I'm working on a python script (2.7.x) that tries to connect to a third party api via tyk gateway. The end api expects an auth token in the request header and tyk also requires its own auth token to be present in the request header.
Now the problem that I'm facing is:
When I try to make a request to the third party app via tyk, app is not recognising the auth token passed in the header. From debugging I was able to figure out that tyk is not passing the authentication header to the app.
I'm using following piece of code to make the request
request.post("https://myurl.com",
data={"data": data_a},
headers={"Authorization": "Basic <TYK_TOKEN>, Bearer <APP_TOKEN> })
Things I have tried:
- Tried passing the app token first and tyk token second, then the request won't pass tyk authorization.
- Tried passing app token alone in the request, then the request won't pass tyk authorization.
- Tried passing app token under 'Application-Authorization' header and tyk token under 'Authorization' header, then the request won't pass app authorization.
Please advise a solution.
Thanks
in advance
Leonid from Tyk here.
So basically your upstream is protected by auth token, and your own API protected by token as well.
If your 3-rd party API have a static api key, you can just embed it to all requests as a global header:
If you have a dynamic 3-rd party key, which varies for different users, you can embed it to Key metadata, for example, "upstream_api_key" field, and add global header with dynamic value: "$tyk_meta.upstream_api_key".
If your user needs to pass this token, and you need forward it to upstream, Tyk and Upstream authentification should happen in different HTTP headers.
Hope it helps!