Open Policy Agent API
Note
The Open Policy Agent API helps you to manage (CRUD) the OPA (Open Policy Agent) rules that are being applied to the Tyk Dashboard. You can also change the OPA settings, such as to enable/disable it or enable/disable the debug mode.
Only Admin role Dashboard users are authorised to use it.
For more information on how to configure OPA see Open Policy Agent.
List OPA rules and settings
This endpoint returns by defaul the initial set of OPA rules defined in your Tyk Dashboard, which are located in schema/dashboard.rego (accessible in Self-Managed installations).
Once you update the rules via the API, the OPA rules will be stored at the organisation level.
Property | Description |
---|---|
Resource URL | /api/org/opa |
Method | GET |
Type | None |
Body | None |
Param | None |
Sample Request
GET /api/org/opa HTTP/1.1
Host: localhost:3000
authorization:7a7b140f-2480-4d5a-4e78-24049e3ba7f8
Sample Response
{
"open_policy": {
"enabled": true,
"rules": "default hello = false\r\n\r\nhello {\r\n m := input.message\r\n m == \"world\"\r\n}"
}
}
Update OPA rules and settings
Note
Whenever you want to update OPA rules or its settings, send the updated value of the OPA rules or changed values for the settings (enabled
) via a PUT request to the permissions
endpoint.
Property | Description |
---|---|
Resource URL | /api/org/permission |
Method | PUT |
Type | None |
Body | Permissions Object |
Param | None |
Sample Request
PUT /api/org/opa HTTP/1.1
Host: localhost:3000
authorization:7a7b140f-2480-4d5a-4e78-24049e3ba7f8
{
"open_policy": {
"enabled": false,
"rules": "default hello = false\r\n\r\nhello {\r\n m := input.message\r\n m == \"world\"\r\n}"
}
}
Sample Response
{
"Status": "OK",
"Message": "OPA rules has been updated on org level",
"Meta": null
}