
Integrating with Tyk Developer Portal
On this page
The Tyk API Gateway with its Tyk Enterprise Developer Portal supports Dynamic Client Registration (DCR). This is a very powerful functionality to enable integration with the Curity Identity Server.
Detailed step-by-step documentation
This article provides a high-level overview of the integration. A detailed step-by-step guide can be found in the Tyk documentation.
Prerequisites
- An installation of the Curity Identity Server. The Getting Started Guide is a great place to start.
- An installation of the Tyk API Gateway with the Tyk Enterprise Developer Portal.
Enable DCR
Dynamic Client Registration is not enabled by default in the Curity Identity Server. Follow the Non-Templatized Dynamic Client Registration article to learn how to enable and configure DCR.
Configure Tyk
Tyk is configured with an API that is to be exposed on the Developer Portal. What the upstream API is doesn’t really matter, although the detailed documentation uses httpbin.org as the upstream API for testing purposes. This improves visibility to see what access token gets passed upstream in the Authorization header.
The configuration in Tyk is very straightforward. Tyk uses the OIDC well-known configuration URL of the Curity Identity Server to resolve the needed token and authorize endpoints. Both the Client Credentials and Code flows are supported.
When configured, an app is registered in the Tyk Enterprise Developer Portal. When the app is created, a callout is made to the Curity Identity Server to register a dynamic client that is tied to that app. This creates a one-to-one mapping between the Tyk app and the OAuth client in the Curity Identity Server allowing traceability and correlation between the two systems.
JWT Protected APIs
The integration works with the default setting where the Curity Identity Server issues opaque access tokens, but it is also possible to enable JWTs as access tokens. If JWT access tokens are needed, enable Use Access Token As JWT in Profiles
-> Token Service
-> Token Issuers
. Or configure individual token issuers per client as outlined in the Custom Token Issuer article.
Conclusion
When fully configured, it will be possible to dynamically register an OAuth client in the Tyk Enterprise Developer Portal. The portal will handle the client's registration in the Curity Identity Server. It will display the generated client_id
and client_secret
that can be used to obtain a token (opaque or JWT) that can be used to access the API in question.
Join our Newsletter
Get the latest on identity management, API Security and authentication straight to your inbox.
Start Free Trial
Try the Curity Identity Server for Free. Get up and running in 10 minutes.
Start Free Trial