Request Plugins
There are 4 different phases in the request lifecycle you can inject custom plugins, including Authentication plugins. There are performance advantages to picking the correct phase, and of course that depends on your use case and what functionality you need.
Hook Capabilities
Functionality | Pre | Auth | Post-Auth | Post |
---|---|---|---|---|
Can modify the Header | ✅ | ✅ | ✅ | ✅ |
Can modify the Body | ✅ | ✅ | ✅ | ✅ |
Can modify Query Params | ✅ | ✅ | ✅ | ✅ |
Can view Session1 Details (metadata, quota, context-vars, tags, etc) | ❌ | ✅ | ✅ | ✅ |
Can modify Session1 2 | ❌ | ✅ | ❌ | ❌ |
Can Add More Than One3 | ✅ | ❌ | ✅ | ✅ |
[1] A Session object contains allowances and identity information that is unique to each requestor
[2] You can modify the session by using your programming language’s SDK for Redis. Here is an example of doing that in Golang.
[3] For select hook locations, you can add more than one plugin. For example, in the same API request, you can have 3 Pre, 1 auth, 5 post-auth, and 2 post plugins.
Return Overrides / ReturnOverrides
You can have your plugin finish the request lifecycle and return a response with custom payload & headers to the requestor.
Python Example
from tyk.decorators import *
@Hook
def MyCustomMiddleware(request, session, spec):
print("my_middleware: MyCustomMiddleware")
request.object.return_overrides.headers['content-type'] = 'application/json'
request.object.return_overrides.response_code = 200
request.object.return_overrides.response_error = "{\"key\": \"value\"}\n"
return request, session
JavaScript Example
var testJSVMData = new TykJS.TykMiddleware.NewMiddleware({});
testJSVMData.NewProcessRequest(function(request, session, config) {
request.ReturnOverrides.ResponseError = "Foobarbaz"
request.ReturnOverrides.ResponseBody = "Foobar"
request.ReturnOverrides.ResponseCode = 200
request.ReturnOverrides.ResponseHeaders = {
"X-Foo": "Bar",
"X-Baz": "Qux"
}
return testJSVMData.ReturnData(request, {});
});