Tyk Gateway Open Source (OSS)

Last updated: 3 minutes read.

What is the Tyk Gateway?

Tyk is an open source Enterprise API Gateway, supporting REST, GraphQL, TCP and gRPC protocols.

Tyk Gateway is provided ‘Batteries-included’, with no feature lockout. Enabling your organization to control who accesses your APIs, when they access, and how they access it.

Tyk Technologies uses the same API Gateway for all its applications. Protecting, securing, and processing APIs for thousands of organizations and businesses around the world. Ideal for Open Banking, building software in the clouds as well as exposing APIs to teams, partners & consumers.

Built from the ground up to be the fastest API gateway on the planet. It does not depend on a legacy proxy underneath. It has no 3rd party dependencies aside from Redis for distributed rate-limiting and token storage. Tyk Gateway can also be deployed as part of a larger Full Lifecycle API Management platform Tyk Self-Managed which also includes Management Control Plane, Dashboard GUI and Developer Portal.

Tyk Open Source Gateway features

Open Source API Gateway Features

Use any protocol: REST, SOAP, GraphQL, gRPC, and TCP.

Industry Standard Authentication: OIDC, JWT, bearer Tokens, Basic Auth, Client Certificates and more.

OpenAPI Standards: Keep your OpenAPI 3.0 description as source of truth with Tyk OAS APIs, import your Swagger and OAS2/3 documents to scaffold Tyk Classic APIs.

Ultra performant: Low latency, and thousands of rps with just a single CPU, horizontally and vertically scalable.

Content mediation: Transform all the things, from request or response headers to converting between SOAP and GraphQL.

Extensible Plugin Architecture: Customize Tyk’s middleware chain by writing plugins in your language of choice - from Javascript to Go, or any language which supports gRPC.

Rate Limiting & Quotas: Protect your upstreams from becoming overloaded and/or apply limits for each consumer.

API Versioning - API Versions can be easily set and deprecated at a specific time and date.

Granular Access Control - Grant access to one or more APIs on a per version and operation basis.

Blocklist/Allowlist/Ignored endpoint access - Enforce strict security models on a version-by-version basis to your access points.

Analytics logging - Record detailed usage data on who is using your API’s (raw data only)

CORS - Enable CORS for certain APIs so users can make browser-based requests

Webhooks - Trigger webhooks against events such as Quota Violations and Authentication failures

IP AllowListing - Block access to non-trusted IP addresses for more secure interactions

Hitless reloads - Tyk configurations can be altered dynamically and the service restarted without affecting any active request

Kubernetes native declarative API: using Open Source Tyk Operator (more info in OSS section)

…and everything else you expect from a Cloud Native API Gateway


Installation options for the Tyk Gateway

Want to get started?

Discover Tyk OSS today