Tyk 3.2 brings Dynamic Client Registration and Open Policy Agent capabilities. We’ve made both the Tyk Dashboard and the Developer Portal ultra-compatible with any authorisation stack, team structure or process and we’re also bringing our next-generation GraphQL engine, to turbo-charge the security and usability of your Universal Data Graph!
Bring your own Identity Provider (IDP) – Dynamic Client Registration now available!
Identity Providers have become an integral part of the modern APIM stack, which has not only simplified the onboarding process for third-party developers and partners but has also made it possible to have uniform security across the organisation’s entire application portfolio.
Whether your organisation is using Keycloak, Gluu or Okta as your external IDP, with Tyk 3.2’s Dynamic Client Registration capability, you can integrate them with the Tyk developer portal in just a few steps, without the need to overhaul the underlying authorisation mechanism.
Open Policy Agent – customisation in your hands
A key aspect of API governance is access control. This ensures that doing the “right things” within the stack is easier, while doing the “wrong things” is harder. To increase security and limit access to different APIs, based on the user role, we are introducing the ability to shape and configure the Tyk Dashboard with the Open Policy Agent (OPA).
With OPA you can create custom permissions securely and effectively. The OPA policy engine sits in front of the Tyk Dashboard, providing a high-level declarative language (Rego) that lets you specify policy as code and simple APIs, to offload policy decision-making from your software.
GraphQL and UDG improvements
We’ve also been busy updating the GraphQL functionality of our Universal Data Graph (UDG). UDG lets you stitch together any upstream service, whether secured or open, through a simple GUI. This means you can turn all of your REST estate into a single Data graph. You can now deeply nest GraphQL and REST APIs and stitch them together in any possible way. You can also configure upstream Headers dynamically, injecting them from the client request into UDG upstream requests. You can use this functionality to access protected upstreams, among other things.
Finally, we’ve added an easy-to-use URL-Builder, to make it easier for you to inject object fields into REST API URLs when stitching REST APIs within UDG. And you can configure query-depth limits on a per-field level as well.