Tyk v2.2 Documentation Components

  1. Home
  2. Tyk v2.2 Documentation Components
  3. Transform Request Headers: API Definition

Transform Request Headers: API Definition

Tyk enables you to modify header information before it leaves the proxy and is passed to your upstream API or when a response is proxied back to the client. This can be very useful in cases where you have an upstream API that has a single authentication key, and you want to add multi-user access to it without modifying it or adding clunky authentication methods to it to support new users.

Example scenario

You have an API called WidgetsAPI, that takes an x-widgets-secret header to allow access, this is an internal API used by your teams but you want to expose it to your customers and charge them for access.

You could either modify the API and add a whole user, key and access management system, or you could use Tyk to inject this header for you.

Update the API Definition Object

Using Tyk, you would set up your API Definition with these additions to the extended_paths.transform_headers field:

"extended_paths": {
    "ignored": [],
    "white_list": [],
    "black_list": [],
    "cache": ["get"],
    "transform": [],
    "transform_headers": [
            "delete_headers": ["authorization"],
            "add_headers": {"x-widgets-secret": "the-secret-widget-key-is-secret"},
            "path": "widgets{rest}",
             "method": "GET"

Now Tyk keys that you create with an Access Definition rule that is set to this API and version, can have quotas, throttling and access checks applied without needing to add any new code or functionality to your existing API.