/schemas/HealthCheckItem'
type: object
output:
type: string
status:
enum:
- pass
- fail
- warn
type: string
version:
type: string
type: object
HostCheckObject:
properties:
body:
type: string
commands:
items:
$ref: '#/components/schemas/CheckCommand'
nullable: true
type: array
enable_proxy_protocol:
type: boolean
headers:
additionalProperties:
type: string
nullable: true
type: object
method:
type: string
protocol:
type: string
timeout:
type: integer
url:
type: string
type: object
HttpHeader:
additionalProperties:
items:
type: string
type: array
type: object
IDExtractor:
properties:
config:
$ref: '#/components/schemas/IDExtractorConfig'
enabled:
type: boolean
source:
type: string
with:
type: string
type: object
IDExtractorConfig:
properties:
formParamName:
type: string
headerName:
type: string
regexp:
type: string
regexpMatchIndex:
type: integer
xPathExp:
type: string
type: object
Info:
properties:
dbId:
type: string
expiration:
type: string
id:
type: string
name:
type: string
orgId:
type: string
state:
$ref: '#/components/schemas/State'
versioning:
$ref: '#/components/schemas/Versioning'
type: object
Internal:
properties:
enabled:
type: boolean
type: object
InternalMeta:
properties:
disabled:
type: boolean
method:
type: string
path:
type: string
type: object
Introspection:
properties:
cache:
$ref: '#/components/schemas/IntrospectionCache'
client_id:
type: string
client_secret:
type: string
enabled:
type: boolean
identity_base_field:
type: string
url:
type: string
type: object
IntrospectionCache:
properties:
enabled:
type: boolean
timeout:
format: int64
type: integer
type: object
JWTData:
properties:
secret:
type: string
type: object
JWTValidation:
properties:
enabled:
type: boolean
expires_at_validation_skew:
minimum: 0
type: integer
identity_base_field:
type: string
issued_at_validation_skew:
minimum: 0
type: integer
not_before_validation_skew:
minimum: 0
type: integer
signing_method:
type: string
source:
type: string
type: object
ListenPath:
properties:
strip:
type: boolean
value:
type: string
type: object
MethodTransformMeta:
properties:
disabled:
type: boolean
method:
type: string
path:
type: string
to_method:
type: string
type: object
Middleware:
properties:
global:
$ref: '#/components/schemas/Global'
operations:
$ref: '#/components/schemas/Operations'
type: object
MiddlewareDefinition:
properties:
disabled:
type: boolean
name:
example: PreMiddlewareFunction
type: string
path:
type: string
raw_body_only:
example: false
type: boolean
require_session:
example: false
type: boolean
type: object
MiddlewareIdExtractor:
properties:
disabled:
type: boolean
extract_from:
type: string
extract_with:
type: string
extractor_config:
additionalProperties: {}
nullable: true
type: object
type: object
MiddlewareSection:
properties:
auth_check:
$ref: '#/components/schemas/MiddlewareDefinition'
driver:
type: string
id_extractor:
$ref: '#/components/schemas/MiddlewareIdExtractor'
post:
items:
$ref: '#/components/schemas/MiddlewareDefinition'
nullable: true
type: array
post_key_auth:
items:
$ref: '#/components/schemas/MiddlewareDefinition'
nullable: true
type: array
pre:
items:
$ref: '#/components/schemas/MiddlewareDefinition'
nullable: true
type: array
response:
items:
$ref: '#/components/schemas/MiddlewareDefinition'
nullable: true
type: array
type: object
MockResponse:
properties:
body:
type: string
code:
type: integer
enabled:
type: boolean
fromOASExamples:
$ref: '#/components/schemas/FromOASExamples'
headers:
$ref: '#/components/schemas/Headers'
type: object
MockResponseMeta:
properties:
body:
type: string
code:
type: integer
disabled:
type: boolean
headers:
additionalProperties:
type: string
nullable: true
type: object
ignore_case:
type: boolean
method:
type: string
path:
type: string
type: object
Monitor:
properties:
trigger_limits:
example:
- 80
- 60
- 50
items:
type: number
nullable: true
type: array
type: object
MutualTLS:
properties:
domainToCertificateMapping:
items:
$ref: '#/components/schemas/DomainToCertificate'
nullable: true
type: array
enabled:
type: boolean
type: object
NewClientRequest:
properties:
api_id:
example: keyless
type: string
client_id:
example: 2a06b398c17f46908de3dffcb71ef87b
type: string
description:
example: google client login
type: string
meta_data:
additionalProperties:
type: string
nullable: true
type: object
policy_id:
type: string
redirect_uri:
example: https://httpbin.org/ip
type: string
secret:
example: MmQwNTI5NGQtYjU0YS00NjMyLWIwZjktNTZjY2M1ZjhjYWY0
type: string
type: object
NotificationsManager:
properties:
oauth_on_keychange_url:
type: string
shared_secret:
type: string
type: object
OASSchemaResponse:
properties:
message:
type: string
schema: {}
status:
type: string
type: object
OAuthClientToken:
properties:
code:
type: string
expires:
type: integer
type: object
OIDC:
properties:
AuthSources:
$ref: '#/components/schemas/AuthSources'
enabled:
type: boolean
providers:
items:
$ref: '#/components/schemas/ProviderType2'
type: array
scopes:
$ref: '#/components/schemas/ScopesType2'
segregateByClientId:
type: boolean
type: object
OIDProviderConfig:
properties:
client_ids:
additionalProperties:
type: string
nullable: true
type: object
issuer:
type: string
type: object
OpenIDOptions:
properties:
providers:
items:
$ref: '#/components/schemas/OIDProviderConfig'
nullable: true
type: array
segregate_by_client:
type: boolean
type: object
Operation:
properties:
allow:
$ref: '#/components/schemas/Allowance'
block:
$ref: '#/components/schemas/Allowance'
cache:
$ref: '#/components/schemas/CachePlugin'
circuitBreaker:
$ref: '#/components/schemas/CircuitBreaker'
doNotTrackEndpoint:
$ref: '#/components/schemas/TrackEndpoint'
enforceTimeout:
$ref: '#/components/schemas/EnforceTimeout'
ignoreAuthentication:
$ref: '#/components/schemas/Allowance'
internal:
$ref: '#/components/schemas/Internal'
mockResponse:
$ref: '#/components/schemas/MockResponse'
postPlugins:
$ref: '#/components/schemas/EndpointPostPlugins'
rateLimit:
$ref: '#/components/schemas/RateLimitEndpoint'
requestSizeLimit:
$ref: '#/components/schemas/RequestSizeLimit'
trackEndpoint:
$ref: '#/components/schemas/TrackEndpoint'
transformRequestBody:
$ref: '#/components/schemas/TransformBody'
transformRequestHeaders:
$ref: '#/components/schemas/TransformHeaders'
transformRequestMethod:
$ref: '#/components/schemas/TransformRequestMethod'
transformResponseBody:
$ref: '#/components/schemas/TransformBody'
transformResponseHeaders:
$ref: '#/components/schemas/TransformHeaders'
urlRewrite:
$ref: '#/components/schemas/URLRewrite'
validateRequest:
$ref: '#/components/schemas/ValidateRequest'
virtualEndpoint:
$ref: '#/components/schemas/VirtualEndpoint'
type: object
Operations:
additionalProperties:
$ref: '#/components/schemas/Operation'
type: object
PaginatedOAuthClientTokens:
properties:
Pagination:
$ref: '#/components/schemas/PaginationStatus'
Tokens:
items:
$ref: '#/components/schemas/OAuthClientToken'
nullable: true
type: array
type: object
PaginationStatus:
properties:
page_num:
type: integer
page_size:
type: integer
page_total:
type: integer
type: object
PersistGraphQLMeta:
properties:
method:
type: string
operation:
type: string
path:
type: string
variables:
additionalProperties: {}
nullable: true
type: object
type: object
PinnedPublicKey:
properties:
domain:
type: string
publicKeys:
items:
type: string
nullable: true
type: array
type: object
PinnedPublicKeys:
items:
$ref: '#/components/schemas/PinnedPublicKey'
nullable: true
type: array
PkixName:
type: object
PluginBundle:
properties:
enabled:
type: boolean
path:
type: string
type: object
PluginConfig:
properties:
bundle:
$ref: '#/components/schemas/PluginBundle'
data:
$ref: '#/components/schemas/PluginConfigData'
driver:
type: string
type: object
PluginConfigData:
properties:
enabled:
type: boolean
value:
additionalProperties: {}
nullable: true
type: object
type: object
Policy:
properties:
_id:
example: 5ead7120575961000181867e
type: string
access_rights:
additionalProperties:
$ref: '#/components/schemas/AccessDefinition'
nullable: true
type: object
active:
example: true
type: boolean
enable_http_signature_validation:
example: false
type: boolean
graphql_access_rights:
additionalProperties:
$ref: '#/components/schemas/GraphAccessDefinition'
nullable: true
type: object
hmac_enabled:
example: false
type: boolean
id:
example: 5ead7120575961000181867e
type: string
is_inactive:
example: false
type: boolean
key_expires_in:
example: 0
format: int64
type: integer
last_updated:
example: "1655965189"
type: string
max_query_depth:
example: -1
type: integer
meta_data:
additionalProperties: {}
nullable: true
type: object
name:
example: Swagger Petstore Policy
type: string
org_id:
example: 5e9d9544a1dcd60001d0ed20
type: string
partitions:
$ref: '#/components/schemas/PolicyPartitions'
per:
example: 60
format: double
type: number
quota_max:
example: -1
format: int64
type: integer
quota_renewal_rate:
example: 3600
format: int64
type: integer
rate:
example: 1000
format: double
type: number
smoothing:
$ref: '#/components/schemas/RateLimitSmoothing'
tags:
items:
type: string
nullable: true
type: array
throttle_interval:
example: -1
format: double
type: number
throttle_retry_limit:
example: -1
type: integer
type: object
PolicyPartitions:
properties:
acl:
example: true
type: boolean
complexity:
example: false
type: boolean
per_api:
example: false
type: boolean
quota:
example: true
type: boolean
rate_limit:
example: true
type: boolean
type: object
PolicyUpdateObj:
properties:
apply_policies:
items:
type: string
nullable: true
type: array
policy:
type: string
type: object
PostAuthenticationPlugin:
properties:
plugins:
$ref: '#/components/schemas/CustomPlugins'
type: object
PostPlugin:
properties:
plugins:
$ref: '#/components/schemas/CustomPlugins'
type: object
PrePlugin:
properties:
plugins:
$ref: '#/components/schemas/CustomPlugins'
type: object
Provider:
properties:
introspection:
$ref: '#/components/schemas/Introspection'
jwt:
$ref: '#/components/schemas/JWTValidation'
type: object
ProviderType2:
properties:
clientToPolicyMapping:
items:
$ref: '#/components/schemas/ClientToPolicy'
type: array
issuer:
type: string
type: object
ProxyConfig:
properties:
check_host_against_uptime_tests:
type: boolean
disable_strip_slash:
type: boolean
enable_load_balancing:
type: boolean
listen_path:
example: /relative-path-examples/
type: string
preserve_host_header:
type: boolean
service_discovery:
$ref: '#/components/schemas/ServiceDiscoveryConfiguration'
strip_listen_path:
example: true
type: boolean
target_list:
items:
type: string
nullable: true
type: array
target_url:
example: https://httpbin.org/
type: string
transport:
properties:
proxy_url:
type: string
ssl_ciphers:
items:
type: string
nullable: true
type: array
ssl_force_common_name_check:
type: boolean
ssl_insecure_skip_verify:
type: boolean
ssl_max_version:
minimum: 0
type: integer
ssl_min_version:
minimum: 0
type: integer
type: object
type: object
RateLimit:
properties:
enabled:
type: boolean
per:
type: integer
rate:
type: integer
type: object
RateLimitEndpoint:
properties:
enabled:
type: boolean
per:
type: integer
rate:
type: integer
type: object
RateLimitMeta:
properties:
disabled:
type: boolean
method:
type: string
path:
type: string
per:
type: number
rate:
type: number
type: object
RateLimitSmoothing:
properties:
delay:
type: integer
enabled:
type: boolean
step:
type: integer
threshold:
type: integer
trigger:
type: number
type: object
nullable: true
RateLimitType2:
properties:
per:
type: number
rate:
type: number
smoothing:
$ref: '#/components/schemas/RateLimitSmoothing'
type: object
RequestHeadersRewriteConfig:
properties:
remove:
type: boolean
value:
type: string
type: object
RequestSigningMeta:
properties:
algorithm:
type: string
certificate_id:
type: string
header_list:
items:
type: string
nullable: true
type: array
is_enabled:
type: boolean
key_id:
type: string
secret:
type: string
signature_header:
type: string
type: object
RequestSizeLimit:
properties:
enabled:
type: boolean
value:
type: integer
type: object
RequestSizeMeta:
properties:
disabled:
type: boolean
method:
type: string
path:
type: string
size_limit:
format: int64
type: integer
type: object
ResponsePlugin:
properties:
plugins:
$ref: '#/components/schemas/CustomPlugins'
type: object
ResponseProcessor:
properties:
name:
type: string
options: {}
type: object
RoutingTrigger:
properties:
"on":
enum:
- all
- any
type: string
options:
$ref: '#/components/schemas/RoutingTriggerOptions'
rewrite_to:
type: string
type: object
RoutingTriggerOptions:
properties:
header_matches:
additionalProperties:
$ref: '#/components/schemas/StringRegexMap'
nullable: true
type: object
path_part_matches:
additionalProperties:
$ref: '#/components/schemas/StringRegexMap'
nullable: true
type: object
payload_matches:
$ref: '#/components/schemas/StringRegexMap'
query_val_matches:
additionalProperties:
$ref: '#/components/schemas/StringRegexMap'
nullable: true
type: object
request_context_matches:
additionalProperties:
$ref: '#/components/schemas/StringRegexMap'
nullable: true
type: object
session_meta_matches:
additionalProperties:
$ref: '#/components/schemas/StringRegexMap'
nullable: true
type: object
type: object
ScopeClaim:
properties:
scope_claim_name:
type: string
scope_to_policy:
additionalProperties:
type: string
type: object
type: object
ScopeToPolicy:
properties:
policyId:
type: string
scope:
type: string
type: object
Scopes:
properties:
jwt:
$ref: '#/components/schemas/ScopeClaim'
oidc:
$ref: '#/components/schemas/ScopeClaim'
type: object
ScopesType2:
properties:
claimName:
type: string
scopeToPolicyMapping:
items:
$ref: '#/components/schemas/ScopeToPolicy'
type: array
type: object
SecuritySchemes:
additionalProperties: {}
type: object
Server:
properties:
authentication:
$ref: '#/components/schemas/Authentication'
clientCertificates:
$ref: '#/components/schemas/ClientCertificates'
customDomain:
$ref: '#/components/schemas/Domain'
detailedActivityLogs:
$ref: '#/components/schemas/DetailedActivityLogs'
detailedTracing:
$ref: '#/components/schemas/DetailedTracing'
eventHandlers:
$ref: '#/components/schemas/EventHandlers'
gatewayTags:
$ref: '#/components/schemas/GatewayTags'
listenPath:
$ref: '#/components/schemas/ListenPath'
type: object
ServiceDiscovery:
properties:
cache:
$ref: '#/components/schemas/ServiceDiscoveryCache'
cacheTimeout:
type: integer
dataPath:
type: string
enabled:
type: boolean
endpointReturnsList:
type: boolean
parentDataPath:
type: string
portDataPath:
type: string
queryEndpoint:
type: string
targetPath:
type: string
useNestedQuery:
type: boolean
useTargetList:
type: boolean
type: object
ServiceDiscoveryCache:
properties:
enabled:
type: boolean
timeout:
type: integer
type: object
ServiceDiscoveryConfiguration:
properties:
cache_disabled:
type: boolean
cache_timeout:
type: integer
data_path:
type: string
endpoint_returns_list:
type: boolean
parent_data_path:
type: string
port_data_path:
type: string
query_endpoint:
type: string
target_path:
type: string
use_discovery_service:
type: boolean
use_nested_query:
type: boolean
use_target_list:
type: boolean
type: object
SessionProviderMeta:
properties:
meta:
additionalProperties: {}
nullable: true
type: object
name:
type: string
storage_engine:
type: string
type: object
SessionState:
properties:
access_rights:
additionalProperties:
$ref: '#/components/schemas/AccessDefinition'
nullable: true
type: object
alias:
example: portal-developer@example.org
type: string
allowance:
example: 1000
format: double
type: number
apply_policies:
example:
- 641c15dd0fffb800010197bf
items:
type: string
nullable: true
type: array
apply_policy_id:
deprecated: true
description: deprecated use apply_policies going forward instead to send
a list of policies ids
example: 641c15dd0fffb800010197bf
type: string
basic_auth_data:
$ref: '#/components/schemas/BasicAuthData'
certificate:
type: string
data_expires:
example: 0
format: int64
type: integer
date_created:
example: "2024-03-13T03:56:46.568042549Z"
format: date-time
type: string
enable_detail_recording:
deprecated: true
description: deprecated use enable_detailed_recording going forward instead
example: false
type: boolean
enable_detailed_recording:
example: true
type: boolean
enable_http_signature_validation:
example: false
type: boolean
expires:
example: 1.712895619e+09
format: int64
type: integer
hmac_enabled:
example: false
type: boolean
hmac_string:
type: string
id_extractor_deadline:
format: int64
type: integer
is_inactive:
example: false
type: boolean
jwt_data:
$ref: '#/components/schemas/JWTData'
last_check:
example: 0
format: int64
type: integer
last_updated:
example: "1710302206"
type: string
max_query_depth:
example: -1
type: integer
meta_data:
additionalProperties: {}
example:
tyk_developer_id: 62b3fb9a1d5e4f00017226f5
nullable: true
type: object
monitor:
$ref: '#/components/schemas/Monitor'
oauth_client_id:
type: string
oauth_keys:
additionalProperties:
type: string
nullable: true
type: object
org_id:
example: 5e9d9544a1dcd60001d0ed20
type: string
per:
example: 5
format: double
type: number
quota_max:
example: 20000
format: int64
type: integer
quota_remaining:
example: 20000
format: int64
type: integer
quota_renewal_rate:
example: 3.1556952e+07
format: int64
type: integer
quota_renews:
example: 1.710302205e+09
format: int64
type: integer
rate:
example: 1
format: double
type: number
rsa_certificate_id:
type: string
session_lifetime:
example: 0
format: int64
type: integer
smoothing:
$ref: '#/components/schemas/RateLimitSmoothing'
tags:
example:
- edge
- edge-eu
items:
type: string
nullable: true
type: array
throttle_interval:
example: 10
format: double
type: number
throttle_retry_limit:
example: 1000
type: integer
type: object
SignatureConfig:
properties:
algorithm:
type: string
allowed_clock_skew:
type: integer
error_code:
type: integer
error_message:
type: string
header:
type: string
param_name:
type: string
secret:
type: string
use_param:
type: boolean
type: object
State:
properties:
active:
type: boolean
internal:
type: boolean
type: object
StringRegexMap:
properties:
match_rx:
type: string
reverse:
type: boolean
type: object
TemplateData:
properties:
enable_session:
type: boolean
input_type:
enum:
- json
- xml
type: string
template_mode:
enum:
- blob
- file
type: string
template_source:
type: string
type: object
TemplateMeta:
properties:
disabled:
type: boolean
method:
type: string
path:
type: string
template_data:
$ref: '#/components/schemas/TemplateData'
type: object
Test:
properties:
serviceDiscovery:
$ref: '#/components/schemas/ServiceDiscovery'
type: object
TraceHttpRequest:
properties:
body:
type: string
headers:
$ref: '#/components/schemas/HttpHeader'
method:
example: GET
type: string
path:
example: /keyless-test/
type: string
type: object
TraceRequest:
type: object
properties:
request:
$ref: '#/components/schemas/TraceHttpRequest'
spec:
$ref: '#/components/schemas/APIDefinition'
oas:
oneOf:
- $ref: '#/components/schemas/OpenAPI3Schema'
- $ref: '#/components/schemas/TykVendorExtension'
oneOf:
- required: [oas]
- required: [spec]
TraceResponse:
properties:
logs:
example: '{"level":"warning","msg":"Legacy path detected! Upgrade to extended....'
type: string
message:
example: ok
type: string
response:
example: "====== Request ======\nGET / HTTP/1.1\r\nHost: httpbin.org\r\n\r\n\n======
Response..."
type: string
type: object
TrackEndpoint:
properties:
enabled:
type: boolean
type: object
TrackEndpointMeta:
properties:
disabled:
type: boolean
method:
type: string
path:
type: string
type: object
TrafficLogs:
properties:
enabled:
type: boolean
type: object
TransformBody:
properties:
body:
type: string
enabled:
type: boolean
format:
type: string
path:
type: string
type: object
TransformHeaders:
properties:
add:
$ref: '#/components/schemas/Headers'
enabled:
type: boolean
remove:
items:
type: string
type: array
type: object
TransformJQMeta:
properties:
filter:
type: string
method:
type: string
path:
type: string
type: object
TransformRequestMethod:
properties:
enabled:
type: boolean
toMethod:
type: string
type: object
UDGGlobalHeader:
properties:
key:
type: string
value:
type: string
type: object
URLRewrite:
properties:
enabled:
type: boolean
pattern:
type: string
rewriteTo:
type: string
triggers:
items:
$ref: '#/components/schemas/URLRewriteTrigger'
type: array
type: object
URLRewriteMeta:
properties:
disabled:
type: boolean
match_pattern:
type: string
method:
type: string
path:
type: string
rewrite_to:
type: string
triggers:
items:
$ref: '#/components/schemas/RoutingTrigger'
nullable: true
type: array
type: object
URLRewriteRule:
properties:
in:
type: string
name:
type: string
negate:
type: boolean
pattern:
type: string
type: object
URLRewriteTrigger:
properties:
condition:
type: string
rewriteTo:
type: string
rules:
items:
$ref: '#/components/schemas/URLRewriteRule'
type: array
type: object
Upstream:
properties:
certificatePinning:
$ref: '#/components/schemas/CertificatePinning'
mutualTLS:
$ref: '#/components/schemas/MutualTLS'
rateLimit:
$ref: '#/components/schemas/RateLimit'
serviceDiscovery:
$ref: '#/components/schemas/ServiceDiscovery'
test:
$ref: '#/components/schemas/Test'
url:
type: string
type: object
UptimeTests:
properties:
check_list:
items:
$ref: '#/components/schemas/HostCheckObject'
nullable: true
type: array
config:
$ref: '#/components/schemas/UptimeTestsConfig'
type: object
UptimeTestsConfig:
properties:
expire_utime_after:
type: integer
recheck_wait:
type: integer
service_discovery:
$ref: '#/components/schemas/ServiceDiscoveryConfiguration'
type: object
ValidatePathMeta:
properties:
disabled:
type: boolean
error_response_code:
type: integer
method:
type: string
path:
type: string
schema:
additionalProperties: {}
nullable: true
type: object
schema_b64:
type: string
type: object
ValidateRequest:
properties:
enabled:
type: boolean
errorResponseCode:
type: integer
type: object
ValidateRequestMeta:
properties:
enabled:
type: boolean
error_response_code:
type: integer
method:
type: string
path:
type: string
type: object
VersionData:
properties:
default_version:
type: string
not_versioned:
type: boolean
versions:
additionalProperties:
$ref: '#/components/schemas/VersionInfo'
nullable: true
type: object
type: object
VersionDefinition:
properties:
default:
type: string
enabled:
type: boolean
fallback_to_default:
type: boolean
key:
example: x-api-version
type: string
location:
example: header
type: string
name:
type: string
strip_path:
type: boolean
strip_versioning_data:
type: boolean
url_versioning_pattern:
type: string
versions:
additionalProperties:
type: string
nullable: true
type: object
type: object
VersionInfo:
properties:
expires:
type: string
extended_paths:
$ref: '#/components/schemas/ExtendedPathsSet'
global_headers:
additionalProperties:
type: string
nullable: true
type: object
global_headers_disabled:
type: boolean
global_headers_remove:
items:
type: string
nullable: true
type: array
global_response_headers:
additionalProperties:
type: string
nullable: true
type: object
global_response_headers_disabled:
type: boolean
global_response_headers_remove:
items:
type: string
nullable: true
type: array
global_size_limit:
format: int64
type: integer
ignore_endpoint_case:
type: boolean
name:
type: string
override_target:
type: string
paths:
properties:
black_list:
items:
type: string
nullable: true
type: array
ignored:
items:
type: string
nullable: true
type: array
white_list:
items:
type: string
nullable: true
type: array
type: object
use_extended_paths:
example: true
type: boolean
type: object
VersionMeta:
properties:
expirationDate:
example: 2026-03-26 09:00
type: string
id:
example: keyless
type: string
internal:
example: false
type: boolean
isDefaultVersion:
example: true
type: boolean
name:
example: Tyk Test Keyless API
type: string
versionName:
example: v2
type: string
type: object
VersionMetas:
properties:
apis:
items:
$ref: '#/components/schemas/VersionMeta'
nullable: true
type: array
status:
example: success
type: string
type: object
VersionToID:
properties:
id:
type: string
name:
type: string
type: object
Versioning:
properties:
default:
type: string
enabled:
type: boolean
fallbackToDefault:
type: boolean
key:
type: string
location:
type: string
name:
type: string
stripVersioningData:
type: boolean
urlVersioningPattern:
type: string
versions:
items:
$ref: '#/components/schemas/VersionToID'
nullable: true
type: array
type: object
VirtualEndpoint:
properties:
body:
type: string
enabled:
type: boolean
functionName:
type: string
name:
type: string
path:
type: string
proxyOnError:
type: boolean
requireSession:
type: boolean
type: object
VirtualMeta:
properties:
disabled:
type: boolean
function_source_type:
enum:
- blob
- file
type: string
function_source_uri:
type: string
method:
type: string
path:
type: string
proxy_on_error:
type: boolean
response_function_name:
type: string
use_session:
type: boolean
type: object
XTykAPIGateway:
properties:
info:
$ref: '#/components/schemas/Info'
middleware:
$ref: '#/components/schemas/Middleware'
server:
$ref: '#/components/schemas/Server'
upstream:
$ref: '#/components/schemas/Upstream'
type: object
TykVendorExtension:
properties:
x-tyk-api-gateway:
$ref: '#/components/schemas/XTykAPIGateway'
type: object
securitySchemes:
api_key:
description: Api key
in: header
name: X-Tyk-Authorization
type: apiKey