April 2016 Summaries
4 posts from Tyk
Filter
Month:
Year:
Post Summaries
Back to Blog
Tyk is dedicated to enhancing system connectivity and actively seeks user input to shape its development roadmap, which is touted as one of the most transparent in the industry, available on Trello. The company emphasizes its commitment to listening to feedback from open-source users, Pro license holders, and cloud subscribers to continually improve its offerings. Tyk encourages its diverse user base, whether they are using the Community, Pro, Enterprise, or Cloud editions, to voice their opinions and share their priorities through forums, GitHub, or email. By fostering this open dialogue, Tyk aims to refine its products rapidly and effectively, contrasting its dynamic approach with traditional, monolithic API stacks. Users are invited to experience the ease of setting up their first API with Tyk Cloud, which promises a quick and straightforward process.
Apr 28, 2016
298 words in the original blog post.
Tyk Cloud has introduced OpenID Connect support, allowing users to utilize JSON Web Tokens from OpenID Connect-compatible Identity Providers to access Tyk-managed APIs. This integration simplifies the process by validating tokens, applying client-specific policies, and generating metadata for analytics, all without requiring direct integration with Tyk for token generation. Users can set policies based on the source of the token, offering differential access levels, such as limited access for free clients and enhanced access for enterprise users. This update makes Tyk Cloud compatible with various Single-Sign-On providers like Google+ and Auth0, and an on-premises release is forthcoming, with nightly versions available for those eager to implement the feature.
Apr 28, 2016
511 words in the original blog post.
Integrating the Tyk Open Source API Gateway with a custom identity provider using JSON Web Tokens (JWT) allows for efficient and secure API management by enabling users to authenticate using their own identity provider and leverage JWTs for seamless access control. This process involves storing a shared secret at the API Definition level to validate inbound requests and applying access rules based on specific JWT claims. By selecting "JSON web Token" as the authentication mode and configuring settings such as the signing method, identity source, and policy field name, users can create a policy in Tyk that grants access to APIs with defined quota and rate limits. The integration process ensures that access control is managed by the identity provider, and Tyk uses this information to generate internal tokens for access control, which can be referenced throughout the Tyk request chain. This setup allows for flexible access management, enabling users to authenticate through various portals while maintaining consistent access policies, thus providing a streamlined and secure method for API access without altering the original JWT.
Apr 27, 2016
1,120 words in the original blog post.
Tyk Cloud has introduced a new feature called Token Aliases, designed to simplify the identification and tracking of API tokens. Traditionally, Tyk hashes all keys upon creation to prevent unauthorized access in case of a database breach, but this obfuscation makes log identification challenging. Token Aliases address this by allowing users to assign an alias to any token, which is then recorded alongside the token ID in the analytics dashboard, enhancing the ease of tracking API access. Additionally, when a developer generates a token via the API Developer portal, Tyk automatically assigns their email address as the token's alias, streamlining activity monitoring. This feature is not only available for Tyk Cloud users but will also be accessible to on-prem users soon.
Apr 26, 2016
325 words in the original blog post.