Skip to main content
PUT
/
api
/
profiles
/
{id}
Update a profile
curl --request PUT \
  --url http://localhost:3010/api/profiles/{id} \
  --header 'Authorization: <api-key>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "ID": "github-sso-dashboard",
  "Name": "GitHub SSO - Dashboard Login",
  "OrgID": "5e9d9544a1dcd60001d0ed20",
  "MatchedPolicyID": "5f8f9e3c1b5e4a0001b3c4d5",
  "CustomEmailField": "email",
  "CustomUserIDField": "sub",
  "ProviderConfig": {},
  "IdentityHandlerConfig": {
    "oauth-client-id": "tyk-portal-client",
    "oauth-client-secret": "s3cr3t",
    "oauth-client-base-url": "http://gateway:8080"
  },
  "ProviderConstraints": {
    "Domain": "tyk.io",
    "Group": "engineering"
  },
  "ReturnURL": "https://dashboard.example.com/tap",
  "DefaultUserGroupID": "5f8f9e3c1b5e4a0001b3c4d6",
  "CustomUserGroupField": "groups",
  "UserGroupMapping": {
    "admins": "5f8f9e3c1b5e4a0001b3c4d7",
    "developers": "5f8f9e3c1b5e4a0001b3c4d8"
  },
  "UserGroupSeparator": ",",
  "SSOOnlyForRegisteredUsers": false
}
'
import requests

url = "http://localhost:3010/api/profiles/{id}"

payload = {
"ID": "github-sso-dashboard",
"Name": "GitHub SSO - Dashboard Login",
"OrgID": "5e9d9544a1dcd60001d0ed20",
"MatchedPolicyID": "5f8f9e3c1b5e4a0001b3c4d5",
"CustomEmailField": "email",
"CustomUserIDField": "sub",
"ProviderConfig": {},
"IdentityHandlerConfig": {
"oauth-client-id": "tyk-portal-client",
"oauth-client-secret": "s3cr3t",
"oauth-client-base-url": "http://gateway:8080"
},
"ProviderConstraints": {
"Domain": "tyk.io",
"Group": "engineering"
},
"ReturnURL": "https://dashboard.example.com/tap",
"DefaultUserGroupID": "5f8f9e3c1b5e4a0001b3c4d6",
"CustomUserGroupField": "groups",
"UserGroupMapping": {
"admins": "5f8f9e3c1b5e4a0001b3c4d7",
"developers": "5f8f9e3c1b5e4a0001b3c4d8"
},
"UserGroupSeparator": ",",
"SSOOnlyForRegisteredUsers": False
}
headers = {
"Authorization": "<api-key>",
"Content-Type": "application/json"
}

response = requests.put(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'PUT',
headers: {Authorization: '<api-key>', 'Content-Type': 'application/json'},
body: JSON.stringify({
ID: 'github-sso-dashboard',
Name: 'GitHub SSO - Dashboard Login',
OrgID: '5e9d9544a1dcd60001d0ed20',
MatchedPolicyID: '5f8f9e3c1b5e4a0001b3c4d5',
CustomEmailField: 'email',
CustomUserIDField: 'sub',
ProviderConfig: {},
IdentityHandlerConfig: {
'oauth-client-id': 'tyk-portal-client',
'oauth-client-secret': 's3cr3t',
'oauth-client-base-url': 'http://gateway:8080'
},
ProviderConstraints: {Domain: 'tyk.io', Group: 'engineering'},
ReturnURL: 'https://dashboard.example.com/tap',
DefaultUserGroupID: '5f8f9e3c1b5e4a0001b3c4d6',
CustomUserGroupField: 'groups',
UserGroupMapping: {admins: '5f8f9e3c1b5e4a0001b3c4d7', developers: '5f8f9e3c1b5e4a0001b3c4d8'},
UserGroupSeparator: ',',
SSOOnlyForRegisteredUsers: false
})
};

fetch('http://localhost:3010/api/profiles/{id}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_PORT => "3010",
CURLOPT_URL => "http://localhost:3010/api/profiles/{id}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PUT",
CURLOPT_POSTFIELDS => json_encode([
'ID' => 'github-sso-dashboard',
'Name' => 'GitHub SSO - Dashboard Login',
'OrgID' => '5e9d9544a1dcd60001d0ed20',
'MatchedPolicyID' => '5f8f9e3c1b5e4a0001b3c4d5',
'CustomEmailField' => 'email',
'CustomUserIDField' => 'sub',
'ProviderConfig' => [

],
'IdentityHandlerConfig' => [
'oauth-client-id' => 'tyk-portal-client',
'oauth-client-secret' => 's3cr3t',
'oauth-client-base-url' => 'http://gateway:8080'
],
'ProviderConstraints' => [
'Domain' => 'tyk.io',
'Group' => 'engineering'
],
'ReturnURL' => 'https://dashboard.example.com/tap',
'DefaultUserGroupID' => '5f8f9e3c1b5e4a0001b3c4d6',
'CustomUserGroupField' => 'groups',
'UserGroupMapping' => [
'admins' => '5f8f9e3c1b5e4a0001b3c4d7',
'developers' => '5f8f9e3c1b5e4a0001b3c4d8'
],
'UserGroupSeparator' => ',',
'SSOOnlyForRegisteredUsers' => false
]),
CURLOPT_HTTPHEADER => [
"Authorization: <api-key>",
"Content-Type: application/json"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "http://localhost:3010/api/profiles/{id}"

payload := strings.NewReader("{\n \"ID\": \"github-sso-dashboard\",\n \"Name\": \"GitHub SSO - Dashboard Login\",\n \"OrgID\": \"5e9d9544a1dcd60001d0ed20\",\n \"MatchedPolicyID\": \"5f8f9e3c1b5e4a0001b3c4d5\",\n \"CustomEmailField\": \"email\",\n \"CustomUserIDField\": \"sub\",\n \"ProviderConfig\": {},\n \"IdentityHandlerConfig\": {\n \"oauth-client-id\": \"tyk-portal-client\",\n \"oauth-client-secret\": \"s3cr3t\",\n \"oauth-client-base-url\": \"http://gateway:8080\"\n },\n \"ProviderConstraints\": {\n \"Domain\": \"tyk.io\",\n \"Group\": \"engineering\"\n },\n \"ReturnURL\": \"https://dashboard.example.com/tap\",\n \"DefaultUserGroupID\": \"5f8f9e3c1b5e4a0001b3c4d6\",\n \"CustomUserGroupField\": \"groups\",\n \"UserGroupMapping\": {\n \"admins\": \"5f8f9e3c1b5e4a0001b3c4d7\",\n \"developers\": \"5f8f9e3c1b5e4a0001b3c4d8\"\n },\n \"UserGroupSeparator\": \",\",\n \"SSOOnlyForRegisteredUsers\": false\n}")

req, _ := http.NewRequest("PUT", url, payload)

req.Header.Add("Authorization", "<api-key>")
req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.put("http://localhost:3010/api/profiles/{id}")
.header("Authorization", "<api-key>")
.header("Content-Type", "application/json")
.body("{\n \"ID\": \"github-sso-dashboard\",\n \"Name\": \"GitHub SSO - Dashboard Login\",\n \"OrgID\": \"5e9d9544a1dcd60001d0ed20\",\n \"MatchedPolicyID\": \"5f8f9e3c1b5e4a0001b3c4d5\",\n \"CustomEmailField\": \"email\",\n \"CustomUserIDField\": \"sub\",\n \"ProviderConfig\": {},\n \"IdentityHandlerConfig\": {\n \"oauth-client-id\": \"tyk-portal-client\",\n \"oauth-client-secret\": \"s3cr3t\",\n \"oauth-client-base-url\": \"http://gateway:8080\"\n },\n \"ProviderConstraints\": {\n \"Domain\": \"tyk.io\",\n \"Group\": \"engineering\"\n },\n \"ReturnURL\": \"https://dashboard.example.com/tap\",\n \"DefaultUserGroupID\": \"5f8f9e3c1b5e4a0001b3c4d6\",\n \"CustomUserGroupField\": \"groups\",\n \"UserGroupMapping\": {\n \"admins\": \"5f8f9e3c1b5e4a0001b3c4d7\",\n \"developers\": \"5f8f9e3c1b5e4a0001b3c4d8\"\n },\n \"UserGroupSeparator\": \",\",\n \"SSOOnlyForRegisteredUsers\": false\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("http://localhost:3010/api/profiles/{id}")

http = Net::HTTP.new(url.host, url.port)

request = Net::HTTP::Put.new(url)
request["Authorization"] = '<api-key>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"ID\": \"github-sso-dashboard\",\n \"Name\": \"GitHub SSO - Dashboard Login\",\n \"OrgID\": \"5e9d9544a1dcd60001d0ed20\",\n \"MatchedPolicyID\": \"5f8f9e3c1b5e4a0001b3c4d5\",\n \"CustomEmailField\": \"email\",\n \"CustomUserIDField\": \"sub\",\n \"ProviderConfig\": {},\n \"IdentityHandlerConfig\": {\n \"oauth-client-id\": \"tyk-portal-client\",\n \"oauth-client-secret\": \"s3cr3t\",\n \"oauth-client-base-url\": \"http://gateway:8080\"\n },\n \"ProviderConstraints\": {\n \"Domain\": \"tyk.io\",\n \"Group\": \"engineering\"\n },\n \"ReturnURL\": \"https://dashboard.example.com/tap\",\n \"DefaultUserGroupID\": \"5f8f9e3c1b5e4a0001b3c4d6\",\n \"CustomUserGroupField\": \"groups\",\n \"UserGroupMapping\": {\n \"admins\": \"5f8f9e3c1b5e4a0001b3c4d7\",\n \"developers\": \"5f8f9e3c1b5e4a0001b3c4d8\"\n },\n \"UserGroupSeparator\": \",\",\n \"SSOOnlyForRegisteredUsers\": false\n}"

response = http.request(request)
puts response.read_body
{
  "Status": "ok",
  "ID": "github-sso-dashboard",
  "Data": {
    "ID": "github-sso-dashboard",
    "Name": "GitHub SSO - Dashboard Login",
    "OrgID": "5e9d9544a1dcd60001d0ed20",
    "MatchedPolicyID": "5f8f9e3c1b5e4a0001b3c4d5",
    "CustomEmailField": "email",
    "CustomUserIDField": "sub",
    "ProviderConfig": {},
    "IdentityHandlerConfig": {
      "oauth-client-id": "tyk-portal-client",
      "oauth-client-secret": "s3cr3t",
      "oauth-client-base-url": "http://gateway:8080"
    },
    "ProviderConstraints": {
      "Domain": "tyk.io",
      "Group": "engineering"
    },
    "ReturnURL": "https://dashboard.example.com/tap",
    "DefaultUserGroupID": "5f8f9e3c1b5e4a0001b3c4d6",
    "CustomUserGroupField": "groups",
    "UserGroupMapping": {
      "admins": "5f8f9e3c1b5e4a0001b3c4d7",
      "developers": "5f8f9e3c1b5e4a0001b3c4d8"
    },
    "UserGroupSeparator": ",",
    "SSOOnlyForRegisteredUsers": false
  }
}
{
"Status": "error",
"Error": "Object ID and URI resource ID do not match"
}
{
"Status": "error",
"Error": "Authorization failed"
}
{
"Status": "error",
"Error": "Profile not found"
}

Authorizations

Authorization
string
header
required

Must equal the Secret value in tib.conf. Example: Authorization: your-tib-secret

Path Parameters

id
string
required

The unique identifier of the authentication profile.

Body

application/json
ID
string
required

Unique identifier for this profile. Must match the {id} path parameter when creating or updating.

Example:

"github-sso-dashboard"

ActionType
enum<string>
required

Determines what TIB does with the confirmed identity.

  • GenerateOrLoginDeveloperProfile – create/log in a Tyk Developer Portal API Consumer
  • GenerateOrLoginUserProfile – create/log in a Tyk Dashboard user or Tyk Developer Portal API Owner
  • GenerateOAuthTokenForClient – generate an OAuth token for an API client (also used for the OAuth password flow)
  • GenerateTemporaryAuthToken – generate a short-lived Tyk access token
Available options:
GenerateOrLoginDeveloperProfile,
GenerateOrLoginUserProfile,
GenerateOAuthTokenForClient,
GenerateTemporaryAuthToken
Type
enum<string>
required
  • redirect – the user is redirected to an external IdP (OAuth, SAML)
  • passthrough – credentials are validated inline without a redirect (LDAP, Proxy)
Available options:
redirect,
passthrough
ProviderName
enum<string>
required

Identifier for the concrete provider implementation.

Available options:
SocialProvider,
ADProvider,
SAMLProvider,
ProxyProvider
Name
string

Human-readable display name for this profile.

Example:

"GitHub SSO - Dashboard Login"

OrgID
string

Tyk organisation ID this profile belongs to.

Example:

"5e9d9544a1dcd60001d0ed20"

MatchedPolicyID
string

Tyk policy ID to attach to tokens or sessions generated by this profile.

Example:

"5f8f9e3c1b5e4a0001b3c4d5"

CustomEmailField
string

Override the claim/attribute used to extract the user's email address. Leave empty to use the provider default.

Example:

"email"

CustomUserIDField
string

Override the claim/attribute used to extract the user's unique identifier.

Example:

"sub"

ProviderConfig
object

Provider-specific configuration object. The shape depends on ProviderName:

  • SocialProvider → see GothConfig schema
  • ADProvider → see ADConfig schema
  • SAMLProvider → see SAMLConfig schema
  • ProxyProvider → see ProxyConfig schema
IdentityHandlerConfig
object

Additional key/value settings passed to the identity handler (e.g. OAuth client credentials, token TTL).

Example:
{
"oauth-client-id": "tyk-portal-client",
"oauth-client-secret": "s3cr3t",
"oauth-client-base-url": "http://gateway:8080"
}
ProviderConstraints
object

Optional constraints that restrict which users may authenticate via this profile.

ReturnURL
string

URL the user is redirected to after successful authentication.

Example:

"https://dashboard.example.com/tap"

DefaultUserGroupID
string

Tyk user-group ID assigned to users that do not match any entry in UserGroupMapping.

Example:

"5f8f9e3c1b5e4a0001b3c4d6"

CustomUserGroupField
string

Claim/attribute name that carries the user's group membership.

Example:

"groups"

UserGroupMapping
object

Maps IdP group names to Tyk user-group IDs.

Example:
{
"admins": "5f8f9e3c1b5e4a0001b3c4d7",
"developers": "5f8f9e3c1b5e4a0001b3c4d8"
}
UserGroupSeparator
string

Separator used when a single claim contains multiple group values (e.g. "," or " ").

Example:

","

SSOOnlyForRegisteredUsers
boolean

When true, only pre-existing Tyk users may log in via SSO. New users will be rejected rather than auto-created.

Example:

false

Response

Profile updated successfully.

Status
enum<string>
Available options:
ok
Example:

"ok"

ID
string

The profile ID the operation was performed on.

Example:

"github-sso-dashboard"

Data
object

Payload — a single Profile object, a list of Profiles, or an empty object.