TIB REST API
The Tyk Identity Broker (TIB) has an API to allow policies to be created, updated, removed and listed for programmatic and automated access. TIB also has a “flush” feature that enables you to flush the current configuration to disk for use when the client starts again.
TIB does not store profiles in a shared store, so if you have multiple TIB instances, they need to be configured individually (for now). Since we don’t expect TIB stores to change often, this is acceptable.
Starting from Tyk Dashboard 3, TIB is built-in to the dashboard. TIB endpoints are exposed as part of dashboard API on the /api/tib/ prefix. So if in the guide below external TIB API endpoint is /api/profiles the similar endpoint on the dashboard API will be /api/tib/profiles.
List Profiles
GET /api/profiles/
Authorization: test-secret
{
"Status": "ok",
"ID": "",
"Data": [
{
"ActionType": "GenerateTemporaryAuthToken",
"ID": "11",
"IdentityHandlerConfig": {
"DashboardCredential": "822f2b1c75dc4a4a522944caa757976a",
"DisableOneTokenPerAPI": false,
"TokenAuth": {
"BaseAPIID": "e1d21f942ec746ed416ab97fe1bf07e8"
}
},
"MatchedPolicyID": "5654566b30c55e3904000003",
"OrgID": "53ac07777cbb8c2d53000002",
"ProviderConfig": {
"ExrtactUserNameFromBasicAuthHeader": true,
"OKCode": 200,
"OKRegex": "origin",
"OKResponse": "ewogICJvcmlnaW4iOiAiNjIuMjMyLjExNC4yNTAsIDE3OC42Mi4xMS42MiwgMTc4LjYyLjExLjYyIgp9Cg==",
"TargetHost": "http://sharrow.tyk.io/ba-1/"
},
"ProviderConstraints": {
"Domain": "",
"Group": ""
},
"ProviderName": "ProxyProvider",
"ReturnURL": "",
"Type": "passthrough"
},
{
"ActionType": "GenerateOAuthTokenForClient",
"ID": "6",
"IdentityHandlerConfig": {
"DashboardCredential": "{DASHBAORD-API-ID}",
"DisableOneTokenPerAPI": false,
"OAuth": {
"APIListenPath": "{API-LISTEN-PATH}",
"BaseAPIID": "{BASE-API-ID}",
"ClientId": "{TYK-OAUTH-CLIENT-ID}",
"RedirectURI": "http://{APP-DOMAIN}:{PORT}/{AUTH-SUCCESS-PATH}",
"ResponseType": "token",
"Secret": "{TYK-OAUTH-CLIENT-SECRET}"
}
},
"MatchedPolicyID": "POLICY-ID",
"OrgID": "53ac07777cbb8c2d53000002",
"ProviderConfig": {
"FailureRedirect": "http://{APP-DOMAIN}:{PORT}/failure",
"LDAPAttributes": [],
"LDAPUseSSL": false,
"LDAPPort": "389",
"LDAPServer": "localhost",
"LDAPUserDN": "cn=*USERNAME*,cn=dashboard,ou=Group,dc=ldap,dc=tyk-ldap-test,dc=com"
}
"ProviderName": "ADProvider",
"ReturnURL": "",
"Type": "passthrough"
}
]
}
Add Profile
Sample Request
POST /api/profiles/{id}
Authorization: test-secret
{
"ActionType": "GenerateTemporaryAuthToken",
"ID": "11",
"IdentityHandlerConfig": {
"DashboardCredential": "822f2b1c75dc4a4a522944caa757976a",
"DisableOneTokenPerAPI": false,
"TokenAuth": {
"BaseAPIID": "e1d21f942ec746ed416ab97fe1bf07e8"
}
},
"MatchedPolicyID": "5654566b30c55e3904000003",
"OrgID": "53ac07777cbb8c2d53000002",
"ProviderConfig": {
"ExrtactUserNameFromBasicAuthHeader": true,
"OKCode": 200,
"OKRegex": "origin",
"OKResponse": "ewogICJvcmlnaW4iOiAiNjIuMjMyLjExNC4yNTAsIDE3OC42Mi4xMS42MiwgMTc4LjYyLjExLjYyIgp9Cg==",
"TargetHost": "http://sharrow.tyk.io/ba-1/"
},
"ProviderConstraints": {
"Domain": "",
"Group": ""
},
"ProviderName": "ProxyProvider",
"ReturnURL": "",
"Type": "passthrough"
}
Sample Response
{
"Status": "ok",
"ID": "11",
"Data": {
"ID": "11",
"OrgID": "53ac07777cbb8c2d53000002",
"ActionType": "GenerateTemporaryAuthToken",
"MatchedPolicyID": "5654566b30c55e3904000003",
"Type": "passthrough",
"ProviderName": "ProxyProvider",
"ProviderConfig": {
"ExrtactUserNameFromBasicAuthHeader": true,
"OKCode": 200,
"OKRegex": "origin",
"OKResponse": "ewogICJvcmlnaW4iOiAiNjIuMjMyLjExNC4yNTAsIDE3OC42Mi4xMS42MiwgMTc4LjYyLjExLjYyIgp9Cg==",
"TargetHost": "http://sharrow.tyk.io/ba-1/"
},
"IdentityHandlerConfig": {
"DashboardCredential": "822f2b1c75dc4a4a522944caa757976a",
"DisableOneTokenPerAPI": false,
"TokenAuth": {
"BaseAPIID": "e1d21f942ec746ed416ab97fe1bf07e8"
}
},
"ProviderConstraints": {
"Domain": "",
"Group": ""
},
"ReturnURL": ""
}
}
Update Profile
Sample Request
PUT /api/profiles/{id}
Authorization: test-secret
{
"ActionType": "GenerateTemporaryAuthToken",
"ID": "11",
"IdentityHandlerConfig": {
"DashboardCredential": "822f2b1c75dc4a4a522944caa757976a",
"DisableOneTokenPerAPI": false,
"TokenAuth": {
"BaseAPIID": "e1d21f942ec746ed416ab97fe1bf07e8"
}
},
"MatchedPolicyID": "5654566b30c55e3904000003",
"OrgID": "53ac07777cbb8c2d53000002",
"ProviderConfig": {
"ExrtactUserNameFromBasicAuthHeader": true,
"OKCode": 200,
"OKRegex": "origin",
"OKResponse": "ewogICJvcmlnaW4iOiAiNjIuMjMyLjExNC4yNTAsIDE3OC42Mi4xMS42MiwgMTc4LjYyLjExLjYyIgp9Cg==",
"TargetHost": "http://sharrow.tyk.io/ba-1/"
},
"ProviderConstraints": {
"Domain": "",
"Group": ""
},
"ProviderName": "ProxyProvider",
"ReturnURL": "",
"Type": "passthrough"
}
Sample Response
{
"Status": "ok",
"ID": "11",
"Data": {
"ID": "11",
"OrgID": "53ac07777cbb8c2d53000002",
"ActionType": "GenerateTemporaryAuthToken",
"MatchedPolicyID": "5654566b30c55e3904000003",
"Type": "passthrough",
"ProviderName": "ProxyProvider",
"ProviderConfig": {
"ExrtactUserNameFromBasicAuthHeader": true,
"OKCode": 200,
"OKRegex": "origin",
"OKResponse": "ewogICJvcmlnaW4iOiAiNjIuMjMyLjExNC4yNTAsIDE3OC42Mi4xMS42MiwgMTc4LjYyLjExLjYyIgp9Cg==",
"TargetHost": "http://sharrow.tyk.io/ba-1/"
},
"IdentityHandlerConfig": {
"DashboardCredential": "822f2b1c75dc4a4a522944caa757976a",
"DisableOneTokenPerAPI": false,
"TokenAuth": {
"BaseAPIID": "e1d21f942ec746ed416ab97fe1bf07e8"
}
},
"ProviderConstraints": {
"Domain": "",
"Group": ""
},
"ReturnURL": ""
}
}
Delete Profile
Sample Request
Delete /api/profiles/{id}
Authorization: test-secret
[emtpy body]
Sample Response
{
"Status": "ok",
"ID": "200",
"Data": {}
}
Save Profiles to Disk
Sample Request
POST /api/profiles/save
Authorization: test-secret
[empty body]
Sample Response
{
"Status": "ok",
"ID": "",
"Data": {}
}
Outcome
The existing profiles.json file will be backed up to a new file, and the current profiles data in memory will be flushed to disk as the new profiles.json file. Backups are time stamped (e.g. profiles_backup_1452677499.json).