Request Plugins

Last updated: 2 minutes read.

There are 4 different phases in the request lifecycle you can inject custom plugins, including Authentication plugins. There are performance advantages to picking the correct phase, and of course that depends on your use case and what functionality you need.

Hook Capabilities

Functionality Pre Auth Post-Auth Post
Can modify the Header
Can modify the Body
Can modify Query Params
Can view Session1 Details (metadata, quota, context-vars, tags, etc)
Can modify Session1 2
Can Add More Than One3

[1] A Session object contains allowances and identity information that is unique to each requestor

[2] You can modify the session by using your programming language’s SDK for Redis. Here is an example of doing that in Golang.

[3] For select hook locations, you can add more than one plugin. For example, in the same API request, you can have 3 Pre, 1 auth, 5 post-auth, and 2 post plugins.

Return Overrides / ReturnOverrides

You can have your plugin finish the request lifecycle and return a response with custom payload & headers to the requestor.

Read more here

Python Example
from tyk.decorators import *

def MyCustomMiddleware(request, session, spec):
    print("my_middleware: MyCustomMiddleware")
    request.object.return_overrides.headers['content-type'] = 'application/json'
    request.object.return_overrides.response_code = 200
    request.object.return_overrides.response_error = "{\"key\": \"value\"}\n"
    return request, session
JavaScript Example
var testJSVMData = new TykJS.TykMiddleware.NewMiddleware({});

testJSVMData.NewProcessRequest(function(request, session, config) {
	request.ReturnOverrides.ResponseError = "Foobarbaz"
    request.ReturnOverrides.ResponseBody = "Foobar"
	request.ReturnOverrides.ResponseCode = 200
	request.ReturnOverrides.ResponseHeaders = {
		"X-Foo": "Bar",
		"X-Baz": "Qux"
	return testJSVMData.ReturnData(request, {});