Go C Shell Python JavaScript Java Other
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.github Add templates for issues and PR's Jan 17, 2017
apidef tls: proxy insecure skip verify per api Aug 10, 2018
apps Jq transformations (#1570) Mar 28, 2018
certs Handle public key errors Jun 26, 2018
checkup security: issue a warning on boot when secrets are default Aug 9, 2018
cli Improve async session updates (#1757) Aug 10, 2018
config Improve async session updates (#1757) Aug 10, 2018
coprocess Modify request body field (#1735) Jun 15, 2018
event_handlers Shorten EventMessage fields Mar 7, 2017
install optimise configurations Jul 3, 2018
log Fix JSVM `rawlog` to support hooks Aug 8, 2017
middleware Rename ottoAuthExample to match camelCase Feb 28, 2018
policies Sampe policy file Feb 25, 2015
regexp NormalisePath and RegExp optimizations (#1689) Jun 6, 2018
request requestIP to package, tests, benchmarks & context Mar 19, 2018
storage New token generation, support for custom hashing algorithms (#1753) Jun 13, 2018
templates removed commas making josn invalid Aug 6, 2018
test Tyk cache should respect etags Feb 20, 2018
testdata Add MaxMind GeoIP test DB to use in the tests Feb 3, 2017
user Do less session updates, remove hash check (#1770) Jun 13, 2018
utils Minor change to the rate limit test fix (#1866) Aug 16, 2018
vendor Vendor `jsonparser` Jun 26, 2018
.gitignore Benchmark default version profiling (#1750) Jun 7, 2018
.travis.yml Minor change to the rate limit test fix (#1866) Aug 16, 2018
CLA.md Create separate contributing guidelines Jan 20, 2017
CONTRIBUTING.md Fixed 'file an issue' link Jul 21, 2017
LICENSE.md Added license Aug 13, 2014
README.md bump go 1.8 to 1.9 version support Jun 8, 2018
TESTING.md handling websocket connection upgrade fixed Jan 6, 2018
analytics.go add leading backslash to path if needed (#1857) Aug 9, 2018
analytics_test.go NormalisePath and RegExp optimizations (#1689) Jun 6, 2018
api.go Fix quota calculation for Key API (#1874) Aug 21, 2018
api_definition.go prevent read to Redis from OrganizationMonitor MW (#1787) Aug 19, 2018
api_definition_test.go test added Jun 20, 2018
api_healthcheck.go acces to config.Global is protected with atomic.Value May 4, 2018
api_loader.go add blacklist mw to simpleArray not chainArray (#1871) Aug 19, 2018
api_test.go Fix quota calculation for Key API (#1874) Aug 21, 2018
auth_manager.go Improve async session updates (#1757) Aug 10, 2018
batch_requests.go change status code ints to use pointers to the constants in http package May 16, 2018
batch_requests_test.go acces to config.Global is protected with atomic.Value May 4, 2018
cert.go Limit RPC ReLogin to run only copy at a time Jun 27, 2018
cert_go1.10_test.go Fix whitelists failing when modify headers on same path V2 (#1749) Jun 1, 2018
cert_test.go Fix certificate pinning though proxy (#1723) May 22, 2018
coprocess.go Modify request body field (#1735) Jun 15, 2018
coprocess_api.go storage: a couple of redis cleanups Oct 10, 2017
coprocess_bundle.go Bundle loader enhancements (WIP) (#1260) May 5, 2018
coprocess_bundle_test.go Fix python tests in master (#1676) May 11, 2018
coprocess_dummy.go ID extractor enhancements: extended tests, benchmarks and BodyExtract… May 17, 2018
coprocess_events.go events: move some type assertions into Init funcs Oct 6, 2017
coprocess_grpc.go Enhance gRPC errors (#1608) May 16, 2018
coprocess_grpc_test.go Modify request body field (#1735) Jun 15, 2018
coprocess_helpers.go coprocess: use metadata as map[string]string, enhance conversion Jun 13, 2018
coprocess_id_extractor.go Profile benchmark copy request response (#1778) Aug 9, 2018
coprocess_id_extractor_python_test.go [WIP] gRPC tests and benchmarks (#1728) May 30, 2018
coprocess_id_extractor_test.go New token generation, support for custom hashing algorithms (#1753) Jun 13, 2018
coprocess_lua.go Make C files in the root package symlinks again May 2, 2017
coprocess_native.go Fix formatting May 30, 2018
coprocess_python.go Enhance Python errors (#1736) May 30, 2018
coprocess_python_api.c [WIP] Converts Python coprocess glue module to handcrafted C (#1338) Feb 14, 2018
coprocess_python_test.go Modify request body field (#1735) Jun 15, 2018
coprocess_test.go Bundle loader enhancements (WIP) (#1260) May 5, 2018
coprocess_test_helpers.go Test refactoring Jan 4, 2018
dashboard_register.go Enable inialisation of tls client for dash comms (#1850) Aug 9, 2018
distributed_rate_limiter.go Lower logs verbosity May 19, 2018
event_handler_webhooks.go typos and small log improvement (#1845) Aug 9, 2018
event_handler_webhooks_test.go acces to config.Global is protected with atomic.Value May 4, 2018
event_system.go Update global event handlers code (#1679) May 19, 2018
event_system_test.go NormalisePath and RegExp optimizations (#1689) Jun 6, 2018
gateway_test.go Minor change to the rate limit test fix (#1866) Aug 16, 2018
handler_error.go Profile benchmark copy request response (#1778) Aug 9, 2018
handler_success.go Add Looping support (#1859) Aug 19, 2018
handler_websocket.go change status code ints to use pointers to the constants in http package May 16, 2018
helpers_test.go Fix quota calculation for Key API (#1874) Aug 21, 2018
host_checker.go jeffail lowercased May 4, 2018
host_checker_manager.go change status code ints to use pointers to the constants in http package May 16, 2018
host_checker_test.go storage: a couple of redis cleanups Oct 10, 2017
instrumentation_handlers.go Add a wrapper for command-line parameters using kingpin.Application Jun 14, 2018
instrumentation_statsd_sink.go instrumentation_statsd_sink: modify ListenPacket call to allow remote… Jan 31, 2018
jq.go Jq transformations (#1570) Mar 28, 2018
jsvm_event_handler.go events: move some type assertions into Init funcs Oct 6, 2017
ldap_auth_handler.go Benchmark default version profiling (#1750) Jun 7, 2018
le_helpers.go acces to config.Global is protected with atomic.Value May 4, 2018
log_helpers.go `obfuscateKey` should respect `EnableKeyLogging` (#1827) Aug 19, 2018
log_helpers_test.go acces to config.Global is protected with atomic.Value May 4, 2018
looping_test.go Add Looping support (#1859) Aug 19, 2018
main.go use custom method not allowed handler Aug 18, 2018
middleware.go Add Looping support (#1859) Aug 19, 2018
monitor.go acces to config.Global is protected with atomic.Value May 4, 2018
multi_target_proxy_handler.go proxy: fix and test multi-target reverse proxy Oct 2, 2017
multiauth_test.go bench/bug: caching bcrypt function for auth (#1696) Jul 20, 2018
mw_access_rights.go change status code ints to use pointers to the constants in http package May 16, 2018
mw_api_rate_limit.go New token generation, support for custom hashing algorithms (#1753) Jun 13, 2018
mw_api_rate_limit_test.go feature: api blacklisting middleware Mar 20, 2018
mw_auth_key.go change error Aug 6, 2018
mw_auth_key_test.go New token generation, support for custom hashing algorithms (#1753) Jun 13, 2018
mw_basic_auth.go Minor change to the rate limit test fix (#1866) Aug 16, 2018
mw_basic_auth_test.go bench/bug: caching bcrypt function for auth (#1696) Jul 20, 2018
mw_certificate_check.go change status code ints to use pointers to the constants in http package May 16, 2018
mw_context_vars.go added optimizations, added mw tests and benchmarks Jun 10, 2018
mw_context_vars_test.go added optimizations, added mw tests and benchmarks Jun 10, 2018
mw_example_test.go mw: don't use BaseMiddleware as a pointer Sep 17, 2017
mw_granular_access.go NormalisePath and RegExp optimizations (#1689) Jun 6, 2018
mw_hmac.go Do less session updates, remove hash check (#1770) Jun 13, 2018
mw_hmac_test.go one more benchmark fix, populate session mem-cache if enabled May 24, 2018
mw_ip_blacklist.go Include cookie values in mw context data Mar 20, 2018
mw_ip_blacklist_test.go adding more benchmarks (#1614) May 7, 2018
mw_ip_whitelist.go lint: constants for http status codes Mar 20, 2018
mw_ip_whitelist_test.go adding more benchmarks (#1614) May 7, 2018
mw_js_plugin.go JSVM bundle fix (#1840) Aug 15, 2018
mw_js_plugin_test.go Minor change to the rate limit test fix (#1866) Aug 16, 2018
mw_jwt.go Check if claims expiry longer than session (#1849) Aug 11, 2018
mw_jwt_test.go Check if claims expiry longer than session (#1849) Aug 11, 2018
mw_key_expired_check.go change status code ints to use pointers to the constants in http package May 16, 2018
mw_method_transform.go change status code ints to use pointers to the constants in http package May 16, 2018
mw_modify_headers.go change status code ints to use pointers to the constants in http package May 16, 2018
mw_oauth2_key_exists.go Do less session updates, remove hash check (#1770) Jun 13, 2018
mw_openid.go New token generation, support for custom hashing algorithms (#1753) Jun 13, 2018
mw_organisation_activity.go prevent read to Redis from OrganizationMonitor MW (#1787) Aug 19, 2018
mw_organization_activity_test.go one more benchmark fix, populate session mem-cache if enabled May 24, 2018
mw_rate_check.go change status code ints to use pointers to the constants in http package May 16, 2018
mw_rate_limiting.go New token generation, support for custom hashing algorithms (#1753) Jun 13, 2018
mw_redis_cache.go Profile benchmark copy request response (#1778) Aug 9, 2018
mw_request_size_limit.go change status code ints to use pointers to the constants in http package May 16, 2018
mw_strip_auth.go change status code ints to use pointers to the constants in http package May 16, 2018
mw_strip_auth_test.go adding more benchmarks (#1614) May 7, 2018
mw_track_endpoints.go acces to config.Global is protected with atomic.Value May 4, 2018
mw_transform.go add tyk_context to response body transform Jun 5, 2018
mw_transform_jq.go change status code ints to use pointers to the constants in http package May 16, 2018
mw_transform_jq_dummy.go Jq transformations (#1570) Mar 28, 2018
mw_transform_jq_test.go adding more benchmarks (#1614) May 7, 2018
mw_transform_test.go if json req/res is array, unmarshal to map[array] Jun 4, 2018
mw_url_rewrite.go Add Looping support (#1859) Aug 19, 2018
mw_url_rewrite_test.go add support for array based claims (#1802) Jul 19, 2018
mw_validate_json.go Profile benchmark copy request response (#1778) Aug 9, 2018
mw_validate_json_test.go adding more benchmarks (#1614) May 7, 2018
mw_version_check.go Benchmark default version profiling (#1750) Jun 7, 2018
mw_version_check_test.go Add tests/benchmarks for versioning middleware (#1677) May 9, 2018
mw_virtual_endpoint.go Add Looping support (#1859) Aug 19, 2018
mw_virtual_endpoint_test.go Add Looping support (#1859) Aug 19, 2018
newrelic.go acces to config.Global is protected with atomic.Value May 4, 2018
oauth_manager.go New token generation, support for custom hashing algorithms (#1753) Jun 13, 2018
oauth_manager_test.go acces to config.Global is protected with atomic.Value May 4, 2018
policy.go Enable inialisation of tls client for dash comms (#1850) Aug 9, 2018
policy_test.go Improve async session updates (#1757) Aug 10, 2018
redis_logrus_hook.go redis: reuse the same code for UI notifications Oct 11, 2017
redis_signal_handle_config.go acces to config.Global is protected with atomic.Value May 4, 2018
redis_signals.go Fix typos May 30, 2018
res_handler_header_injector.go user: new package with SessionState Oct 6, 2017
res_handler_header_injector_test.go adding more benchmarks (#1614) May 7, 2018
res_handler_header_transform.go user: new package with SessionState Oct 6, 2017
res_handler_jq_transform.go Fix cache conflict for public keys Apr 5, 2018
res_handler_jq_transform_dummy.go Jq transformations (#1570) Mar 28, 2018
res_handler_transform.go add tyk_context to response body transform Jun 5, 2018
res_handler_transform_test.go add tyk_context to response body transform Jun 5, 2018
reverse_proxy.go Add Looping support (#1859) Aug 19, 2018
reverse_proxy_test.go Profile benchmark copy request response (#1778) Aug 9, 2018
rpc_analytics_purger.go Lower logs verbosity May 19, 2018
rpc_backup_handlers.go acces to config.Global is protected with atomic.Value May 4, 2018
rpc_storage_handler.go Handle adding to local cache for key events (#1863) Aug 19, 2018
rpc_test.go acces to config.Global is protected with atomic.Value May 4, 2018
sds.c Make C files in the root package symlinks again May 2, 2017
service_discovery.go Fix vendor case issue Jun 26, 2018
service_discovery_test.go all: various cleanups and simplifications Nov 3, 2017
session_manager.go Improve async session updates (#1757) Aug 10, 2018
tyk.conf.example optimise configurations Jul 3, 2018
version.go Bump version in master Jun 18, 2018

README.md

Tyk API Gateway

Build Status Go Report Card

Tyk is a lightweight, open source API Gateway and Management Platform enables you to control who accesses your API, when they access it and how they access it. Tyk will also record detailed analytics on how your users are interacting with your API and when things go wrong.

Go version 1.9 is required to build master, the current development version. Tyk is officially supported on linux/amd64, linux/i386 and linux/arm64.

Tests are run against both Go versions 1.9 & 1.10, however at present, only Go 1.9 is officially supported.

What is an API Gateway?

An API Gateway sits in front of your application(s) and manages the heavy lifting of authorisation, access control and throughput limiting to your services. Ideally, it should mean that you can focus on creating services instead of implementing management infrastructure. For example if you have written a really awesome web service that provides geolocation data for all the cats in NYC, and you want to make it public, integrating an API gateway is a faster, more secure route than writing your own authorisation middleware.

Key Features of Tyk

Tyk offers powerful, yet lightweight features that allow fine grained control over your API ecosystem.

  • RESTFul API - Full programmatic access to the internals makes it easy to manage your API users, keys and Api Configuration from within your systems
  • Multiple access protocols - Out of the box, Tyk supports Token-based, HMAC Signed, Basic Auth and Keyless access methods
  • Rate Limiting - Easily rate limit your API users, rate limiting is granular and can be applied on a per-key basis
  • Quotas - Enforce usage quotas on users to manage capacity or charge for tiered access
  • Granular Access Control - Grant api access on a version by version basis, grant keys access to multiple API's or just a single version
  • Key Expiry - Control how long keys are valid for
  • API Versioning - API Versions can be easily set and deprecated at a specific time and date
  • Blacklist/Whitelist/Ignored endpoint access - Enforce strict security models on a version-by-version basis to your access points
  • Analytics logging - Record detailed usage data on who is using your API's (raw data only)
  • Webhooks - Trigger webhooks against events such as Quota Violations and Authentication failures
  • IP Whitelisting - Block access to non-trusted IP addresses for more secure interactions
  • Zero downtime restarts - Tyk configurations can be altered dynamically and the service restarted without affecting any active request

Tyk is written in Go, which makes it fast and easy to set up. Its only dependencies are a Mongo database (for analytics) and Redis, though it can be deployed without either (not recommended).

Tyk API Management Platform

The Tyk Dashboard and Developer portal can be used with the Tyk API Gateway, to provide a full lifecycle API Management platform. You can find more details at https://tyk.io and for a full featureset, you can visit https://tyk.io/features.

Why?

Tyk was built because other open source API Gateways in the market come with dependencies and bloat, attempting to be too many things to too many people. Tyk is focused, simple and does one thing well - protecting your API from unauthorised access.

Documentation

All the documentation can be found at http://tyk.io/docs/.

License

Tyk is released under the MPL v2.0; please see LICENSE.md for a full version of the license.

Contributing

For more information about contributing PRs and issues, see CONTRIBUTING.md.

Roadmap

To coordinate development and be completely transparent as to where the project is going, the version roadmap for the next version, as well as proposed features and adopted proposals can be viewed on our public Trello board.

Any proposals can be made in the Github issue tracker. Proposals that are adopted will be placed into trello and then moved according to their status.