Articles Getting Started How-tos Guides Code Examples Documentation Videos Webinars Courses Training Documents

Integrating with Tyk Developer Portal

tutorials

2 min

On this page

The Tyk API Gateway and specifically the Tyk Developer Portal at version 3.2 added support for Dynamic Client Registration (DCR). This is a very powerful functionality to enable integration with the Curity Identity Server.

Detailed step-by-step documentation

This article provides a high-level overview of the integration. A detailed step-by-step guide can be found in the Tyk documentation.

Prerequisites

An installation of the Curity Identity Server. The Getting Started Guide is a great place to start.
An installation of the Tyk API Gateway. The detailed documentation assumes this is an on-premise installation of Tyk.

Enable DCR

Dynamic Client Registration is not enabled by default in the Curity Identity Server. Follow the Non-Templatized Dynamic Client Registration article to learn how to enable and configure DCR.

Configure Tyk

Tyk is configured with an API that is to be exposed on the Developer Portal. What the upstream API is doesn’t really matter, although the detailed documentation uses httpbin.org as the upstream API for testing purposes. This improves visibility to see what access token gets passed upstream in the Authorization header.

There are two different ways to protect the API that is to be published to the Developer Portal: JWT access tokens and split tokens. Choose the one appropriate to your use case.

JWT Protected APIs

The configuration in Tyk is very straightforward. Tyk uses the JWKS endpoint of the Curity Identity Server to validate the JWT. Note that the Curity Identity Server does not issue JWTs as access tokens by default, but this can easily be configured. Do so by enabling Use Access Token As JWT in Profiles -> Token Service -> Token Issuers. Or, configure individual token issuers per client as outlined in the Custom Token Issuer article.

Split Token Protected APIs

The Split Token Approach is a bit more involved and requires a middleware to be deployed to the Tyk Gateway. However, it is more in line with a best practices approach of not using JWTs with external clients.

Conclusion

When fully configured, it will be possible to dynamically register an OAuth client in the Tyk Developer Portal. The portal will handle the client's registration in the Curity Identity Server. It will display the generated client_id and secret that can then be used to obtain a token (JWT or split token) that can be used to access the API in question.

Join our Newsletter

Get the latest on identity management, API Security and authentication straight to your inbox.

Start Free Trial

Try the Curity Identity Server for Free. Get up and running in 10 minutes.

Start Free Trial

Was this helpful?

Next steps

Ready to modernize IAM?

Start Today - Build security and improve ease of use to stay ahead of the competition.

Start a Free Trial

Schedule a demo

Speak to an Identity Specialist

Explore learning resources

Products

Features and Capabilities

Deployment and Management

SECURITY SOLUTIONS

INDUSTRY

Resource Library

Tutorials & Guides

Learn More

Selective Disclosure for JWTs: How to Keep Your Data Close and Your Privacy Closer

Fortify Security with Digital Identity, API Management, and Secure Access at the Breakfast Seminar in Brussels

Integrating with Tyk Developer Portal

Prerequisites

Enable DCR

Configure Tyk

JWT Protected APIs

Split Token Protected APIs

Conclusion

Join our Newsletter

Start Free Trial

Ready to modernize IAM?