Login 24/7 Support Community

Open Policy Agent (OPA)

Note

This API helps you to manage (CRUD) the OPA (Open Policy Agent) rules, that are being applied to the Tyk Dashboard. Also through this API, you are able to change the OPA settings, such as to enable/disable it or enable/disable the debug mode.

Only Admin Dashboard users will be authorised to use it.

For more information on how to configure OPA see Open Policy Agent.

List OPA rules and settings

This API returns by default, the initial set of OPA rules defined in Tyk Dashboard, which are located in schema/dashboard.rego (accessible in Self-Managed installations).

Once you update the rules via the API, the OPA rules will be stored at the organisation level.

Property Description
Resource URL /api/org/opa
Method GET
Type None
Body None
Param None

Sample Request

GET /api/org/opa HTTP/1.1
Host: localhost:3000
authorization:7a7b140f-2480-4d5a-4e78-24049e3ba7f8

Sample Response

{
  "open_policy": {
    "enabled": true,
    "rules": "default hello = false\r\n\r\nhello {\r\n    m := input.message\r\n    m == \"world\"\r\n}"
  }
}

Update OPA rules and settings

Note

Whenever you want to update OPA rules or its settings, just send back the updated value of the OPA rules or changed values for the settings (enabled) , via a PUT request to the API.

Property Description
Resource URL /api/org/permission
Method PUT
Type None
Body Permissions Object
Param None

Sample Request

PUT /api/org/opa HTTP/1.1
Host: localhost:3000
authorization:7a7b140f-2480-4d5a-4e78-24049e3ba7f8
{
  "open_policy": {
    "enabled": false,
    "rules": "default hello = false\r\n\r\nhello {\r\n    m := input.message\r\n    m == \"world\"\r\n}"
  }
}

Sample Response

{
    "Status": "OK",
    "Message": "OPA rules has been updated on org level",
    "Meta": null
}