> ## Documentation Index > Fetch the complete documentation index at: https://tyk.io/docs/llms.txt > Use this file to discover all available pages before exploring further. # Gateway Configuration Inspection > How to inspect the live configuration of a running Tyk Gateway using the built-in configuration inspection endpoints. ## Availability | Component | Version | Edition | | :-------- | :-------------------------------------------------------------------------------------------- | :------ | | Gateway | Available since [v5.12.0](/5.12/developer-support/release-notes/gateway#5-12-0-release-notes) | All | To inspect the gateway's live configuration without SSH access, you can enable configuration inspection endpoints on the Control API port. ## Configuration Inspection Endpoints Gateway offers two endpoints for configuration inspection: | Endpoint | Query Parameter | Description | | ------------- | ------------------------- | ------------------------------------------------------------------------------------ | | `GET /config` | `field=` (optional) | Returns the full gateway configuration, or a single field if `field` is specified | | `GET /env` | `env=` (optional) | Returns all environment variable mappings, or a single mapping if `env` is specified | Both endpoints are available on the Control API port and require authentication via the `X-Tyk-Authorization` header. Requests without this header return `HTTP 403`. ## Enable Configuration Inspection By default, configuration inspection endpoints are **disabled** to prevent accidental exposure of sensitive information. When disabled, all configuration inspection endpoints return `HTTP 404`. To enable it, set `enable_config_inspection` to `true` in your `tyk.conf` or use the equivalent environment variable. In production environments, we recommend keeping configuration inspection disabled. ```json theme={null} { "enable_config_inspection": true } ``` ``` TYK_GW_ENABLECONFIGINSPECTION=true ``` ## Examples ### Inspect Full Gateway Configuration ```bash theme={null} curl -H "X-Tyk-Authorization: $TYK_GW_SECRET" http://localhost:8080/config ``` Response: ```json theme={null} { "hostname": "", "listen_address": "", "listen_port": 8080, "control_api_hostname": "", "control_api_port": 0, "secret": "*REDACTED*", "node_secret": "*REDACTED*", "pid_file_location": "./tyk-gateway.pid", "allow_insecure_configs": true, "public_key_path": "", "allow_remote_config": true, "enable_config_inspection": true, "security": { } ... } ``` ### Inspect a Single Config Field To retrieve the value of a specific configuration field, use the `field` query parameter with the field name: ```bash theme={null} curl -H "X-Tyk-Authorization: $TYK_GW_SECRET" \ "http://localhost:8080/config?field=listen_port" ``` Response: ```json theme={null} { "config_field": "listen_port", "env": "TYK_GW_LISTENPORT", "value": "8080", "obfuscated": false } ``` #### Sensitive Field Redaction Fields that contain secrets (for example, `secret`, passwords, and connection strings) are automatically shown as `*REDACTED*` in all responses. The `obfuscated` field in the response indicates whether the value has been redacted. ```json theme={null} { "config_field": "secret", "env": "TYK_GW_SECRET", "value": "*REDACTED*", "obfuscated": true } ``` ### Inspect Environment Variables To view all environment variable mappings: ```bash theme={null} curl -H "X-Tyk-Authorization: $TYK_GW_SECRET" http://localhost:8080/env ``` Gateway will only return environment variables that are prefixed with `TYK_GW_`. Response: ```json theme={null} [ "TYK_GW_ENABLECONFIGINSPECTION=true", "TYK_GW_EXPERIMENTALPROCESSORGOFFTHREAD=false", "TYK_GW_GRACEFULSHUTDOWNTIMEOUTDURATION=0", "TYK_GW_CONTROLAPIPORT=0", "TYK_GW_TEMPLATEPATH=./templates", "TYK_GW_SSLFORCECOMMONNAMECHECK=false", "TYK_GW_ENABLEBUNDLEDOWNLOADER=false", "TYK_GW_JSVMTIMEOUT=0", "TYK_GW_FORCEGLOBALSESSIONLIFETIME=false", "TYK_GW_DISABLEDASHBOARDZEROCONF=false", "TYK_GW_MANAGEMENTNODE=false", ... ] ```