Modern API management demands three foundational components: enterprise-grade security, open-standards-driven flexibility, and a platform experience that just works. Tyk 5.10 delivers all three!
From multi-auth patterns that adapt to any client’s need, to JWT validation that scales with your architecture, to proactive certificate monitoring that prevents outages before they happen—this release transforms how you secure and manage APIs. Add streamlined versioning workflows and intelligent caching, and you get a platform that’s both powerful and easy to use. Your APIs stay secure. Your teams stay productive. Your users stay happy!
With that in mind, let’s take a closer look at some key capabilities launched in Tyk 5.10—what they are, why they matter, and how they will help your organization take the next step in its API security journey.
OpenAPI-compliant multi-authentication
Real-world APIs rarely fit into a single security model. Some use OAuth, others rely on API keys, and a few need custom headers. This new capability supports multiple authentication paths, processing all entries in the OpenAPI ‘security’ section, and lets you combine OpenAPI’s standard security methods with Tyk’s advanced security capabilities, such as HMAC or Custom Auth, all while staying true to OpenAPI standards.
This means organizations can now support diverse client authentication needs, roll out progressive security strategies, and maintain backward compatibility with existing systems. It’s the perfect balance between industry standards and Tyk’s advanced security, so your platform can evolve securely, without friction.
Comprehensive JWT claim validation
As enterprises scale, basic JWT checks aren’t enough. You need fine-grained control over token validation to secure complex, multi-tenant environments.
Tyk now delivers comprehensive JWT claim validation for OAS APIs—letting you validate every registered claim (issuer, audience, subject) across multiple Identity Providers like Keycloak, Okta, or Auth0. Define custom validation rules for any claim, enforce unique JWT IDs, and even monitor compliance without blocking requests.
Use it to power role-based access, enforce org-level restrictions, or gradually migrate from legacy auth systems—all with the flexibility and precision modern identity architectures demand.
Advanced JWKS cache management
High-performance JWT validation depends on fast, reliable key lookups—especially when multiple Identity Providers and frequent key rotations are involved.
Tyk’s new JWKS cache management brings full control and speed to JWT workflows. Configure custom cache timeouts per provider, trigger instant cache refreshes when keys rotate, and leverage intelligent pre-fetching to eliminate cold-start latency.
The result: faster validation, zero startup delays, and real-time key updates across APIs. Perfect for organizations running high-traffic or multi-IdP environments that need consistent, low-latency authentication without compromising on security or uptime.
Proactive certificate expiry monitoring
Expired certificates can take APIs down without warning—hurting uptime, trust, and customer experience. Tyk now prevents this with automatic certificate health monitoring and early-expiry alerts built into the gateway.
You’ll get configurable notifications before certificates expire, real-time alerts for any that do, and smart throttling to avoid alert overload. It covers both client-to-Gateway and Gateway-to-upstream connections and integrates seamlessly with your existing monitoring stack via Tyk’s event framework.
The result: zero surprise outages, simpler certificate management, and stronger API reliability across even the most complex, multi-certificate infrastructures.
Streamlined API versioning experience
Managing multiple API versions can be confusing and time-consuming. Tyk’s redesigned versioning experience makes it intuitive, efficient, and centralized.
Create new versions through a step-by-step wizard, clone configurations from existing versions, and control activation and Gateway deployment with ease. Pre-configure versioning parameters and manage all versions from a single “Versions” tab with clear visibility, inline editing, and unified controls.
The result: faster version setup, simpler management, and proactive preparation for future API evolution. Ideal for teams juggling multiple versions or planning rollouts, this update provides clarity and efficiency while maintaining the advanced flexibility power users need.
Ready to strengthen your API security and streamline operations? Then dive into the documentation and discover all that this new release delivers before you upgrade to Tyk 5.10.
