Tyk 3.2 – Next level enterprise FLAPIM security now at your fingertips

Security is one of the most important concerns of any API-first product business, if not the most important. This is the primary reason API management platforms like Tyk sit at the heart of the modern API stack, becoming an integral part of it. They deliver powerful security capabilities in a simple and cost-effective manner to both internal creators and external consumers. 

While enterprise-level security capabilities have always been at the core of Tyk, we’re taking this to the next level with our 3.2 release. We can’t wait for you to discover our game-changing new features and how they can benefit your business! 

Tyk 3.2 brings DCR (Dynamic Client Registration) and OPA (Open Policy Agent) capabilities, whereby we’ve made both the Tyk Dashboard and the Developer Portal ultra-compatible with any authorisation stack, team structure or process – and all in a way that’s ridiculously simple to configure and maintain. To go with this, we’re also bringing our next-generation GraphQL engine, to turbo-charge the security and usability of your Universal Data Graph! 

If you want to go full tech, you can dive straight into the release notes, but if you’ve got time for a leisurely meander through all of our exciting new features, then let us take you on a journey of discovery.

Bring your own Identity Provider (IDP) – Dynamic Client Registration now available!

Identity Providers (IDPs) have become an integral part of the modern APIM stack, with more and more enterprises mandating them across their estate. This has not only simplified the onboarding process for third-party developers and partners but has also made it possible to have uniform security across the organisation’s entire application portfolio. 

Whether your organisation is using Keycloak, Gluu or Okta as your external IDP, with Tyk 3.2’s Dynamic Client Registration (DCR) capability, you can integrate them with the Tyk developer portal in just a few steps, without the need to overhaul the underlying authorisation mechanism.

DCR is a protocol of the Internet Engineering Task Force put in place to set standards in the dynamic registration of clients with authorisation servers. When you create an app via the Tyk Developer portal, Tyk 3.2 will dynamically register that client on your authorisation server. Thus it’s the Authorisation Server that issues the Client ID and Client Secret for the app.

Open Policy Agent – customisation in your hands

API governance is an integral part of the modern enterprise FLAPIM (full lifecycle API management) stack. A key aspect of this is access control. This ensures that doing the “right things” within the stack is easier, while doing the “wrong things” is harder. A typical enterprise has multiple teams, from DevOps, API engineers and API managers to system integrators, all of them handling different concerns within the stack. To increase security and limit access to different APIs, based on the user role, we are introducing the ability to shape and configure the Tyk Dashboard with the Open Policy Agent (OPA).

With OPA you can create custom permissions securely and effectively. The OPA policy engine sits in front of the Tyk Dashboard, providing a high-level declarative language (Rego) that lets you specify policy as code and simple APIs, to offload policy decision-making from your software.

GraphQL and UDG improvements

We’ve also been busy updating the GraphQL functionality of our Universal Data Graph (UDG). UDG lets you stitch together any upstream service, whether secured or open, through a simple GUI. This means you can turn all of your REST estate into a single Data graph. It’s a powerful new solution, achieved through a simple GUI.

You can now deeply nest GraphQL and REST APIs and stitch them together in any possible way. Queries are possible via WebSockets and Subscriptions are coming in the next Tyk Release.

You can also configure upstream Headers dynamically, injecting them from the client request into UDG upstream requests. You can use this functionality to access protected upstreams, among other things. 

Finally, we’ve added an easy-to-use URL-Builder, to make it easier for you to inject object fields into REST API URLs when stitching REST APIs within UDG. And you can configure query-depth limits on a per-field level as well.

If you’re using GraphQL upstream services with UDG, you’re now able to forward upstream error objects through UDG so that they can be exposed to the client.

Start benefiting now!

Are you ready to harness the power of the 3.2 Release? Then head on over to our website and crack on with your free trial