Tyk Sync
Last updated: 11 minutes read.
Tyk Sync is a command-line tool and Go library for synchronising API definitions and Security Policies from a Git repository or file system into Tyk. It allows for the versioning of Tyk configurations to Git or files, as well as one-way sync from Git or files to Tyk.
Tyk Sync works with Git and any CI/CD tool to ensure that only versioned changes are loaded into your Tyk Environment. For example, a developer can configure and test the APIs locally, and then use tyk-sync dump to convert the APIs to transportable format. Following Git standard practises, to load this change to an environment, he/she should create a Pull Request (PR) on Git for a peer review and merge the approved API configurations in Git. Once the Pull Request is approved and merged, the deployment pipeline could be triggered to run tyk-sync sync, tyk-sync publish or tyk-sync update to sync configurations from Git to the target Tyk installation. See the Dump command for how to extract the current Tyk configurations from an installation. See Sync, Update, or Publish commands for they can help to sync configurations from Git to target Tyk installation.
Note
Tyk Sync works with APIs and Policies. It does not work with Keys. See Move Keys between environments for details.
Features
Tyk Sync works with the Open Source Tyk Gateway and Tyk Dashboard installation. The table below shows features available for each installation type.
Tyk Sync Feature | Tyk Gateway (OSS) | Tyk Dashboard (Licensed) | Example |
---|---|---|---|
Dump APIs and Policies in a transportable format from Tyk to a directory | ❌ | ✅ | Example: Dump a specific API from one Tyk Dashboard |
Update APIs | ✅ | ✅ | |
Update Policies | ❌ | ✅ | |
Publish APIs | ✅ | ✅ | |
Publish Policies | ❌ | ✅ | |
Synchronise APIs with those stored in a VCS (one-way: from VCS to Tyk) | ✅ | ✅ | Example: Transfer APIs from one Tyk Dashboard to another |
Synchronise Policies with those stored in a VCS (one-way: from VCS to Tyk) | ❌ | ✅ | |
Support for importing, converting and publishing Swagger/OpenAPI JSON files as Tyk Classic APIs (OpenAPI 2.0 and 3.0 are supported) | ✅ | ✅ | |
Support for Tyk Classic and Tyk OAS APIs (see note below) | ✅ | ✅ | |
Specialised support for Git | ✅ | ✅ | |
Show and import Tyk examples | ✅ | ✅ | Example: Import Tyk Example into Dashboard |
Note
Tyk Sync supports you to work with Tyk OAS APIs, however as Tyk OAS is currently in Early Access we do not recommend their use in production environments.
In Tyk Dashboard 5.2.2 we added a new configuration option allow_unsafe_oas
which permits the modification of Tyk OAS APIs via the Tyk Classic API endpoints. In Tyk Sync 1.4.1 we added a new flag --allow-unsafe-oas
to work with a Dashboard configured with this option enabled. This is not recommended action due to the risk of inconsistent behaviour and potential for breaking changes while Tyk OAS is in Early Access, but is provided for early adopters and will be deprecated later.
Sync
Tyk Sync tries to be clever about what APIs and Policies to update and which to create, it will actually base all
ID matching on the API ID and the masked Policy ID, so it can identify the same object across installations. Tyk has
a tendency to generate fresh IDs for all new Objects, so Tyk Sync gets around this by using portable IDs and ensuring
the necessary portable IDs are set when using the dump
command.
This means that Tyk Sync can be used to back-up your most important API Gateway configurations as code, and to deploy those configurations to any target and ensure that API IDs and Policy IDs will remain consistent, ensuring that any dependent tokens continue to have access to your services.
Prerequisites:
- In order for policy ID matching to work correctly, your Dashboard must have
allow_explicit_policy_id: true
andenable_duplicate_slugs: true
and your Gateway must havepolicies.allow_explicit_policy_id: true
. - It is assumed you have a Tyk CE or Tyk Pro installation.
Installation
Currently the application is available via Docker and Packagecloud.
Docker:
To install a particular version of tyk-sync
via docker image please run the command bellow with the appropriate version you want to use. All available versions could be found on the Tyk Sync Docker Hub page here: https://hub.docker.com/r/tykio/tyk-sync/tags
docker pull tykio/tyk-sync:{version_id}
To run tyk-sync
as a one-off command and display usage options please do:
docker run -it --rm tykio/tyk-sync:{version_id} help
Then the docker image tyk-sync
can be used in the following way:
docker run -it --rm tykio/tyk-sync:{version_id} [flags]
docker run -it --rm tykio/tyk-sync:{version_id} [command]
As per the examples below tyk-sync
will need access to the host file sytem to read and write files. You can use docker bind mounts to map files in the container to files on your host machine.
Usage
Usage:
tyk-sync [flags]
tyk-sync [command]
Available Commands:
dump Dump will extract policies and APIs from a target (Tyk Dashboard)
examples Shows a list of all available tyk examples
help Help about any command
publish publish API definitions from a Git repo or file system to a Tyk Gateway or Dashboard
sync Synchronise a github repo or file system with a Tyk Gateway
update Update a Tyk Dashboard or Gateway with APIs and policies
version This command will show the current Tyk-Sync version
Flags:
-h, --help help for tyk-sync
Use "tyk-sync [command] --help" for more information about a command.
Dump Command
Dump will extract policies and APIs from a target (your Dashboard) and place them in a directory of your choosing. It will also generate a spec file that can be used for syncing.
Usage:
tyk-sync dump [flags]
Flags:
-b, --branch string Branch to use (defaults to refs/heads/master) (default "refs/heads/master")
-d, --dashboard string Fully qualified Tyk Dashboard target URL
-h, --help help for dump
-k, --key string Key file location for auth (optional)
-s, --secret string Your API secret
-t, --target string Target directory for files
--policies Specific policies ID selection (optional)
--apis Specific api_id's selection (optional)
API secret refers to secret use to access your Gateway API or Dashboard API. For dashboard users, you can get it from “User” page under “Tyk Dashboard API Access key”.
Publish Command
Publish API definitions from a Git repo to a Tyk Gateway or Dashboard. This will not update any existing APIs, and if it detects a collision, the command will stop.
Usage:
tyk-sync publish [flags]
Flags:
-b, --branch string Branch to use (defaults to refs/heads/master) (default "refs/heads/master")
-d, --dashboard string Fully qualified Tyk Dashboard target URL
-g, --gateway string Fully qualified Tyk Gateway target URL
-h, --help help for publish
-k, --key string Key file location for auth (optional)
-p, --path string Source directory for definition files (optional)
-s, --secret string Your API secret
--test Use test publisher, output results to stdio
--policies Specific policies ID selection (optional)
--apis Specific api_id's selection (optional)
--allow-unsafe-oas Use Tyk Classic endpoints in Tyk Dashboard API for Tyk OAS APIs (optional)
API secret refers to secret use to access your Gateway API or Dashboard API. For dashboard users, you can get it from “User” page under “Tyk Dashboard API Access key”.
Sync Command
Sync will synchronise an API Gateway with the contents of a Github repository. The sync is one way - from the repo to the Gateway, the command will not write back to the repo. Sync will delete any objects in the Dashboard or Gateway that it cannot find in the github repo, and update those that it can find and create those that are missing.
Usage:
tyk-sync sync [flags]
Flags:
-b, --branch string Branch to use (defaults to refs/heads/master) (default "refs/heads/master")
-d, --dashboard string Fully qualified Tyk Dashboard target URL
-g, --gateway string Fully qualified Tyk Gateway target URL
-h, --help help for sync
-k, --key string Key file location for auth (optional)
-o, --org string org ID override
-p, --path string Source directory for definition files (optional)
-s, --secret string Your API secret
--test Use test publisher, output results to stdio
--policies Specific policies ID selection (optional)
--apis Specific api_id's selection (optional)
--allow-unsafe-oas Use Tyk Classic endpoints in Tyk Dashboard API for Tyk OAS APIs (optional)
API secret refers to secret use to access your Gateway API or Dashboard API. For dashboard users, you can get it from “User” page under “Tyk Dashboard API Access key”.
Update Command
Update will attempt to identify matching APIs or Policies in the target, and update those APIs. It does not create new ones. Use tyk-sync publish
or tyk-git sync
for new content.
Usage:
tyk-sync update [flags]
Flags:
-b, --branch string Branch to use (defaults to refs/heads/master) (default "refs/heads/master")
-d, --dashboard string Fully qualified Tyk Dashboard target URL
-g, --gateway string Fully qualified Tyk Gateway target URL
-h, --help help for update
-k, --key string Key file location for auth (optional)
-p, --path string Source directory for definition files (optional)
-s, --secret string Your API secret
--test Use test publisher, output results to stdio
--policies Specific policies ID selection (optional)
--apis Specific api_id's selection (optional)
--allow-unsafe-oas Use Tyk Classic endpoints in Tyk Dashboard API for Tyk OAS APIs (optional)
API secret refers to secret use to access your Gateway API or Dashboard API. For dashboard users, you can get it from “User” page under “Tyk Dashboard API Access key”.
Examples Command
The examples command lists all examples from our official Tyk examples repository. See output in example usage
Usage:
tyk-sync examples [flags]
tyk-sync examples [command]
Available Commands:
publish Publish a specific example to a gateway or dashboard by using its location
show Shows details of a specific example by using its location
Flags:
-h, --help help for examples
Examples Show Command
Shows more details about a specific example by using its location. See output in example usage
Usage:
tyk-sync examples show [flags]
Flags:
-h, --help help for show
-l, --location string Location to example
Examples Publish Command
Publishs an example by using its location.
Usage:
tyk-sync examples publish [flags]
Flags:
-b, --branch string Branch to use (defaults to refs/heads/main) (default "refs/heads/main")
-d, --dashboard string Fully qualified dashboard target URL
-g, --gateway string Fully qualified gateway target URL
-h, --help help for publish
-k, --key string Key file location for auth (optional)
-l, --location string Location to example
-s, --secret string Your API secret
--test Use test publisher, output results to stdio
API secret refers to secret use to access your Gateway API or Dashboard API. For dashboard users, you can get it from “User” page under “Tyk Dashboard API Access key”.
Example: Transfer from one Tyk Dashboard to another
First, you need to extract the data from our Tyk Dashboard. Here you dump
into ./tmp. Let’s assume this is a git-enabled
directory
tyk-sync dump -d="http://localhost:3000" -s="b2d420ca5302442b6f20100f76de7d83" -t="./tmp"
Extracting APIs and Policies from http://localhost:3000
> Fetching policies
--> Identified 1 policies
--> Fetching and cleaning policy objects
> Fetching APIs
--> Fetched 3 APIs
> Creating spec file in: tmp/.tyk.json
Done.
If running tyk-sync
in docker the command above would read
docker run --rm --mount type=bind,source="$(pwd)",target=/opt/tyk-sync/tmp \
tykio/tyk-sync:v1.2 \
dump \
-d="http://host.docker.internal:3000" \
-s="b2d420ca5302442b6f20100f76de7d83" \
-t="./tmp"
Next, let’s push those changes back to the Git repo on the branch my-test-branch
:
cd tmp
git add .
git commit -m "My dashboard dump"
git push -u origin my-test-branch
Now to restore this data directly from GitHub:
tyk-sync sync -d="http://localhost:3010" -s="b2d420ca5302442b6f20100f76de7d83" -b="refs/heads/my-test-branch" https://github.com/myname/my-test.git
Using publisher: Dashboard Publisher
Fetched 3 definitions
Fetched 1 policies
Processing APIs...
Deleting: 0
Updating: 3
Creating: 0
SYNC Updating: 598ec94f9695f201730d835b
SYNC Updating: 598ec9589695f201730d835c
SYNC Updating: 5990cfee9695f201730d836e
Processing Policies...
Deleting policies: 0
Updating policies: 1
Creating policies: 0
SYNC Updating Policy: Test policy 1
--> Found policy using explicit ID, substituting remote ID for update
If running tyk-sync
in docker the command above would read
docker run --rm \
--mount type=bind,source="$(pwd)",target=/opt/tyk-sync/tmp \
tykio/tyk-sync:v1.2 \
sync \
-d="http://localhost:3010" \
-s="b2d420ca5302442b6f20100f76de7d83" \
-b="refs/heads/my-test-branch" https://github.com/myname/my-test.git
The command provides output to identify which actions have been taken. If using a Tyk Gateway, the Gateway will be automatically hot-reloaded.
Example: Dump a specific API from one Tyk Dashboard
First, we need to identify the api_id
that we want to dump, in this case ac35df594b574c9c7a3806286611d211
.
When we have that, we are going to execute the dump command specifying the api_id
in the tags.
tyk-sync dump -d="http://localhost:3000" -s="b2d420ca5302442b6f20100f76de7d83" -t="./tmp" --apis="ac35df594b574c9c7a3806286611d211"
Extracting APIs and Policies from http://localhost:3000
> Fetching policies
--> Identified 0 policies
--> Fetching and cleaning policy objects
> Fetching APIs
--> Fetched 1 APIs
> Creating spec file in: tmp/.tyk.json
Done.
If you want to specify more than one API, the values need to be comma-separated.
For example --apis="ac35df594b574c9c7a3806286611d211,30e7b4001ea94fb970c324bad1a171c3"
.
The same behaviour applies to policies.
Example: Check the currently installed version of Tyk Sync
To check the current Tyk Sync version, we need to run the version command:
tyk-sync version
v1.2
Example: Import Tyk example into Dashboard
To list all available examples you need to run this command:
tyk-sync examples
LOCATION NAME DESCRIPTION
udg/vat-checker VAT number checker UDG Simple REST API wrapped in GQL using Universal Data Graph that allows user to check validity of a VAT number and display some details about it.
udg/geo-info Geo information about the World Countries GQL API extended with information from Restcountries
It’s also possible to show more details about an example by using its location. For example, based on the output from tyk-sync examples
above, we can use the location of the example “VAT number checker UDG” to get more information:
tyk-sync examples show --location="udg/vat-checker"
LOCATION
udg/vat-checker
NAME
VAT number checker UDG
DESCRIPTION
Simple REST API wrapped in GQL using Universal Data Graph that allows user to check validity of a VAT number and display some details about it.
FEATURES
- REST Datasource
MIN TYK VERSION
5.0
To publish it into the Dashboard you will need to use this command:
tyk-sync examples publish -d="http://localhost:3000" -s="b2d420ca5302442b6f20100f76de7d83" -l="udg/vat-checker"
Fetched 1 definitions
Fetched 0 policies
Using publisher: Dashboard Publisher
org override detected, setting.
Creating API 0: vat-validation
--> Status: OK, ID:726e705e6afc432742867e1bd898cb26
Updating API 0: vat-validation
--> Status: OK, ID:726e705e6afc432742867e1bd898cb26
org override detected, setting.
Done