Cloud Login Install

Open Policy Agent API

Note

The Open Policy Agent API helps you to manage (CRUD) the OPA (Open Policy Agent) rules that are being applied to the Tyk Dashboard. You can also change the OPA settings, such as to enable/disable it or enable/disable the debug mode.

Only Admin role Dashboard users are authorised to use it.

For more information on how to configure OPA see Open Policy Agent.

List OPA rules and settings

This endpoint returns by defaul the initial set of OPA rules defined in your Tyk Dashboard, which are located in schema/dashboard.rego (accessible in Self-Managed installations).

Once you update the rules via the API, the OPA rules will be stored at the organisation level.

Property Description
Resource URL /api/org/opa
Method GET
Type None
Body None
Param None

Sample Request

GET /api/org/opa HTTP/1.1
Host: localhost:3000
authorization:7a7b140f-2480-4d5a-4e78-24049e3ba7f8

Sample Response

{
  "open_policy": {
    "enabled": true,
    "rules": "default hello = false\r\n\r\nhello {\r\n    m := input.message\r\n    m == \"world\"\r\n}"
  }
}

Update OPA rules and settings

Note

Whenever you want to update OPA rules or its settings, send the updated value of the OPA rules or changed values for the settings (enabled) via a PUT request to the permissions endpoint.

Property Description
Resource URL /api/org/permission
Method PUT
Type None
Body Permissions Object
Param None

Sample Request

PUT /api/org/opa HTTP/1.1
Host: localhost:3000
authorization:7a7b140f-2480-4d5a-4e78-24049e3ba7f8
{
  "open_policy": {
    "enabled": false,
    "rules": "default hello = false\r\n\r\nhello {\r\n    m := input.message\r\n    m == \"world\"\r\n}"
  }
}

Sample Response

{
    "Status": "OK",
    "Message": "OPA rules has been updated on org level",
    "Meta": null
}