Tyk Enterprise Developer Portal v1.8.4

Last updated: 4 minutes read.

Licensed Protected Product

Release Date 5 Mar 2024

Breaking Changes

This release has no breaking changes.

Future breaking changes

This release doesn’t introduce future breaking changes.


There are no deprecations in this release.

Upgrade instructions

If you are on 1.8.1 or an older version we advise you to upgrade ASAP directly to this release.

To upgrade the portal’s theme please follow the upgrade instructions for the portal’s themes.

Release Highlights

The 1.8.4 release addresses ten high-priority bugs and vulnerabilities, and introduces multiple improvements to experience of admins in the portal’s admin app.




  • Added new configuration option for setting the SameSite attribute on the portal’s cookie.
  • Added new welcome email for admin users that is sent when new admin account is created.
  • Added new welcome email for developers that is sent when new developer account is created.
  • Added a fallback mechanism for referencing assets. This searches for assets, such as images, referenced in the rich text editor or markdown editor. It searches the container’s filesystem whenever the portal can’t find the referenced asset in the PORTAL_STORAGE.


  • Changed the title for the subject of the new developer registration request from “Registering email - subject” in the settings UI to “Developer Registration Approval Request - Subject” to better reflect the context in which this email is used.
  • Adjusted the portal’s behavior for saving pages through the admin API or the Pages UI. Now, if a content block referenced in a template is absent in the page using that template, the portal will ignore this issue instead of preventing the page from being saved. When rendering the respective page, any missing content blocks will be filled with empty strings.
  • Changed title for the portal’s private pages for better SEO performance:
URL Page title
/portal/private/analytics Analytics
/portal/private/dashboard Dashboard
/portal/private/apps/ Create an application
/portal/private/apps/:id Applications
/portal/private/users Users
/portal/private/organisation Create an organisation
/portal/private/users/invite Invite a user
/portal/private/users Users
/portal/private/users/:id Users
/portal/private/profile Profile
/auth/password/login Developer portal login
/auth/password/new Password reset
  • Changed the credential provisioning flow to automatically include DeveloperID, OrganisationID, ApplicationID, and TeamIDs in the credential metadata.
  • Added warning regarding potential PII exposure to the custom attributes menu.
  • Changed the behavior of the portal for 404 errors. Now whenever a user requests non-existing page both private (e.i. requiring sign-in to access) or public, the portal now always renders the not_found.tmpl template.
  • Changed the behavior of the Secure cookie attribute that is set by PORTAL_SESSION_SECURE so that the Secure attribute is always add to the Set-Cookie header whenever PORTAL_SESSION_SECURE is set to true or when TLS is enabled.
  • Changed the behaviour of removing a developer profile within the developers UI in the admin app. Now, when an admin tries to remove a developer profile and some of their credentials have been removed from the credentials provider, or if the provider itself is down or unreachable, the portal asks the admin if they still want to remove the developer profile by displaying a modal window.
  • Extended the DELETE /users/:id API endpoint by adding the ?force query parameter to force removal of a user even if some of their credentials have been removed from the credentials provider, or if the provider itself is down or unreachable.
  • Extended the GET /pages/:id/content-blocks/:id: API endpoint by adding additional fields in the response body: Content, MarkdownContent, MarkdownEnabled, Name, and PageID.
  • Extended filesize limit for individual files in themes to 5 MB.
  • Made the organisation invite email’s subject configurable via the emails settings section.


  • Fixed the bug where it was impossible to create an ordered list in the rich text editor in the admin app due to CSS issues.
  • Fixed the bug where it was possible to copy the ‘portal-session’ cookie and use it with different IP address or browser.
  • Fixed the bug where the audit log didn’t reflect some actions initiated by admin users and developers.
  • Fixed the bug where sensitive data such as hashed API tokens and passwords were exposed in the audit log.
  • Fixed the bug where menu items were still persistent after deletion.
  • Fixed the bug where admin users couldn’t edit custom attributes created after a user profile is created.
  • Fixed the bug where the UI errors when uploading theme were not consistent with the API error messages.
  • Fixed the bug where scroll appeared in the API description box in the API Product page when the API description was longer than 50 symbols.

Further Information

Upgrading Tyk

Please refer to the upgrading Tyk page for further guidance with respect to the upgrade strategy.


Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.