-
Notifications
You must be signed in to change notification settings - Fork 32
The Broker API
Martin Buhr edited this page Jan 13, 2016
·
1 revision
Tyk Identity Broker has a simple API to allow policies to be created, updated, removed and listed for programatic and automated access. TIB also has a "flush" feature that enables you to flush the current configuration to disk for use when the client starts again.
TIB does not store profiles in shared store, so if you have multiple TIB instances, they need to be configured individually (for now), since we don't expect TIB stores to change often, this is acceptable.
GET /api/profiles/
Authorization: test-secret
{
"Status": "ok",
"ID": "",
"Data": [
{
"ActionType": "GenerateTemporaryAuthToken",
"ID": "11",
"IdentityHandlerConfig": {
"DashboardCredential": "822f2b1c75dc4a4a522944caa757976a",
"DisableOneTokenPerAPI": false,
"TokenAuth": {
"BaseAPIID": "e1d21f942ec746ed416ab97fe1bf07e8"
}
},
"MatchedPolicyID": "5654566b30c55e3904000003",
"OrgID": "53ac07777cbb8c2d53000002",
"ProviderConfig": {
"ExrtactUserNameFromBasicAuthHeader": true,
"OKCode": 200,
"OKRegex": "origin",
"OKResponse": "ewogICJvcmlnaW4iOiAiNjIuMjMyLjExNC4yNTAsIDE3OC42Mi4xMS42MiwgMTc4LjYyLjExLjYyIgp9Cg==",
"TargetHost": "http://sharrow.tyk.io/ba-1/"
},
"ProviderConstraints": {
"Domain": "",
"Group": ""
},
"ProviderName": "ProxyProvider",
"ReturnURL": "",
"Type": "passthrough"
},
{
"ActionType": "GenerateOAuthTokenForClient",
"ID": "6",
"IdentityHandlerConfig": {
"DashboardCredential": "{DASHBAORD-API-ID}",
"DisableOneTokenPerAPI": false,
"OAuth": {
"APIListenPath": "{API-LISTEN-PATH}",
"BaseAPIID": "{BASE-API-ID}",
"ClientId": "{TYK-OAUTH-CLIENT-ID}",
"RedirectURI": "http://{APP-DOMAIN}:{PORT}/{AUTH-SUCCESS-PATH}",
"ResponseType": "token",
"Secret": "{TYK-OAUTH-CLIENT-SECRET}"
}
},
"MatchedPolicyID": "POLICY-ID",
"OrgID": "53ac07777cbb8c2d53000002",
"ProviderConfig": {
"FailureRedirect": "http://{APP-DOMAIN}:{PORT}/failure",
"LDAPAttributes": [],
"LDAPPort": "389",
"LDAPServer": "localhost",
"LDAPUserDN": "cn=*USERNAME*,cn=dashboard,ou=Group,dc=ldap,dc=tyk-ldap-test,dc=com"
}
"ProviderName": "ADProvider",
"ReturnURL": "",
"Type": "passthrough"
}
]
}
POST /api/profiles/{id}
Authorization: test-secret
{
"ActionType": "GenerateTemporaryAuthToken",
"ID": "11",
"IdentityHandlerConfig": {
"DashboardCredential": "822f2b1c75dc4a4a522944caa757976a",
"DisableOneTokenPerAPI": false,
"TokenAuth": {
"BaseAPIID": "e1d21f942ec746ed416ab97fe1bf07e8"
}
},
"MatchedPolicyID": "5654566b30c55e3904000003",
"OrgID": "53ac07777cbb8c2d53000002",
"ProviderConfig": {
"ExrtactUserNameFromBasicAuthHeader": true,
"OKCode": 200,
"OKRegex": "origin",
"OKResponse": "ewogICJvcmlnaW4iOiAiNjIuMjMyLjExNC4yNTAsIDE3OC42Mi4xMS42MiwgMTc4LjYyLjExLjYyIgp9Cg==",
"TargetHost": "http://sharrow.tyk.io/ba-1/"
},
"ProviderConstraints": {
"Domain": "",
"Group": ""
},
"ProviderName": "ProxyProvider",
"ReturnURL": "",
"Type": "passthrough"
}
{
"Status": "ok",
"ID": "11",
"Data": {
"ID": "11",
"OrgID": "53ac07777cbb8c2d53000002",
"ActionType": "GenerateTemporaryAuthToken",
"MatchedPolicyID": "5654566b30c55e3904000003",
"Type": "passthrough",
"ProviderName": "ProxyProvider",
"ProviderConfig": {
"ExrtactUserNameFromBasicAuthHeader": true,
"OKCode": 200,
"OKRegex": "origin",
"OKResponse": "ewogICJvcmlnaW4iOiAiNjIuMjMyLjExNC4yNTAsIDE3OC42Mi4xMS42MiwgMTc4LjYyLjExLjYyIgp9Cg==",
"TargetHost": "http://sharrow.tyk.io/ba-1/"
},
"IdentityHandlerConfig": {
"DashboardCredential": "822f2b1c75dc4a4a522944caa757976a",
"DisableOneTokenPerAPI": false,
"TokenAuth": {
"BaseAPIID": "e1d21f942ec746ed416ab97fe1bf07e8"
}
},
"ProviderConstraints": {
"Domain": "",
"Group": ""
},
"ReturnURL": ""
}
}
PUT /api/profiles/{id}
Authorization: test-secret
{
"ActionType": "GenerateTemporaryAuthToken",
"ID": "11",
"IdentityHandlerConfig": {
"DashboardCredential": "822f2b1c75dc4a4a522944caa757976a",
"DisableOneTokenPerAPI": false,
"TokenAuth": {
"BaseAPIID": "e1d21f942ec746ed416ab97fe1bf07e8"
}
},
"MatchedPolicyID": "5654566b30c55e3904000003",
"OrgID": "53ac07777cbb8c2d53000002",
"ProviderConfig": {
"ExrtactUserNameFromBasicAuthHeader": true,
"OKCode": 200,
"OKRegex": "origin",
"OKResponse": "ewogICJvcmlnaW4iOiAiNjIuMjMyLjExNC4yNTAsIDE3OC42Mi4xMS42MiwgMTc4LjYyLjExLjYyIgp9Cg==",
"TargetHost": "http://sharrow.tyk.io/ba-1/"
},
"ProviderConstraints": {
"Domain": "",
"Group": ""
},
"ProviderName": "ProxyProvider",
"ReturnURL": "",
"Type": "passthrough"
}
{
"Status": "ok",
"ID": "11",
"Data": {
"ID": "11",
"OrgID": "53ac07777cbb8c2d53000002",
"ActionType": "GenerateTemporaryAuthToken",
"MatchedPolicyID": "5654566b30c55e3904000003",
"Type": "passthrough",
"ProviderName": "ProxyProvider",
"ProviderConfig": {
"ExrtactUserNameFromBasicAuthHeader": true,
"OKCode": 200,
"OKRegex": "origin",
"OKResponse": "ewogICJvcmlnaW4iOiAiNjIuMjMyLjExNC4yNTAsIDE3OC42Mi4xMS42MiwgMTc4LjYyLjExLjYyIgp9Cg==",
"TargetHost": "http://sharrow.tyk.io/ba-1/"
},
"IdentityHandlerConfig": {
"DashboardCredential": "822f2b1c75dc4a4a522944caa757976a",
"DisableOneTokenPerAPI": false,
"TokenAuth": {
"BaseAPIID": "e1d21f942ec746ed416ab97fe1bf07e8"
}
},
"ProviderConstraints": {
"Domain": "",
"Group": ""
},
"ReturnURL": ""
}
}
Delete /api/profiles/{id}
Authorization: test-secret
[emtpy body]
{
"Status": "ok",
"ID": "200",
"Data": {}
}
POST /aAuthorization: test-secret
[emtpy body]pi/profiles/save
{
"Status": "ok",
"ID": "",
"Data": {}
}
The existing profiles.json file will be backed up to a new file, and a the current profiles data in memory will be flushed to disk as the new priofiles.json file. Backups are time stamped (e.g. profiles_backup_1452677499.json).