Securing your APIs is one of the primary uses of Tyk. Out of the box the Gateway offers a lot of functionality for securing your APIs and the Gateway itself.
This section outlines all of the security configurations and components that are available to you when securing your Tyk stack.
This section outlines some of the key security concepts that Tyk uses and that you should be familiar with before setting up and using a Tyk stack to secure your API.
See Key Hashing for details on how Tyk obfuscates keys in Redis.
TLS and SSL
Tyk supports TLS connections and Mutual TLS. All TLS connections also support HTTP/2. Tyk also supports Let’s Encrypt. See TLS and SSL for more details.
As part of using Mutual TLS, you can create a list of trusted certificates. See Authorisation for more details.
Introduced in Tyk Gateway 2.6.0, certificate pinning is a feature which allows you to allow only specified public keys used to generate certificates, so you will be protected in case an upstream certificate is compromised.
Tyk supports various ways to secure your APIs, including:
- Bearer Tokens
- JSON Web Tokens (JWT)
- Multi Chained Authentication
- OAuth 2.0
- OpenID Connect
See Authentication and Authorization for more details.
A Tyk security policy incorporates several security options that can be applied to an API key. These include Partioned Policies and securing by Method and Path.
See Security Policies for more details.