Integrating with Tyk Developer Portal

tutorials

2 min

On this page

The Tyk API Gateway with its Tyk Enterprise Developer Portal supports Dynamic Client Registration (DCR). This is a very powerful functionality to enable integration with the Curity Identity Server.

Detailed step-by-step documentation

This article provides a high-level overview of the integration. A detailed step-by-step guide can be found in the Tyk documentation.

Prerequisites

An installation of the Curity Identity Server. The Getting Started Guide is a great place to start.
An installation of the Tyk API Gateway with the Tyk Enterprise Developer Portal.

Enable DCR

Dynamic Client Registration is not enabled by default in the Curity Identity Server. Follow the Non-Templatized Dynamic Client Registration article to learn how to enable and configure DCR.

Configure Tyk

Tyk is configured with an API that is to be exposed on the Developer Portal. What the upstream API is doesn’t really matter, although the detailed documentation uses httpbin.org as the upstream API for testing purposes. This improves visibility to see what access token gets passed upstream in the Authorization header.

The configuration in Tyk is very straightforward. Tyk uses the OIDC well-known configuration URL of the Curity Identity Server to resolve the needed token and authorize endpoints. Both the Client Credentials and Code flows are supported.

When configured, an app is registered in the Tyk Enterprise Developer Portal. When the app is created, a callout is made to the Curity Identity Server to register a dynamic client that is tied to that app. This creates a one-to-one mapping between the Tyk app and the OAuth client in the Curity Identity Server allowing traceability and correlation between the two systems.

JWT Protected APIs

The integration works with the default setting where the Curity Identity Server issues opaque access tokens, but it is also possible to enable JWTs as access tokens. If JWT access tokens are needed, enable Use Access Token As JWT in Profiles -> Token Service -> Token Issuers. Or configure individual token issuers per client as outlined in the Custom Token Issuer article.

Conclusion

When fully configured, it will be possible to dynamically register an OAuth client in the Tyk Enterprise Developer Portal. The portal will handle the client's registration in the Curity Identity Server. It will display the generated client_id and client_secret that can be used to obtain a token (opaque or JWT) that can be used to access the API in question.

Join our Newsletter

Get the latest on identity management, API Security and authentication straight to your inbox.

Start Free Trial

Try the Curity Identity Server for Free. Get up and running in 10 minutes.

Start Free Trial

Was this helpful?

Next steps

Ready to modernize IAM?

Start Today - Build security and improve ease of use to stay ahead of the competition.

Start a Free Trial

Book a Call

Speak to an Identity Specialist

Explore learning resources

Products

Use Case

Features and Capabilities

Security Solutions

Industry

Resources Overview

Learn More

Developers

Company

Explore more

Support

Integrating with Tyk Developer Portal

Prerequisites

Enable DCR

Configure Tyk

JWT Protected APIs

Conclusion

Join our Newsletter

Start Free Trial

Ready to modernize IAM?