Tyk v2.2 Documentation Components

  1. Home
  2. Tyk v2.2 Documentation Components
  3. Enable bearer tokens in your API Definition (file)

Enable bearer tokens in your API Definition (file)

Tyk will by default use the bearer token method to protect your API unless it is told otherwise.

These tokens can be set as a header, url parameter, or cookie name of a request. A request for a resource at the API endpoint of /api/widgets/12345 that uses access tokens will require the addition of a header field, traditionally this is the Authorization header.

The name of the key can be defined as part of the API definition under the auth section of an API Definition file:

"auth": {
    "auth_header_name": "authorization",
    "use_param": false,
    "param_name": "",
    "use_cookie": false,
    "cookie_name": ""

To use request parameters instead of a header, simply set the auth.use_param setting in the API definition to true, note: unlike headers, request params are case sensitive).

To use a cookie name instead of a header or request parameter, set the use_cookie parameter to true. Cookie names are also case sensitive.

Custom tokens

It is possible to provide Tyk with your own custom tokens, this can be achieved using the Tyk Gateway REST API. This is very useful if you have your own identity provider and don’t want Tyk to create and manage tokens for you, and instead just mirror those tokens within Tyk to off-load access control, quotas and rate limiting from your own application.