swagger.yml

openapi: 3.0.0
info:
  title: Tyk Gateway API
  version: 5.2.0
  description: |-
    The Tyk Gateway API is the primary means for integrating your application with the Tyk API Gateway system. This API is very small, and has no granular permissions system. It is intended to be used purely for internal automation and integration.

    **Warning: Under no circumstances should outside parties be granted access to this API.**

    The Tyk Gateway API is capable of:

    * Managing session objects (key generation)
    * Managing and listing policies
    * Managing and listing API Definitions (only when not using the Dashboard)
    * Hot reloads / reloading a cluster configuration
    * OAuth client creation (only when not using the Dashboard)


    In order to use the Gateway API, you'll need to set the `secret` parameter in your tyk.conf file.

    The shared secret you set should then be sent along as a header with each Gateway API Request in order for it to be successful:

    ```
    x-tyk-authorization: <your-secret>
    ```
    <br/>
    <b>The Tyk Gateway API is subsumed by the Tyk Dashboard API in Pro installations.</b>
servers:
  - url: 'https://localhost/'
  - url: 'https://localhost/'
tags:
  - name: Keys
    description: |-
      All keys that are used to access services via Tyk correspond to a session object that informs Tyk about the context of this particular token, like access rules and rate/quota allowance.
  - name: Policies
    description: |-
      A Tyk security policy incorporates several security options that can be applied to an API key. It acts as a template that can override individual sections of an API key (or identity) in Tyk.
  - name: OAuth
    description: |-
      Manage OAuth clients, and manage their tokens
  - name: Cache Invalidation
    description: |-
      Sometimes a cache might contain stale data, or it may just need to be cleared because of an invalid configuration. This call will purge all keys associated with a cache on an API-by-API basis.
  - name: Hot Reload
    description:
      Force restart of the Gateway or whole cluster
  - name: Health Checking
    description: Check health status of the Gateway and loaded APIs
  - name: Organisation Quotas
    description: |-
      It is possible to force API quota and rate limit across all keys that belong to a specific organisation ID. Rate limiting at an organisation level is useful for creating tiered access levels and trial accounts.
      The Organisation rate limiting middleware works with both Quotas and Rate Limiters. In order to manage this functionality, a simple API has been put in place to manage these sessions.
      Although the Organisation session-limiter uses the same session object, all other security keys are optional as they are not used.

      <h3>Managing active status</h3>
      To disallow access to an entire group of keys without rate limiting the organisation, create a session object with the "is_inactive" key set to true. This will block access before any other middleware is executed. It is useful when managing subscriptions for an organisation group and access needs to be blocked because of non-payment.
  - name: Batch requests
    description: |-
      Tyk supports batch requests, so a client makes a single request to the API but gets a compound response object back.

      This is especially handy if clients have complex requests that have multiple synchronous dependencies and do not wish to have the entire request / response cycle running for each event.

      To enable batch request support, set the `enable_batch_request_support` value to `true`

      This is especially handy if clients have complex requests that have multiple synchronous dependencies and do not wish to have the entire request / response cycle running for each event.

      Batch requests that come into Tyk are *run through the whole Tyk machinery* and *use a relative path to prevent spamming*. This means that a batch request to Tyk for three resources with the same API key will have three requests applied to their session quota and request limiting could become active if they are being throttled.

      Tyk reconstructs the API request based on the data in the batch request. This is to ensure that Tyk is not being used to proxy requests to other hosts outside of the upstream API being accessed.

      Batch requests are created by POSTing to the `/{listen_path}/tyk/batch/` endpoint. These requests **do not require a valid key**, but their request list does.

      <h3>Sample Request</h3>

        ```{json}
        {
          "requests": [
            {
              "method": "GET",
              "headers": {
                "x-tyk-test": "1",
                "x-tyk-version": "1.2",
                "authorization": "1dbc83b9c431649d7698faa9797e2900f"
              },
              "body": "",
              "relative_url": "get"
          },
          {
            "method": "GET",
            "headers": {
              "x-tyk-test": "2",
              "x-tyk-version": "1.2",
              "authorization": "1dbc83b9c431649d7698faa9797e2900f"
            },
            "body": "",
            "relative_url": "get"
            }
          ],
          "suppress_parallel_execution": false
        }
        ```

      The response will will be a structured reply that encapsulates the responses for each of the outbound requests. If `suppress_parallel_execution` is set to `true`, requests will be made synchronously. If set to `false` then they will run in parallel and the response order is not guaranteed.

      <h3>Sample Response</h3>

      ```
      [
        {
          "relative_url": "get",
          "code": 200,
          "headers": {
            "Access-Control-Allow-Credentials": [
              "true"
            ],
            "Access-Control-Allow-Origin": [
              "*"
            ],
            "Content-Length": [
              "497"
            ],
            "Content-Type": [
              "application/json"
            ],
            "Date": [
              "Wed, 12 Nov 2014 15:32:43 GMT"
            ],
            "Server": [
              "gunicorn/18.0"
            ],
            "Via": [
              "1.1 vegur"
            ]
          },
          "body": "{
        "args": {},
        "headers": {
          "Accept-Encoding": "gzip",
          "Authorization": "1dbc83b9c431649d7698faa9797e2900f",
          "Connect-Time": "2",
          "Connection": "close",
          "Host": "httpbin.org",
          "Total-Route-Time": "0",
          "User-Agent": "Go 1.1 package http",
          "Via": "1.1 vegur",
          "X-Request-Id": "6a22499a-2776-4aa1-80c0-686581a8be4d",
          "X-Tyk-Test": "2",
          "X-Tyk-Version": "1.2"
        },
        "origin": "127.0.0.1, 62.232.114.250",
        "url": "https://httpbin.org/get"
      }"
          },
          {
            "relative_url": "get",
            "code": 200,
            "headers": {
              "Access-Control-Allow-Credentials": [
                "true"
              ],
              "Access-Control-Allow-Origin": [
                "*"
              ],
              "Content-Length": [
                "497"
              ],
              "Content-Type": [
                "application/json"
              ],
              "Date": [
                "Wed, 12 Nov 2014 15:32:43 GMT"
              ],
              "Server": [
                "gunicorn/18.0"
              ],
              "Via": [
                "1.1 vegur"
              ]
            },
            "body": "{
        "args": {},
        "headers": {
          "Accept-Encoding": "gzip",
          "Authorization": "1dbc83b9c431649d7698faa9797e2900f",
          "Connect-Time": "7",
          "Connection": "close",
          "Host": "httpbin.org",
          "Total-Route-Time": "0",
          "User-Agent": "Go 1.1 package http",
          "Via": "1.1 vegur",
          "X-Request-Id": "1ab61f50-51ff-4828-a7e2-17240385a6d2",
          "X-Tyk-Test": "1",
          "X-Tyk-Version": "1.2"
        },
        "origin": "127.0.0.1, 62.232.114.250",
        "url": "https://httpbin.org/get"
      }"
          }
      ]
      ```
      With the body for each request string encoded in the `body` field.

      * `expire_analytics_after`: If you are running a busy API, you may want to ensure that your MongoDB database does not overflow with old data. Set the `expire_analytics_after` value to the number of seconds you would like the data to last for. Setting this flag to anything above `0` will set an `expireAt` field for each record that is written to the database.

      **Important:** Tyk will not create the expiry index for you. In order to implement data expiry for your analytics data, ensure that the index is created This is easily achieved using the [MongoDB command line interface](https://docs.mongodb.com/getting-started/shell/client/).

      * `dont_set_quota_on_create`: This setting defaults to `false`, but if set to `true`, when the API is used to edit, create or add keys, the quota cache in Redis will not be re-set. By default, all updates or creates to Keys that have Quotas set will re-set the quota (This has been the default behaviour since 1.0).

        This behaviour can be bypassed on a case-by-case basis by using the `suppress_reset` parameter when making a REST API request. This is the advised mode of operation as it allows for manual, granular control over key quotas and reset timings.

      * `cache_options`: This section enables you to configure the caching behaviour of Tyk and to enable or disable the caching middleware for your API.

      * `cache_options.enable_cache`: Set this value to `true` if the cache should be enabled for this endpoint, setting it to false will stop all caching behaviour.

      * `cache_options.cache_timeout`: The amount of time, in seconds, to keep cached objects, defaults to `60` seconds.

      * `cache_options.cache_all_safe_requests`: Set this to `true` if you want all *safe* requests (GET, HEAD, OPTIONS) to be cached. This is a blanket setting for APIs where caching is required but you don't want to set individual paths up in the definition.
      
      * `cache_options.enable_upstream_cache_control`: Set this to `true` if you want your application to control the cache options for Tyk (TTL and whether to cache or not). See [Caching](/docs/basic-config-and-security/reduce-latency/caching/) for more details.
      
      * `response_processors`: Response processors need to be specifically defined so they are loaded on API creation, otherwise the middleware will not fire. In order to have the two main response middleware components fire, the following configuration object should be supplied.

      ```{json}
      "response_processors": [
        {
            "name": "header_injector",
            "options": {
                "add_headers": {"name": "value"},
                "remove_headers": ["name"]
            }
        },
        {
          "name": "response_body_transform",
          "options": {}
        }
      ]
      ```
      The options for the `header_injector` are global, and will apply to all outbound requests.


  - name: APIs
    description: |-
      **Note: Applies only to Tyk Gateway Community Edition**

      API Management is very simple using the Tyk REST API: each update only affects the underlying file, and this endpoint will only work with disk based installations, not Database-backed ones.

      APIs that are added this way are flushed to to disk into the app_path folder using the format: `{api-id}.json`. Updating existing APIs that use a different naming convention will cause those APIs to be added, which could subsequently lead to a loading error and crash if they use the same listen_path.

      These methods only work on a single API node. If updating a cluster, it is important to ensure that all nodes are updated before initiating a reload.
paths:
  '/tyk/apis':
    get:
      description: |-
        List APIs
         Only if used without the Tyk Dashboard
      tags:
        - APIs
      operationId: listApis
      responses:
        '200':
          description: List of API definitions
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/APIDefinition'
              example:
                - name: "TestAPI"
                  use_keyless: true
                  active: true
                  proxy:
                    listen_path: "/test"
    post:
      description: |-
        Create API
         A single Tyk node can have its API Definitions queried, deleted and updated remotely. This functionality enables you to remotely update your Tyk definitions without having to manage the files manually.
      tags:
        - APIs
      operationId: createApi
      parameters:
        - name: base_api_id
          in: query
          required: false
          schema:
            type: string
          description: The base API which the new version will be linked to.
        - name: base_api_version_name
          in: query
          required: false
          schema:
            type: string
          description: The version name of the base API while creating the first version. This doesn't have to be sent for the next versions but if it is set, it will override base API version name.
        - name: new_version_name
          in: query
          required: false
          schema:
            type: string
          description: The version name of the created version.
        - name: set_default
          in: query
          required: false
          schema:
            type: boolean
          description: If true, the new version is set as default version.
      requestBody:
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/APIDefinition"
            example:
              name: "TestAPI"
              use_keyless: true
              active: true
              proxy:
                listen_path: "/test"
      responses:
        '200':
          description: API created
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiModifyKeySuccess"
              example:
                status: "ok"
                action: "created"
                key: "{...API JSON definition...}"
        '400':
          description: Malformed data
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiStatusMessage"
              example:
                status: "error"
                message: "Malformed API data"
  /tyk/apis/oas:
    get:
      description: |-
         List all OAS format APIs, when used without the Tyk Dashboard.
      tags:
        - OAS APIs
      operationId: listApisOAS
      parameters:
        - description: |- 
            Mode of OAS get, by default mode could be empty which means to get OAS spec including OAS Tyk extension. 
            When mode=public, OAS spec excluding Tyk extension will be returned in the response
          name: mode
          in: query
          schema:
            type: string
          example: public
      responses:
        '200':
          description: List of API definitions in OAS format
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/OASSchemaResponse'
    post:
      description: |-
        Create API with OAS format
         A single Tyk node can have its API Definitions queried, deleted and updated remotely. This functionality enables you to remotely update your Tyk definitions without having to manage the files manually.
      tags:
        - OAS APIs
      operationId: createApiOAS
      parameters:
        - name: base_api_id
          in: query
          required: false
          schema:
            type: string
          description: The base API which the new version will be linked to.
        - name: base_api_version_name
          in: query
          required: false
          schema:
            type: string
          description: The version name of the base API while creating the first version. This doesn't have to be sent for the next versions but if it is set, it will override base API version name.
        - name: new_version_name
          in: query
          required: false
          schema:
            type: string
          description: The version name of the created version.
        - name: set_default
          in: query
          required: false
          schema:
            type: boolean
          description: If true, the new version is set as default version.
      requestBody:
        content:
          application/json:
            schema:
              $ref: "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json"
      responses:
        '200':
          description: API created
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiModifyKeySuccess"
              example:
                status: "ok"
                action: "created"
                key: "{...API JSON definition...}"
        '400':
          description: Malformed data
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiStatusMessage"
              example:
                status: "error"
                message: "Malformed API data"

  '/tyk/apis/{apiID}':
    parameters:
      - description: The API ID
        name: apiID
        in: path
        required: true
        schema:
          type: string
    get:
      description: |-
        Get API definition
        Only if used without the Tyk Dashboard
      tags:
        - APIs
      operationId: getApi
      responses:
        '200':
          description: API definition
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/APIDefinition"
              example:
                name: "TestAPI"
                use_keyless: true
                active: true
                proxy:
                  listen_path: "/test"
          headers:
            x-tyk-base-api-id:
              schema:
                type: string
              description: ID of the base API if the requested API is a version.
    put:
      description: |
        Updating an API definition uses the same signature an object as a `POST`, however it will first ensure that the API ID that is being updated is the same as the one in the object being `PUT`.


        Updating will completely replace the file descriptor and will not change an API Definition that has already been loaded, the hot-reload endpoint will need to be called to push the new definition to live.
      tags:
        - APIs
      operationId: updateApi
      requestBody:
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/APIDefinition"
            example:
              name: "TestAPI"
              use_keyless: true
              active: true
              proxy:
                listen_path: "/test"
      responses:
        '200':
          description: API updated
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiModifyKeySuccess"
              example:
                status: "ok"
                action: "updated"
                key: "{...API JSON definition...}"
        '400':
          description: Malformed data
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiStatusMessage"
              example:
                status: "error"
                message: "Malformed API data"

    delete:
      description: |-
        Deleting an API definition will remove the file from the file store, the API definition will NOT be unloaded, a separate reload request will need to be made to disable the API endpoint.
      tags:
        - APIs
      operationId: deleteApi
      responses:
        '200':
          description: API deleted
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: API deleted
                status: ok
        '400':
          description: No API ID specified
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: API ID not specified
                status: error

  /tyk/apis/{apiID}/versions:
    parameters:
      - description: The API ID
        name: apiID
        in: path
        required: true
        schema:
          type: string
    get:
      description: |-
        Listing versions of an OAS API
      tags:
        - APIs
      operationId: listApiVersions
      parameters:
        - $ref: '#/components/parameters/SearchText'
        - $ref: '#/components/parameters/AccessType'
      responses:
        '200':
          description: API version metas
          content:
            application/json:
              schema:
                properties:
                  apis:
                    type: array
                    items:
                      $ref: '#/components/schemas/APIVersionMeta'

  '/tyk/apis/oas/{apiID}':
    parameters:
      - description: The API ID
        name: apiID
        in: path
        required: true
        schema:
          type: string
    get:
      description: |-
        Get API definition in OAS format
        Only if used without the Tyk Dashboard
      tags:
        - OAS APIs
      parameters:
        - description: |-
            Mode of OAS get, by default mode could be empty which means to get OAS spec including OAS Tyk extension. 
            When mode=public, OAS spec excluding Tyk extension will be returned in the response
          name: mode
          in: query
          schema:
            type: string
          example: public
      operationId: listApiOAS
      responses:
        '200':
          description: API definition
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/OASSchemaResponse"
          headers:
            x-tyk-base-api-id:
              schema:
                type: string
              description: ID of the base API if the requested API is a version.
    put:
      description: |
        Updating an API definition uses the same signature an object as a `POST`, however it will first ensure that the API ID that is being updated is the same as the one in the object being `PUT`.


        Updating will completely replace the file descriptor and will not change an API Definition that has already been loaded, the hot-reload endpoint will need to be called to push the new definition to live.
      tags:
        - OAS APIs
      operationId: updateApiOAS
      requestBody:
        content:
          application/json:
            schema:
              $ref: "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json"
      responses:
        '200':
          description: API updated
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiModifyKeySuccess"
              example:
                status: "ok"
                action: "updated"
                key: "{...API JSON definition...}"
        '400':
          description: Malformed data
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiStatusMessage"
              example:
                status: "error"
                message: "Malformed API data"
    patch:
      summary: Patch a single OAS API by ID
      description: |-
        Update API with OAS format. You can use this endpoint to update OAS part of the tyk API definition.
        This endpoint allows you to configure tyk OAS extension based on query params provided(similar to import)
      tags:
        - OAS APIs
      operationId: patchApiOAS
      parameters:
        - $ref: '#/components/parameters/UpstreamURL'
        - $ref: '#/components/parameters/ListenPath'
        - $ref: '#/components/parameters/CustomDomain'
        - $ref: '#/components/parameters/ValidateRequest'
        - $ref: '#/components/parameters/AllowList'
        - $ref: '#/components/parameters/MockResponse'
        - $ref: '#/components/parameters/Authentication'
      requestBody:
        content:
          application/json:
            schema:
              $ref: "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json"
      responses:
        '200':
          description: API patched
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiModifyKeySuccess"
              example:
                status: "ok"
                action: "modified"
                key: "{updated APIID}"
        '400':
          description: Bad request
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiStatusMessage"
              examples:
                malformedBody:
                  summary: When the request body is malformed
                  value:
                    message: "Request malformed"
                    status: "error"
                missingAPIID:
                  summary: When the request is missing APIID in query Param
                  value:
                    message: "Must specify an apiID to patch"
                    status: "error"
                nonExistingAPIID:
                  summary: When the client sends and APIID which doesn't exists in tyk gw
                  value:
                    message: "No API found for APIID {APIID}"
                    status: "error"
                invalidUpstreamURL:
                  summary: When the client sends query param upstreamURL which isn't valid
                  value:
                    message: "invalid upstream URL"
                    status: "error"
        500:
          description: When patch request is send while using dashboard app configs
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiStatusMessage"
              example:
                summary: dashboard app configs is used for tyk api definitions
                value:
                  message: "Due to enabled use_db_app_configs, please use the Dashboard API"
                  status: "error"
    delete:
      description: |-
        Deleting an API definition will remove the file from the file store, the API definition will NOT be unloaded, a separate reload request will need to be made to disable the API endpoint.
      tags:
        - OAS APIs
      operationId: deleteOASApi
      responses:
        '200':
          description: API deleted
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: API deleted
                status: ok
        '400':
          description: No API ID specified
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: API ID not specified
                status: error

  /tyk/apis/oas/{apiID}/versions:
    parameters:
      - description: The API ID
        name: apiID
        in: path
        required: true
        schema:
          type: string
    get:
      description: |-
        Listing versions of an OAS API
      tags:
        - OASAPIs
      operationId: listOASApiVersions
      parameters:
        - $ref: '#/components/parameters/SearchText'
        - $ref: '#/components/parameters/AccessType'
      responses:
        '200':
          description: API version metas
          content:
            application/json:
              schema:
                properties:
                  apis:
                    type: array
                    items:
                      $ref: '#/components/schemas/APIVersionMeta'


  '/tyk/apis/oas/{apiID}/export':
    parameters:
      - description: The API ID
        name: apiID
        in: path
        required: true
        schema:
          type: string
    get:
      description: |-
        Download all OAS format APIs, when used without the Tyk Dashboard.
      tags:
        - OAS APIs
      operationId: downloadApiOASPublic
      parameters:
        - description: |-
            Mode of OAS export, by default mode could be empty which means to export OAS spec including OAS Tyk extension. 
            When mode=public, OAS spec excluding Tyk extension is exported
          name: mode
          in: query
          schema:
            type: string
          example: public
      responses:
        '200':
          description: API definition
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/OASSchemaResponse"
  /tyk/apis/oas/export:
    get:
      description: |-
        Download all OAS format APIs, when used without the Tyk Dashboard.
      tags:
        - OAS APIs
      operationId: downloadApisOASPublic
      parameters:
        - description: |-
            The mode of OAS export. By default the mode is not set which means the OAS spec is exported including the OAS Tyk extension.  
            If the mode is set to public, the OAS spec excluding the Tyk extension is exported.
          name: mode
          in: query
          schema:
            type: string
          example: public
      responses:
        '200':
          description: API definition
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/OASSchemaResponse'
  /tyk/apis/oas/import:
    post:
      description: |-
        Create a new OAS format API, without x-tyk-gateway.
        For use with an existing OAS API that you want to expose via your Tyk Gateway. (New)
      tags:
        - OAS APIs
      operationId: importOAS
      parameters:
        - $ref: '#/components/parameters/UpstreamURL'
        - $ref: '#/components/parameters/ListenPath'
        - $ref: '#/components/parameters/CustomDomain'
        - $ref: '#/components/parameters/ApiID'
        - $ref: '#/components/parameters/AllowList'
        - $ref: '#/components/parameters/MockResponse'
        - $ref: '#/components/parameters/ValidateRequest'
        - $ref: '#/components/parameters/Authentication'
      requestBody:
        content:
          application/json:
            schema:
              $ref: "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json"
      responses:
        '200':
          description: API definition created
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiModifyKeySuccess"
              example:
                status: "ok"
                action: "added"
                key: "{created APIID}"
        '400':
          description: Bad request
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiStatusMessage"
              examples:
                malformedBody:
                  summary: When the request body is malformed
                  value:
                    message: "Request malformed"
                    status: "error"
                invalidUpstreamURL:
                  summary: When the client sends a query param upstreamURL which isn't valid
                  value:
                    message: "invalid upstream URL"
                    status: "error"
        500:
         description: When an import request is sent using your Tyk Dashboard app configs
         content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiStatusMessage"
              example:
                summary: Tyk Dashboard app configs are being used for Tyk API definitions
                value:
                  message: "Due to enabled use_db_app_configs, please use the Dashboard API"
                  status: "error"
  '/tyk/cache/{apiID}':
    parameters:
      - description: The API ID
        name: apiID
        in: path
        required: true
        schema:
          type: string
    delete:
      summary: Invalidate cache
      description: Invalidate cache for the given API
      tags:
        - Cache Invalidation
      operationId: invalidateCache
      responses:
        '200':
          description: Invalidate cache
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: cache invalidated
                status: ok
  '/tyk/reload/':
    get:
      summary: Hot-reload a single node
      description: Tyk is capable of reloading configurations without having to stop serving requests. This means that API configurations can be added at runtime, or even modified at runtime and those rules applied immediately without any downtime.
      parameters:
        - description: Block a response until the reload is performed. This can be useful in scripting environments like CI/CD workflows.
          name: block
          in: query
          required: false
          schema:
            type: boolean
            enum: [true]
      tags:
        - Hot Reload
      operationId: hotReload
      responses:
        '200':
          description: Reload gateway
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                status: ok
  '/tyk/reload/group':
    get:
      summary: Hot-reload a Tyk group
      description: To reload a whole group of Tyk nodes (without using the Dashboard or host manager). You can send an API request to a single node, this node will then send a notification through the pub/sub infrastructure to all other listening nodes (including the host manager if it is being used to manage NginX) which will then trigger a global reload.
      tags:
        - Hot Reload
      operationId: hotReloadGroup
      responses:
        '200':
          description: Reload the Tyk Gateway
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                status: ok
  '/tyk/hello':
    get:
      summary: Check the Health of the Tyk Gateway
      description: |
        From v2.7.5 you can now rename the `/hello`  endpoint by using the `health_check_endpoint_name` option
        
        Returns 200 response in case of success
      tags:
        - Health Checking
      operationId: hello
      responses:
        '200':
          description: Success
          content:
            text/html:
              schema:
                type: string
              example: "Hello Tiki"
  '/tyk/certs':
    get:
      parameters:
        - description: Organisation ID to list the certificates
          in: query
          name: org_id
          required: true
          schema:
            type: string
        - description: Mode to list the certificate details
          name: mode
          in: query
          required: false
          schema:
            type: string
          example: 'detailed'
        - description: Comma separated list of certificates to list
          name: certID
          in: query
          required: false
          schema:
            type: string
          example: 'e6ce2b49-3e31-44de-95a7-12f054724283,234a37ac-28d1-4f12-b936-ffb4211b79f1'
      summary: List Certificates
      description: List All Certificates in the Tyk Gateway
      tags:
        - Certs
      operationId: listCerts
      responses:
        '200':
          description: List of all Certificates
          content:
            application/json:
              schema:
                oneOf:
                  - $ref: '#/components/schemas/APIAllCertificates'
                  - $ref: '#/components/schemas/APIAllCertificateBasics'
                  - type: array
                    items:
                      $ref: '#/components/schemas/CertificateMeta'
    post:
      summary: Add a certificate
      description: Add a certificate to the Tyk Gateway
      tags:
        - Certs
      operationId: addCert
      parameters:
        - description: Organisation ID to list the certificates
          in: query
          name: org_id
          required: true
          schema:
            type: string
      requestBody:
        content:
          text/plain:
            schema:
              type: string
      responses:
        '200':
          description: New Key added
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/APICertificateStatusMessage'
              example:
                id: 'e6ce2b49-3e31-44de-95a7-12f054724283'
                message: 'Certificate added'
                status: ok
        '403':
          description: Malformed data
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: Malformed cert data
                status: error
    delete:
      parameters:
        - description: Certifiicate ID to be deleted
          in: query
          name: certID
          required: true
          schema:
            type: string
        - description: Organisation ID to list the certificates
          in: query
          name: org_id
          required: true
          schema:
            type: string
      summary: Delete Certificate
      description: Delete certificate by id
      tags:
        - Certs
      operationId: deleteCerts
      responses:
        '200':
          description: Deleted certificate
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: removed
                status: ok

  '/tyk/keys':
    get:
      summary: List Keys
      description: You can retrieve all the keys in your Tyk instance. Returns an array of Key IDs.
      tags:
        - Keys
      operationId: listKeys
      responses:
        '200':
          description: List of all API keys
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/apiAllKeys"
    post:
      summary: Create a key
      description: |-
        Tyk will generate the access token based on the OrgID specified in the API Definition and a random UUID. This ensures that keys can be "owned" by different API Owners should segmentation be needed at an organisational level.
        <br/><br/>
        API keys without access_rights data will be written to all APIs on the system (this also means that they will be created across all SessionHandlers and StorageHandlers, it is recommended to always embed access_rights data in a key to ensure that only targeted APIs and their back-ends are written to.
      tags:
        - Keys
      operationId: addKey
      requestBody:
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/SessionState"
            example:
              quota_max: 60
              quota_renews: 1406121006
              quota_renewal_rate: 60
              allowance: 100
              rate: 100
              per: 5
              org_id: 53ac07777cbb8c2d53000002
      responses:
        '200':
          description: New Key added
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiModifyKeySuccess'
              example:
                action: created
                key: '{...KEY JSON definition...}'
                status: ok
        '400':
          description: Malformed data
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: Malformed Key data
                status: error
  '/tyk/keys/{keyID}':
    parameters:
      - description: The Key ID
        name: keyID
        in: path
        required: true
        schema:
          type: string
      - description: Use the hash of the key as input instead of the full key
        name: hashed
        in: query
        required: false
        schema:
          type: boolean
    get:
      summary: Get a Key
      description: Get session info about the specified key. Should return up to date rate limit and quota usage numbers.
      tags:
        - Keys
      operationId: getKey
      responses:
        '200':
          description: Key object
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SessionState'
              example:
                quota_max: 60
                quota_renews: 1406121006
                quota_renewal_rate: 60
                allowance: 100
                rate: 100
                per: 5
                org_id: 53ac07777cbb8c2d53000002
    put:
      summary: Update Key
      description: |-
        You can also manually add keys to Tyk using your own key-generation algorithm. It is recommended if using this approach to ensure that the OrgID being used in the API Definition and the key data is blank so that Tyk does not try to prepend or manage the key in any way.
      tags:
        - Keys
      operationId: updateKey
      requestBody:
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/SessionState"
            example:
              quota_max: 60
              quota_renews: 1406121006
              quota_renewal_rate: 60
              allowance: 100
              rate: 100
              per: 5
              org_id: 53ac07777cbb8c2d53000002
      parameters:
        - description: |-
            Adding the suppress_reset parameter and setting it to 1, will cause Tyk not to reset the quota limit that is in the current live quota manager. By default Tyk will reset the quota in the live quota manager (initialising it) when adding a key. Adding the `suppress_reset` flag to the URL parameters will avoid this behaviour.
          name: suppress_reset
          in: query
          required: false
          schema:
            type: string
            enum: ["1"]
      responses:
        '200':
          description: Key updated
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiModifyKeySuccess'
              example:
                action: updated
                status: ok
        '400':
          description: No or incorrect Key ID specified
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: Key ID not specified
                status: error
    post:
      summary: Create Custom Key / Import Key
      description: |-
        You can use the `POST /tyk/keys/{KEY_ID}` endpoint as defined below to import existing keys into Tyk.

        This example uses standard `authorization` header authentication, and assumes that the Gateway is located at `127.0.0.1:8080` and the Tyk secret is `352d20ee67be67f6340b4c0605b044b7` - update these as necessary to match your environment.

        To import a key called `mycustomkey`, save the JSON contents as `token.json` (see example below), then run the following Curl command.

        ```
        curl https://127.0.0.1:8080/tyk/keys/mycustomkey -H 'x-tyk-authorization: 352d20ee67be67f6340b4c0605b044b7' -H 'Content-Type: application/json'  -d @token.json
        ```

        The following request will fail as the key doesn't exist.

        ```
        curl https://127.0.0.1:8080/quickstart/headers -H 'Authorization. invalid123'
        ```

        But this request will now work, using the imported key.

        ```
        curl https://127.0.0.1:8080/quickstart/headers -H 'Authorization: mycustomkey'
        ```

        <h4>Example token.json file<h4>

        ```
        {
          "allowance": 1000,
          "rate": 1000,
          "per": 60,
          "expires": -1,
          "quota_max": -1,
          "quota_renews": 1406121006,
          "quota_remaining": 0,
          "quota_renewal_rate": 60,
          "access_rights": {
            "3": {
              "api_name": "Tyk Test API",
              "api_id": "3"
            }
          },
          "org_id": "53ac07777cbb8c2d53000002",
          "basic_auth_data": {
            "password": "",
            "hash_type": ""
          },
          "hmac_enabled": false,
          "hmac_string": "",
          "is_inactive": false,
          "apply_policy_id": "",
          "apply_policies": [
            "59672779fa4387000129507d",
            "53222349fa4387004324324e",
            "543534s9fa4387004324324d"
            ],
          "monitor": {
            "trigger_limits": []
          }
        }
        ```
      tags:
        - Keys
      operationId: createCustomKey
      requestBody:
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/SessionState"
            example:
              quota_max: 60
              quota_renews: 1406121006
              quota_renewal_rate: 60
              allowance: 100
              rate: 100
              per: 5
              org_id: 53ac07777cbb8c2d53000002
      parameters:
        - description: |-
            Adding the suppress_reset parameter and setting it to 1, will cause Tyk not to reset the quota limit that is in the current live quota manager. By default Tyk will reset the quota in the live quota manager (initialising it) when adding a key. Adding the `suppress_reset` flag to the URL parameters will avoid this behaviour.
          name: suppress_reset
          in: query
          required: false
          schema:
            type: string
            enum: ["1"]
      responses:
        '200':
          description: Key updated
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiModifyKeySuccess'
              example:
                action: updated
                status: ok
        '400':
          description: No or incorrect Key ID specified
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: Key ID not specified
                status: error
    delete:
      summary: Delete Key
      description: Deleting a key will remove it permanently from the system, however analytics relating to that key will still be available.
      tags:
        - Keys
      operationId: deleteKey
      responses:
        '200':
          description: Key deleted
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                action: Key deleted
                status: ok
  '/tyk/policies':
    get:
      summary: List Policies
      description: You can retrieve all the policies in your Tyk instance. Returns an array policies.
      tags:
        - Policies
      operationId: listPolicies
      responses:
        '200':
          description: List of all policies
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: "#/components/schemas/Policy"
    post:
      summary: Create a Policy
      description: You can create a Policy in your Tyk Instance
      tags:
        - Policies
      operationId: addPolicy
      requestBody:
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/Policy"
            example:
              name: new policy
              quota_max: 60
              quota_renewal_rate: 60
              allowance: 100
              rate: 100
              per: 5
              org_id: 53ac07777cbb8c2d53000002
      responses:
        '200':
          description: Policy created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiModifyKeySuccess'
              example:
                action: created
                status: ok
        '400':
          description: Bad Request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: Request malformed
                status: error
        '500':
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: Failed to create file!
                status: error
  '/tyk/policies/{polID}':
    parameters:
      - description: The policy ID
        name: polID
        in: path
        required: true
        schema:
          type: string
    get:
      summary: Get a Policy
      description: You can retrieve details of a single policy by ID in your Tyk instance. Returns an array policies.
      tags:
        - Policies
      operationId: getPolicy
      responses:
        '200':
          description: Get details of a single Policy
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Policy"
        '404':
          description: Policy not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: Policy not found
                status: error
    put:
      summary: Update a Policy
      description: You can update a Policy in your Tyk Instance by ID
      tags:
        - Policies
      operationId: updatePolicy
      requestBody:
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/Policy"
            example:
              name: new policy
              quota_max: 60
              quota_renewal_rate: 60
              allowance: 100
              rate: 100
              per: 5
              org_id: 53ac07777cbb8c2d53000002
      responses:
        '200':
          description: Policy updated
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiModifyKeySuccess'
              example:
                action: updated
                status: ok
        '400':
          description: Bad Request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: PUT operation on different IDs
                status: error
        '500':
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: Failed to create file!
                status: error
    delete:
      summary: Delete a Policy
      description: Delete a policy by ID in your Tyk instance.
      tags:
        - Policies
      operationId: deletePolicy
      responses:
        '200':
          description: Delete policy by ID
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiModifyKeySuccess'
              example:
                action: deleted
                status: ok
        '500':
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                message: Delete failed
                status: error
  '/tyk/oauth/clients/create':
    post:
      summary: Create new OAuth client
      description: Any OAuth keys must be generated with the help of a client ID. These need to be pre-registered with Tyk before they can be used (in a similar vein to how you would register your app with Twitter before attempting to ask user permissions using their API).
        <br/><br/>
        <h3>Creating OAuth clients with Access to Multiple APIs</h3>
        New from Tyk Gateway 2.6.0 is the ability to create OAuth clients with access to more than one API. If you provide the api_id it works the same as in previous releases. If you don't provide the api_id the request uses policy access rights and enumerates APIs from their setting in the newly created OAuth-client.


      tags:
        - OAuth
      operationId: createOAuthClient
      requestBody:
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/NewClientRequest"
            example:
              client_id: test
              api_id: id
              policy_id: policy
      responses:
        '200':
          description: Client created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NewClientRequest'
              example:
                client_id: test
                api_id: id
                policy_id: policy
  '/tyk/oauth/clients/{apiID}':
    put:
      summary: Update OAuth metadata and Policy ID
      description: Allows you to update the metadata and Policy ID for an OAuth client.
      tags:
        - OAuth
      operationId: updateoAuthClient
      parameters:
        - description: The API ID
          name: apiID
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: OAuth client metadata updated
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/NewClientRequest'
    get:
      summary: List oAuth clients
      description: OAuth Clients are organised by API ID, and therefore are queried as such.
      tags:
        - OAuth
      operationId: listOAuthClients
      parameters:
        - description: The API ID
          name: apiID
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Get OAuth client details or a list of OAuth clients
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/NewClientRequest'
  '/tyk/oauth/clients/{apiID}/{keyName}':
    get:
      summary: Get OAuth client
      tags:
        - OAuth
      operationId: getOAuthClient
      parameters:
        - description: The API ID
          name: apiID
          in: path
          required: true
          schema:
            type: string
            minimum: 1
        - description: The Client ID
          name: keyName
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Get OAuth client details or a list of OAuth clients
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NewClientRequest'
              example:
                client_id: test
                api_id: id
                policy_id: policy
    delete:
      summary: Delete OAuth client
      description: Please note that tokens issued with the client ID will still be valid until they expire.
      tags:
        - OAuth
      operationId: deleteOAuthClient
      parameters:
        - description: The API ID
          name: apiID
          in: path
          required: true
          schema:
            type: string
            minimum: 1
        - description: The Client ID
          name: keyName
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: OAuth client deleted
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiModifyKeySuccess'
              example:
                action: deleted
                status: ok
  '/tyk/oauth/clients/{apiID}/{keyName}/tokens':
    get:
      summary: List tokens
      description: This endpoint allows you to retrieve a list of all current tokens and their expiry date for a provided API ID and OAuth-client ID in the following format. This endpoint will work only for newly created tokens.
        <br/>
        <br/>
        You can control how long you want to store expired tokens in this list using `oauth_token_expired_retain_period` gateway option, which specifies retain period for expired tokens stored in Redis. By default expired token not get removed. See <a href="https://tyk.io/docs/configure/tyk-gateway-configuration-options/#a-name-oauth-token-expired-retain-period-a-oauth-token-expired-retain-period" target="_blank">here</a> for more details.
      tags:
        - OAuth
      operationId: getOAuthClientTokens
      parameters:
        - description: The API ID
          name: apiID
          in: path
          required: true
          schema:
            type: string
            minimum: 1
        - description: The Client ID
          name: keyName
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Get a list of tokens
          content:
            application/json:
              schema:
                type: array
                items:
                  type: string
              example:
                - "tok1"
                - "tok2"
  '/tyk/oauth/revoke':
    post:
      description: revoke a single token
      summary: revoke token
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              properties:
                token:
                  description: token to be revoked
                  type: string
                client_id:
                  description: id of oauth client
                  type: string
                token_type_hint:
                  description: type of token to be revoked, if sent then the accepted values are access_token and refresh_token. String value and optional, of not provided then it will attempt to remove access and refresh tokens that matchs
                  type: string
            example:
              token: eyJvcmciOiI1ZTIwOTFjNGQ0YWVmY2U2MGMwNGZiOTIiLCJpZCI6ImJlMjlhYjVkODc1OTRhZDJhYTBhNjAwNzFlNzE1ZmQxIiwiaCI6Im11cm11cjY0In0=
              client_id: 411f0800957c4a3e81fe181141dbc22a
      tags:
        - OAuth
      operationId: revokeSingleToken
      responses:
        '200':
          description: Succesful response
  '/tyk/oauth/revoke_all':
    post:
      description: revoke all the tokens for a given oauth client
      summary: revoke all client's tokens
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              properties:
                client_id:
                  description: id of oauth client
                  type: string
                client_secret:
                  description: OAuth client secret to ensure that its a valid operation
                  type: string
            example:
              client_id: 411f0800957c4a3e81fe181141dbc22a
              client_secret: N2Y0YjgzMjctMTEwNi00YWExLWJjM2MtYjg1NWZhM2M1NmNj
      tags:
        - OAuth
      operationId: revokeAllTokens
      responses:
        '200':
          description: Succesful response
        '400':
          description: Bad request, form malformed or client secret and client id doesn't match
        '404':
          description: oauth client doesn't have any api related

  '/tyk/oauth/refresh/{keyName}':
    delete:
      summary: Invalidate OAuth refresh token
      description: It is possible to invalidate refresh tokens in order to manage OAuth client access more robustly.
      tags:
        - OAuth
      operationId: invalidateOAuthRefresh
      parameters:
        - description: The API id
          name: api_id
          in: query
          required: true
          schema:
            type: string
        - description: Refresh token
          name: keyName
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Deleted
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiModifyKeySuccess'
  '/tyk/oauth/authorize-client/':
    post:
      description: With the OAuth flow you will need to create authorisation or access tokens for your clients, in order to do this, Tyk provides a private API endpoint for your application to generate these codes and redirect the end-user back to the API Client.
      summary: Authorize client
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              properties:
                response_type:
                  description: Should be provided by requesting client as part of authorisation request, this should be either `code` or `token` depending on the methods you have specified for the API.
                  type: string
                client_id:
                  description: Should be provided by requesting client as part of authorisation request. The Client ID that is making the request.
                  type: string
                redirect_uri:
                  description: Should be provided by requesting client as part of authorisation request. Must match with the record stored with Tyk.
                  type: string
                key_rules:
                  description: A string representation of a Session Object (form-encoded). This should be provided by your application in order to apply any quotas or rules to the key.
                  type: string
            example:
              response_type: code
              client_id: 21e2baf424674f6461faca6d45285bbb
              redirect_uri: http%3A%2F%2Foauth.com%2Fredirect
              key_rules: '%7B+++++%22allowance%22%3A+999%2C+++++%22rate%22%3A+1000%2C+++++%22per%22%3A+60%2C+++++%22expires%22%3A+0%2C+++++%22quota_max%22%3A+-1%2C+++++%22quota_renews%22%3A+1406121006%2C+++++%22quota_remaining%22%3A+0%2C+++++%22quota_renewal_rate%22%3A+60%2C+++++%22access_rights%22%3A+%7B+++++++++%22528a67c1ac9940964f9a41ae79235fcc%22%3A+%7B+++++++++++++%22api_name%22%3A+%22OAuth+Test+API%22%2C+++++++++++++%22api_id%22%3A+%22528a67c1ac9940964f9a41ae79235fcc%22%2C+++++++++++++%22versions%22%3A+%5B+++++++++++++++++%22Default%22+++++++++++++%5D+++++++++%7D+++++%7D%2C+++++%22org_id%22%3A+%2253ac07777cbb8c2d53000002%22+%7D'
      tags:
        - OAuth
      operationId: authorizeClient
      responses:
        '200':
          description: Succesful response
          content:
            application/json:
              schema:
                type: object
              example:
                code: MWY0ZDRkMzktOTYwNi00NDRiLTk2YmQtOWQxOGQ3Mjc5Yzdk
                redirect_to: 'https://client-app.com/oauth-redirect/?code=MWY0ZDRkMzktOTYwNi00NDRiLTk2YmQtOWQxOGQ3Mjc5Yzdk'
  '/tyk/org/keys':
    get:
      summary: List Organisation Keys
      description: |-
        You can now set rate limits at the organisation level by using the following fields - allowance and rate. These are the number of allowed requests for the specified per value, and need to be set to the same value. If you don't want to have organisation level rate limiting, set 'rate' or 'per' to zero, or don't add them to your request.
      tags:
        - Organisation Quotas
      operationId: listOrgKeys
      responses:
        '200':
          description: List of all API keys
          content:
            application/json:
              schema:
                type: object
                properties:
                  keys:
                    type: array
                    items:
                      type: string
              example:
                keys:
                  - "key1"
                  - "key2"
  '/tyk/org/keys/{keyID}':
    parameters:
      - description: The Key ID
        name: keyID
        in: path
        required: true
        schema:
          type: string
    get:
      summary: Get an Organisation Key
      description: Get session info about specified orgnanisation key. Should return up to date rate limit and quota usage numbers.
      tags:
        - Organisation Quotas
      operationId: getOrgKey
      responses:
        '200':
          description: Key object
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SessionState'
    post:
      summary: Create an organisation key
      description: |-
        This work similar to Keys API except that Key ID is always equals Organisation ID
      tags:
        - Organisation Quotas
      operationId: addOrgKey
      requestBody:
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/SessionState"
            example:
              quota_max: 60
              quota_renews: 1406121006
              quota_renewal_rate: 60
              allowance: 100
              rate: 100
              per: 5
              org_id: 53ac07777cbb8c2d53000002
      responses:
        '200':
          description: New Key added
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiModifyKeySuccess'
              example:
                action: created
                key: '{...KEY JSON definition...}'
                status: ok
    put:
      summary: Update Organisation Key
      description: |-
        This work similar to Keys API except that Key ID is always equals Organisation ID

        For Gateway v2.6.0 onwards, you can now set rate limits at the organisation level by using the following fields - allowance and rate. These are the number of allowed requests for the specified per value, and need to be set to the same value. If you don't want to have organisation level rate limiting, set `rate` or `per` to zero, or don't add them to your request.
      tags:
        - Organisation Quotas
      operationId: updateOrgKey
      requestBody:
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/SessionState"
            example:
              quota_max: 60
              quota_renews: 1406121006
              quota_renewal_rate: 60
              allowance: 100
              rate: 100
              per: 5
              org_id: 53ac07777cbb8c2d53000002
      parameters:
        - description: |-
            Adding the `reset_quota` parameter and setting it to 1, will cause Tyk reset the organisations quota in the live quota manager, it is recommended to use this mechanism to reset organisation-level access if a monthly subscription is in place.
          name: reset_quota
          in: query
          required: false
          schema:
            type: string
            enum: ["1"]
      responses:
        '200':
          description: Key updated
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiModifyKeySuccess'
              example:
                action: updated
                status: ok
    delete:
      summary: Delete Organisation Key
      description: Deleting a key will remove all limits from organisation. It does not affects regualar keys created within organisation.
      tags:
        - Organisation Quotas
      operationId: deleteOrgKey
      responses:
        '200':
          description: Key deleted
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
              example:
                action: Key deleted
                status: ok
  '/{listen_path}/tyk/batch':
    parameters:
      - name: listen_path
        in: path
        required: true
        description: "API listen path"
        schema:
          type: string
    post:
      summary: Run batch request
      tags:
        - Batch requests
      operationId: batch
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiStatusMessage'
  '/tyk/schema':
    get:
      description: |-
        Get OAS schema
      tags:
        - Schema
      operationId: getSchema
      parameters:
        - description: The OAS version
          name: oasVersion
          in: query
          schema:
            type: string
      responses:
        '200':
          description: OAS schema response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OASSchemaResponse'
              example:
                status: Success
                schema: <open api 3.0.3 schema>
        '400':
          description: The response when the parameter oasVersion is missing
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OASSchemaResponse'
              example:
                message: 'Should provide a value for parameter oasVersion'
                status: 'Failed'
        '404':
          description: The response when the requested OAS schema is not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OASSchemaResponse'
              example:
                message: 'Schema not found for version 5.0.0'
                status: 'Failed'

components:
  responses:
    parameterBodies:
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/OAuthClientToken'
      description: parameterBodies
  schemas:
    APIDefinition:
      properties:
        tags:
          items:
            type: string
          type: array
          x-go-name: Tags
        CORS:
          properties:
            allow_credentials:
              type: boolean
              x-go-name: AllowCredentials
            allowed_headers:
              items:
                type: string
              type: array
              x-go-name: AllowedHeaders
            allowed_methods:
              items:
                type: string
              type: array
              x-go-name: AllowedMethods
            allowed_origins:
              items:
                type: string
              type: array
              x-go-name: AllowedOrigins
            debug:
              type: boolean
              x-go-name: Debug
            enable:
              type: boolean
              x-go-name: Enable
            exposed_headers:
              items:
                type: string
              type: array
              x-go-name: ExposedHeaders
            max_age:
              format: int64
              type: integer
              x-go-name: MaxAge
            options_passthrough:
              type: boolean
              x-go-name: OptionsPassthrough
          type: object
        active:
          type: boolean
          x-go-name: Active
        allowed_ips:
          items:
            type: string
          type: array
          x-go-name: AllowedIPs
        api_id:
          type: string
          x-go-name: APIID
        auth:
          $ref: '#/components/schemas/Auth'
        auth_provider:
          $ref: '#/components/schemas/AuthProviderMeta'
        base_identity_provided_by:
          $ref: '#/components/schemas/AuthTypeEnum'
        basic_auth:
          properties:
            body_password_regexp:
              type: string
              x-go-name: BodyPasswordRegexp
            body_user_regexp:
              type: string
              x-go-name: BodyUserRegexp
            cache_ttl:
              format: int64
              type: integer
              x-go-name: CacheTTL
            disable_caching:
              type: boolean
              x-go-name: DisableCaching
            extract_from_body:
              type: boolean
              x-go-name: ExtractFromBody
          type: object
          x-go-name: BasicAuth
        blacklisted_ips:
          items:
            type: string
          type: array
          x-go-name: BlacklistedIPs
        cache_options:
          $ref: '#/components/schemas/CacheOptions'
        certificates:
          items:
            type: string
          type: array
          x-go-name: Certificates
        client_certificates:
          items:
            type: string
          type: array
          x-go-name: ClientCertificates
        config_data:
          additionalProperties:
            type: object
          type: object
          x-go-name: ConfigData
        custom_middleware:
          $ref: '#/components/schemas/MiddlewareSection'
        custom_middleware_bundle:
          type: string
          x-go-name: CustomMiddlewareBundle
        definition:
          properties:
            key:
              type: string
              x-go-name: Key
            location:
              type: string
              x-go-name: Location
            strip_path:
              type: boolean
              x-go-name: StripPath
          type: object
          x-go-name: VersionDefinition
        disable_quota:
          type: boolean
          x-go-name: DisableQuota
        disable_rate_limit:
          type: boolean
          x-go-name: DisableRateLimit
        do_not_track:
          type: boolean
          x-go-name: DoNotTrack
        domain:
          type: string
          x-go-name: Domain
        dont_set_quota_on_create:
          type: boolean
          x-go-name: DontSetQuotasOnCreate
        enable_batch_request_support:
          type: boolean
          x-go-name: EnableBatchRequestSupport
        enable_context_vars:
          type: boolean
          x-go-name: EnableContextVars
        enable_coprocess_auth:
          type: boolean
          x-go-name: EnableCoProcessAuth
        enable_ip_blacklisting:
          type: boolean
          x-go-name: EnableIpBlacklisting
        enable_ip_whitelisting:
          type: boolean
          x-go-name: EnableIpWhiteListing
        enable_jwt:
          type: boolean
          x-go-name: EnableJWT
        enable_signature_checking:
          type: boolean
          x-go-name: EnableSignatureChecking
        event_handlers:
          $ref: '#/components/schemas/EventHandlerMetaConfig'
        expire_analytics_after:
          format: int64
          type: integer
          x-go-name: ExpireAnalyticsAfter
        global_rate_limit:
          $ref: '#/components/schemas/GlobalRateLimit'
        hmac_allowed_algorithms:
          items:
            type: string
          type: array
          x-go-name: HmacAllowedAlgorithms
        hmac_allowed_clock_skew:
          format: double
          type: number
          x-go-name: HmacAllowedClockSkew
        id:
          $ref: '#/components/schemas/ObjectId'
        internal:
          type: boolean
          x-go-name: Internal
        jwt_client_base_field:
          type: string
          x-go-name: JWTClientIDBaseField
        jwt_expires_at_validation_skew:
          format: uint64
          type: integer
          x-go-name: JWTExpiresAtValidationSkew
        jwt_identity_base_field:
          type: string
          x-go-name: JWTIdentityBaseField
        jwt_issued_at_validation_skew:
          format: uint64
          type: integer
          x-go-name: JWTIssuedAtValidationSkew
        jwt_not_before_validation_skew:
          format: uint64
          type: integer
          x-go-name: JWTNotBeforeValidationSkew
        jwt_policy_field_name:
          type: string
          x-go-name: JWTPolicyFieldName
        jwt_scope_claim_name:
          type: string
          x-go-name: JWTScopeClaimName
        jwt_scope_to_policy_mapping:
          additionalProperties:
            type: string
          type: object
          x-go-name: JWTScopeToPolicyMapping
        jwt_signing_method:
          type: string
          x-go-name: JWTSigningMethod
        jwt_skip_kid:
          type: boolean
          x-go-name: JWTSkipKid
        jwt_source:
          type: string
          x-go-name: JWTSource
        name:
          type: string
          x-go-name: Name
        notifications:
          $ref: '#/components/schemas/NotificationsManager'
        oauth_meta:
          properties:
            allowed_access_types:
              items:
                $ref: '#/components/schemas/AccessRequestType'
              type: array
              x-go-name: AllowedAccessTypes
            allowed_authorize_types:
              items:
                $ref: '#/components/schemas/AuthorizeRequestType'
              type: array
              x-go-name: AllowedAuthorizeTypes
            auth_login_redirect:
              type: string
              x-go-name: AuthorizeLoginRedirect
          type: object
          x-go-name: Oauth2Meta
        openid_options:
          $ref: '#/components/schemas/OpenIDOptions'
        org_id:
          type: string
          x-go-name: OrgID
        pinned_public_keys:
          additionalProperties:
            type: string
          type: object
          x-go-name: PinnedPublicKeys
        proxy:
          properties:
            check_host_against_uptime_tests:
              type: boolean
              x-go-name: CheckHostAgainstUptimeTests
            disable_strip_slash:
              type: boolean
              x-go-name: DisableStripSlash
            enable_load_balancing:
              type: boolean
              x-go-name: EnableLoadBalancing
            listen_path:
              type: string
              x-go-name: ListenPath
            preserve_host_header:
              type: boolean
              x-go-name: PreserveHostHeader
            service_discovery:
              $ref: '#/components/schemas/ServiceDiscoveryConfiguration'
            strip_listen_path:
              type: boolean
              x-go-name: StripListenPath
            target_list:
              items:
                type: string
              type: array
              x-go-name: Targets
            target_url:
              type: string
              x-go-name: TargetURL
            transport:
              properties:
                proxy_url:
                  type: string
                  x-go-name: ProxyURL
                ssl_ciphers:
                  items:
                    type: string
                  type: array
                  x-go-name: SSLCipherSuites
                ssl_insecure_skip_verify:
                  type: boolean
                  x-go-name: SSLInsecureSkipVerify
                ssl_min_version:
                  format: uint16
                  type: integer
                  x-go-name: SSLMinVersion
              type: object
              x-go-name: Transport
          type: object
          x-go-name: Proxy
        response_processors:
          items:
            $ref: '#/components/schemas/ResponseProcessor'
          type: array
          x-go-name: ResponseProcessors
        session_lifetime:
          format: int64
          type: integer
          x-go-name: SessionLifetime
        session_provider:
          $ref: '#/components/schemas/SessionProviderMeta'
        slug:
          type: string
          x-go-name: Slug
        strip_auth_data:
          type: boolean
          x-go-name: StripAuthData
        tag_headers:
          items:
            type: string
          type: array
          x-go-name: TagHeaders
        upstream_certificates:
          additionalProperties:
            type: string
          type: object
          x-go-name: UpstreamCertificates
        uptime_tests:
          properties:
            check_list:
              items:
                $ref: '#/components/schemas/HostCheckObject'
              type: array
              x-go-name: CheckList
            config:
              properties:
                expire_utime_after:
                  format: int64
                  type: integer
                  x-go-name: ExpireUptimeAnalyticsAfter
                recheck_wait:
                  format: int64
                  type: integer
                  x-go-name: RecheckWait
                service_discovery:
                  $ref: '#/components/schemas/ServiceDiscoveryConfiguration'
              type: object
              x-go-name: Config
          type: object
          x-go-name: UptimeTests
        use_basic_auth:
          type: boolean
          x-go-name: UseBasicAuth
        use_keyless:
          type: boolean
          x-go-name: UseKeylessAccess
        use_mutual_tls_auth:
          type: boolean
          x-go-name: UseMutualTLSAuth
        use_oauth2:
          type: boolean
          x-go-name: UseOauth2
        use_openid:
          type: boolean
          x-go-name: UseOpenID
        use_standard_auth:
          type: boolean
          x-go-name: UseStandardAuth
        version_data:
          properties:
            default_version:
              type: string
              x-go-name: DefaultVersion
            not_versioned:
              type: boolean
              x-go-name: NotVersioned
            versions:
              additionalProperties:
                $ref: '#/components/schemas/VersionInfo'
              type: object
              x-go-name: Versions
          type: object
          x-go-name: VersionData
      title: >-
        APIDefinition represents the configuration for a single proxied API and
        it's versions.
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    APILimit:
      description: APILimit stores quota and rate limit on ACL level (per API)
      properties:
        per:
          format: double
          type: number
          x-go-name: Per
        quota_max:
          format: int64
          type: integer
          x-go-name: QuotaMax
        quota_remaining:
          format: int64
          type: integer
          x-go-name: QuotaRemaining
        quota_renewal_rate:
          format: int64
          type: integer
          x-go-name: QuotaRenewalRate
        quota_renews:
          format: int64
          type: integer
          x-go-name: QuotaRenews
        rate:
          format: double
          type: number
          x-go-name: Rate
        set_by_policy:
          type: boolean
          x-go-name: SetByPolicy
        throttle_interval:
          format: double
          type: number
          x-go-name: ThrottleInterval
        throttle_retry_limit:
          format: int64
          type: integer
          x-go-name: ThrottleRetryLimit
      type: object
      x-go-package: github.com/TykTechnologies/tyk/user
    AccessDefinition:
      description: AccessDefinition defines which versions of an API a key has access to
      properties:
        allowed_urls:
          items:
            $ref: '#/components/schemas/AccessSpec'
          type: array
          x-go-name: AllowedURLs
        api_id:
          type: string
          x-go-name: APIID
        api_name:
          type: string
          x-go-name: APIName
        limit:
          $ref: '#/components/schemas/APILimit'
        versions:
          items:
            type: string
          type: array
          x-go-name: Versions
      type: object
      x-go-package: github.com/TykTechnologies/tyk/user
    AccessRequestType:
      description: AccessRequestType is the type for OAuth param `grant_type`
      type: string
      x-go-package: github.com/TykTechnologies/tyk/vendor/github.com/lonelycode/osin
    AccessSpec:
      description: >-
        AccessSpecs define what URLS a user has access to an what methods are
        enabled
      properties:
        methods:
          items:
            type: string
          type: array
          x-go-name: Methods
        url:
          type: string
          x-go-name: URL
      type: object
      x-go-package: github.com/TykTechnologies/tyk/user
    Auth:
      properties:
        auth_header_name:
          type: string
          x-go-name: AuthHeaderName
        cookie_name:
          type: string
          x-go-name: CookieName
        param_name:
          type: string
          x-go-name: ParamName
        signature:
          $ref: '#/components/schemas/SignatureConfig'
        use_certificate:
          type: boolean
          x-go-name: UseCertificate
        use_cookie:
          type: boolean
          x-go-name: UseCookie
        use_param:
          type: boolean
          x-go-name: UseParam
        validate_signature:
          type: boolean
          x-go-name: ValidateSignature
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    AuthProviderCode:
      type: string
      x-go-package: github.com/TykTechnologies/tyk/apidef
    AuthProviderMeta:
      properties:
        meta:
          additionalProperties:
            type: object
          type: object
          x-go-name: Meta
        name:
          $ref: '#/components/schemas/AuthProviderCode'
        storage_engine:
          $ref: '#/components/schemas/StorageEngineCode'
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    AuthTypeEnum:
      type: string
      x-go-package: github.com/TykTechnologies/tyk/apidef
    AuthorizeRequestType:
      description: AuthorizeRequestType is the type for OAuth param `response_type`
      type: string
      x-go-package: github.com/TykTechnologies/tyk/vendor/github.com/lonelycode/osin
    CacheMeta:
      properties:
        cache_response_codes:
          items:
            format: int64
            type: integer
          type: array
          x-go-name: CacheOnlyResponseCodes
        cache_key_regex:
          type: string
          x-go-name: CacheKeyRegex
        method:
          type: string
          x-go-name: Method
        path:
          type: string
          x-go-name: Path
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    CacheOptions:
      properties:
        cache_all_safe_requests:
          type: boolean
          x-go-name: CacheAllSafeRequests
        cache_control_ttl_header:
          type: string
          x-go-name: CacheControlTTLHeader
        cache_response_codes:
          items:
            format: int64
            type: integer
          type: array
          x-go-name: CacheOnlyResponseCodes
        cache_timeout:
          format: int64
          type: integer
          x-go-name: CacheTimeout
        enable_cache:
          type: boolean
          x-go-name: EnableCache
        enable_upstream_cache_control:
          type: boolean
          x-go-name: EnableUpstreamCacheControl
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    CircuitBreakerMeta:
      properties:
        method:
          type: string
          x-go-name: Method
        path:
          type: string
          x-go-name: Path
        return_to_service_after:
          format: int64
          type: integer
          x-go-name: ReturnToServiceAfter
        samples:
          format: int64
          type: integer
          x-go-name: Samples
        threshold_percent:
          format: double
          type: number
          x-go-name: ThresholdPercent
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    EndPointMeta:
      properties:
        method_actions:
          additionalProperties:
            $ref: '#/components/schemas/EndpointMethodMeta'
          type: object
          x-go-name: MethodActions
        path:
          type: string
          x-go-name: Path
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    EndpointMethodAction:
      type: string
      x-go-package: github.com/TykTechnologies/tyk/apidef
    EndpointMethodMeta:
      properties:
        action:
          $ref: '#/components/schemas/EndpointMethodAction'
        code:
          format: int64
          type: integer
          x-go-name: Code
        data:
          type: string
          x-go-name: Data
        headers:
          additionalProperties:
            type: string
          type: object
          x-go-name: Headers
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    EventHandlerMetaConfig:
      properties:
        events:
          x-go-name: Events
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    ExtendedPathsSet:
      properties:
        advance_cache_config:
          items:
            $ref: '#/components/schemas/CacheMeta'
          type: array
          x-go-name: AdvanceCacheConfig
        black_list:
          items:
            $ref: '#/components/schemas/EndPointMeta'
          type: array
          x-go-name: BlackList
        cache:
          items:
            type: string
          type: array
          x-go-name: Cached
        circuit_breakers:
          items:
            $ref: '#/components/schemas/CircuitBreakerMeta'
          type: array
          x-go-name: CircuitBreaker
        do_not_track_endpoints:
          items:
            $ref: '#/components/schemas/TrackEndpointMeta'
          type: array
          x-go-name: DoNotTrackEndpoints
        hard_timeouts:
          items:
            $ref: '#/components/schemas/HardTimeoutMeta'
          type: array
          x-go-name: HardTimeouts
        ignored:
          items:
            $ref: '#/components/schemas/EndPointMeta'
          type: array
          x-go-name: Ignored
        internal:
          items:
            $ref: '#/components/schemas/InternalMeta'
          type: array
          x-go-name: Internal
        method_transforms:
          items:
            $ref: '#/components/schemas/MethodTransformMeta'
          type: array
          x-go-name: MethodTransforms
        size_limits:
          items:
            $ref: '#/components/schemas/RequestSizeMeta'
          type: array
          x-go-name: SizeLimit
        track_endpoints:
          items:
            $ref: '#/components/schemas/TrackEndpointMeta'
          type: array
          x-go-name: TrackEndpoints
        transform:
          items:
            $ref: '#/components/schemas/TemplateMeta'
          type: array
          x-go-name: Transform
        transform_headers:
          items:
            $ref: '#/components/schemas/HeaderInjectionMeta'
          type: array
          x-go-name: TransformHeader
        transform_jq:
          items:
            $ref: '#/components/schemas/TransformJQMeta'
          type: array
          x-go-name: TransformJQ
        transform_jq_response:
          items:
            $ref: '#/components/schemas/TransformJQMeta'
          type: array
          x-go-name: TransformJQResponse
        transform_response:
          items:
            $ref: '#/components/schemas/TemplateMeta'
          type: array
          x-go-name: TransformResponse
        transform_response_headers:
          items:
            $ref: '#/components/schemas/HeaderInjectionMeta'
          type: array
          x-go-name: TransformResponseHeader
        url_rewrites:
          items:
            $ref: '#/components/schemas/URLRewriteMeta'
          type: array
          x-go-name: URLRewrite
        validate_json:
          items:
            $ref: '#/components/schemas/ValidatePathMeta'
          type: array
          x-go-name: ValidateJSON
        virtual:
          items:
            $ref: '#/components/schemas/VirtualMeta'
          type: array
          x-go-name: Virtual
        white_list:
          items:
            $ref: '#/components/schemas/EndPointMeta'
          type: array
          x-go-name: WhiteList
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    GlobalRateLimit:
      properties:
        per:
          format: double
          type: number
          x-go-name: Per
        rate:
          format: double
          type: number
          x-go-name: Rate
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    GraphAccessDefinition:
      type: object
      x-go-package: github.com/TykTechnologies/tyk/user
    HardTimeoutMeta:
      properties:
        method:
          type: string
          x-go-name: Method
        path:
          type: string
          x-go-name: Path
        timeout:
          format: int64
          type: integer
          x-go-name: TimeOut
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    HashType:
      type: string
      x-go-package: github.com/TykTechnologies/tyk/user
    HeaderInjectionMeta:
      properties:
        act_on:
          type: boolean
          x-go-name: ActOnResponse
        add_headers:
          additionalProperties:
            type: string
          type: object
          x-go-name: AddHeaders
        delete_headers:
          items:
            type: string
          type: array
          x-go-name: DeleteHeaders
        method:
          type: string
          x-go-name: Method
        path:
          type: string
          x-go-name: Path
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    HostCheckObject:
      properties:
        body:
          type: string
          x-go-name: Body
        headers:
          additionalProperties:
            type: string
          type: object
          x-go-name: Headers
        method:
          type: string
          x-go-name: Method
        url:
          type: string
          x-go-name: CheckURL
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    IdExtractorSource:
      type: string
      x-go-package: github.com/TykTechnologies/tyk/apidef
    IdExtractorType:
      type: string
      x-go-package: github.com/TykTechnologies/tyk/apidef
    InternalMeta:
      properties:
        method:
          type: string
          x-go-name: Method
        path:
          type: string
          x-go-name: Path
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    MethodTransformMeta:
      properties:
        method:
          type: string
          x-go-name: Method
        path:
          type: string
          x-go-name: Path
        to_method:
          type: string
          x-go-name: ToMethod
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    MiddlewareDefinition:
      properties:
        name:
          type: string
          x-go-name: Name
        path:
          type: string
          x-go-name: Path
        require_session:
          type: boolean
          x-go-name: RequireSession
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    MiddlewareDriver:
      type: string
      x-go-package: github.com/TykTechnologies/tyk/apidef
    MiddlewareIdExtractor:
      properties:
        extract_from:
          $ref: '#/components/schemas/IdExtractorSource'
        extract_with:
          $ref: '#/components/schemas/IdExtractorType'
        extractor_config:
          additionalProperties:
            type: object
          type: object
          x-go-name: ExtractorConfig
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    MiddlewareSection:
      properties:
        auth_check:
          $ref: '#/components/schemas/MiddlewareDefinition'
        driver:
          $ref: '#/components/schemas/MiddlewareDriver'
        id_extractor:
          $ref: '#/components/schemas/MiddlewareIdExtractor'
        post:
          items:
            $ref: '#/components/schemas/MiddlewareDefinition'
          type: array
          x-go-name: Post
        post_key_auth:
          items:
            $ref: '#/components/schemas/MiddlewareDefinition'
          type: array
          x-go-name: PostKeyAuth
        pre:
          items:
            $ref: '#/components/schemas/MiddlewareDefinition'
          type: array
          x-go-name: Pre
        response:
          items:
            $ref: '#/components/schemas/MiddlewareDefinition'
          type: array
          x-go-name: Response
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    NewClientRequest:
      description: >-
        NewClientRequest is an outward facing JSON object translated from osin
        OAuthClients
      properties:
        api_id:
          type: string
          x-go-name: APIID
        client_id:
          type: string
          x-go-name: ClientID
        description:
          type: string
          x-go-name: Description
        meta_data:
          type: object
          x-go-name: MetaData
        policy_id:
          type: string
          x-go-name: PolicyID
        redirect_uri:
          type: string
          x-go-name: ClientRedirectURI
        secret:
          type: string
          x-go-name: ClientSecret
      type: object
      x-go-package: github.com/TykTechnologies/tyk
    NotificationsManager:
      description: 'TODO: Make this more generic'
      properties:
        oauth_on_keychange_url:
          type: string
          x-go-name: OAuthKeyChangeURL
        shared_secret:
          type: string
          x-go-name: SharedSecret
      title: >-
        NotificationsManager handles sending notifications to OAuth endpoints to
        notify the provider of key changes.
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    OAuthClientToken:
      properties:
        code:
          type: string
          x-go-name: Token
        expires:
          format: int64
          type: integer
          x-go-name: Expires
      type: object
      x-go-package: github.com/TykTechnologies/tyk
    OIDProviderConfig:
      properties:
        client_ids:
          additionalProperties:
            type: string
          type: object
          x-go-name: ClientIDs
        issuer:
          type: string
          x-go-name: Issuer
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    ObjectId:
      description: 'https://www.mongodb.org/display/DOCS/Object+IDs'
      title: >-
        ObjectId is a unique ID identifying a BSON value. It must be exactly 12
        bytes

        long. MongoDB objects by default have such a property set in their "_id"

        property.
      type: string
      x-go-package: github.com/TykTechnologies/tyk/vendor/gopkg.in/mgo.v2/bson
    OpenIDOptions:
      properties:
        providers:
          items:
            $ref: '#/components/schemas/OIDProviderConfig'
          type: array
          x-go-name: Providers
        segregate_by_client:
          type: boolean
          x-go-name: SegregateByClient
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    Policy:
      properties:
        _id:
          $ref: '#/components/schemas/ObjectId'
          type: object
          x-go-name: ID
        id:
          type: string
          x-go-name: ID
        name:
          type: string
          x-go-name: Name
        org_id:
          type: string
          x-go-name: OrgID
        rate:
          format: double
          type: number
          x-go-name: Rate
        per:
          format: double
          type: number
          x-go-name: Per
        quota_max:
          format: int64
          type: integer
          x-go-name: QuotaMax
        quota_renewal_rate:
          format: int64
          type: integer
          x-go-name: QuotaRenewalRate
        throttle_interval:
          format: double
          type: number
          x-go-name: ThrottleInterval
        throttle_retry_limit:
          type: number
          x-go-name: ThrottleRetryLimit
        max_query_depth:
          type: number
          x-go-name: MaxQueryDepth
        access_rights:
          type: object
          x-go-name: AccessRights
          additionalProperties:
              $ref: '#/components/schemas/AccessDefinition'
        hmac_enabled:
          type: boolean
          x-go-name: HMACEnabled
        enable_http_signature_validation:
          type: boolean
          x-go-name: EnableHTTPSignatureValidation
        active:
          type: boolean
          x-go-name: Active
        is_inactive:
          type: boolean
          x-go-name: IsInactive
        tags:
          type: array
          items:
            type: string
          x-go-name: Tags
        key_expires_in:
          format: int64
          type: number
          x-go-name: KeyExpiresIn
        partitions:
          $ref: '#/components/schemas/PolicyPartitions'
          type: object
          x-go-name: Partitions
        last_updated:
          type: string
          x-go-name: LastUpdates
        meta_data:
          type: object
          x-go-name: MetaData
        graphql_access_rights:
          $ref: '#/components/schemas/GraphAccessDefinition'
      type: object
      x-go-package: github.com/TykTechnologies/tyk/user
    PolicyPartitions:
      properties:
        quota:
          type: boolean
          x-go-name: Quota
        rate_limit:
          type: boolean
          x-go-name: RateLimit
        complexity:
          type: boolean
          x-go-name: Complexity
        acl:
          type: boolean
          x-go-name: Acl
        per_api:
          type: boolean
          x-go-name: PerAPI
      type: object
      x-go-package: github.com/TykTechnologies/tyk/user
    Regexp:
      description: Regexp is a wrapper around regexp.Regexp but with caching
      properties:
        FromCache:
          type: boolean
      type: object
      x-go-package: github.com/TykTechnologies/tyk/regexp
    RequestInputType:
      type: string
      x-go-package: github.com/TykTechnologies/tyk/apidef
    RequestSizeMeta:
      properties:
        method:
          type: string
          x-go-name: Method
        path:
          type: string
          x-go-name: Path
        size_limit:
          format: int64
          type: integer
          x-go-name: SizeLimit
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    ResponseProcessor:
      properties:
        name:
          type: string
          x-go-name: Name
        options:
          type: object
          x-go-name: Options
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    RoutingTrigger:
      properties:
        'on':
          $ref: '#/components/schemas/RoutingTriggerOnType'
        options:
          $ref: '#/components/schemas/RoutingTriggerOptions'
        rewrite_to:
          type: string
          x-go-name: RewriteTo
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    RoutingTriggerOnType:
      type: string
      x-go-package: github.com/TykTechnologies/tyk/apidef
    RoutingTriggerOptions:
      properties:
        header_matches:
          additionalProperties:
            $ref: '#/components/schemas/StringRegexMap'
          type: object
          x-go-name: HeaderMatches
        path_part_matches:
          additionalProperties:
            $ref: '#/components/schemas/StringRegexMap'
          type: object
          x-go-name: PathPartMatches
        payload_matches:
          $ref: '#/components/schemas/StringRegexMap'
        query_val_matches:
          additionalProperties:
            $ref: '#/components/schemas/StringRegexMap'
          type: object
          x-go-name: QueryValMatches
        request_context_matches:
          additionalProperties:
            $ref: '#/components/schemas/StringRegexMap'
          type: object
          x-go-name: RequestContextMatches
        session_meta_matches:
          additionalProperties:
            $ref: '#/components/schemas/StringRegexMap'
          type: object
          x-go-name: SessionMetaMatches
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    ServiceDiscoveryConfiguration:
      properties:
        cache_timeout:
          format: int64
          type: integer
          x-go-name: CacheTimeout
        data_path:
          type: string
          x-go-name: DataPath
        endpoint_returns_list:
          type: boolean
          x-go-name: EndpointReturnsList
        parent_data_path:
          type: string
          x-go-name: ParentDataPath
        port_data_path:
          type: string
          x-go-name: PortDataPath
        query_endpoint:
          type: string
          x-go-name: QueryEndpoint
        target_path:
          type: string
          x-go-name: TargetPath
        use_discovery_service:
          type: boolean
          x-go-name: UseDiscoveryService
        use_nested_query:
          type: boolean
          x-go-name: UseNestedQuery
        use_target_list:
          type: boolean
          x-go-name: UseTargetList
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    SessionProviderCode:
      type: string
      x-go-package: github.com/TykTechnologies/tyk/apidef
    SessionProviderMeta:
      properties:
        meta:
          additionalProperties:
            type: object
          type: object
          x-go-name: Meta
        name:
          $ref: '#/components/schemas/SessionProviderCode'
        storage_engine:
          $ref: '#/components/schemas/StorageEngineCode'
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    SessionState:
      description: >-
        There's a data structure that's based on this and it's used for Protocol
        Buffer support, make sure to update
        "coprocess/proto/coprocess_session_state.proto" and generate the
        bindings using: cd coprocess/proto && ./update_bindings.sh
      properties:
        tags:
          items:
            type: string
          type: array
          x-go-name: Tags
        access_rights:
          additionalProperties:
            $ref: '#/components/schemas/AccessDefinition'
          type: object
          x-go-name: AccessRights
        alias:
          type: string
          x-go-name: Alias
        allowance:
          format: double
          type: number
          x-go-name: Allowance
        apply_policies:
          items:
            type: string
          type: array
          x-go-name: ApplyPolicies
        apply_policy_id:
          type: string
          x-go-name: ApplyPolicyID
        basic_auth_data:
          properties:
            hash_type:
              $ref: '#/components/schemas/HashType'
            password:
              type: string
              x-go-name: Password
          type: object
          x-go-name: BasicAuthData
        certificate:
          type: string
          x-go-name: Certificate
        data_expires:
          format: int64
          type: integer
          x-go-name: DataExpires
        enable_detail_recording:
          type: boolean
          x-go-name: EnableDetailedRecording
        expires:
          format: int64
          type: integer
          x-go-name: Expires
        hmac_enabled:
          type: boolean
          x-go-name: HMACEnabled
        hmac_string:
          type: string
          x-go-name: HmacSecret
        id_extractor_deadline:
          format: int64
          type: integer
          x-go-name: IdExtractorDeadline
        is_inactive:
          type: boolean
          x-go-name: IsInactive
        jwt_data:
          properties:
            secret:
              type: string
              x-go-name: Secret
          type: object
          x-go-name: JWTData
        last_check:
          format: int64
          type: integer
          x-go-name: LastCheck
        last_updated:
          type: string
          x-go-name: LastUpdated
        meta_data:
          additionalProperties:
            type: object
          type: object
          x-go-name: MetaData
        monitor:
          properties:
            trigger_limits:
              items:
                format: double
                type: number
              type: array
              x-go-name: TriggerLimits
          type: object
          x-go-name: Monitor
        oauth_client_id:
          type: string
          x-go-name: OauthClientID
        oauth_keys:
          additionalProperties:
            type: string
          type: object
          x-go-name: OauthKeys
        org_id:
          type: string
          x-go-name: OrgID
        per:
          format: double
          type: number
          x-go-name: Per
        quota_max:
          format: int64
          type: integer
          x-go-name: QuotaMax
        quota_remaining:
          format: int64
          type: integer
          x-go-name: QuotaRemaining
        quota_renewal_rate:
          format: int64
          type: integer
          x-go-name: QuotaRenewalRate
        quota_renews:
          format: int64
          type: integer
          x-go-name: QuotaRenews
        rate:
          format: double
          type: number
          x-go-name: Rate
        session_lifetime:
          format: int64
          type: integer
          x-go-name: SessionLifetime
        throttle_interval:
          format: double
          type: number
          x-go-name: ThrottleInterval
        throttle_retry_limit:
          format: int64
          type: integer
          x-go-name: ThrottleRetryLimit
      title: >-
        SessionState objects represent a current API session, mainly used for
        rate limiting.
      type: object
      x-go-package: github.com/TykTechnologies/tyk/user
    SignatureConfig:
      properties:
        algorithm:
          type: string
          x-go-name: Algorithm
        allowed_clock_skew:
          format: int64
          type: integer
          x-go-name: AllowedClockSkew
        error_code:
          format: int64
          type: integer
          x-go-name: ErrorCode
        error_message:
          type: string
          x-go-name: ErrorMessage
        header:
          type: string
          x-go-name: Header
        secret:
          type: string
          x-go-name: Secret
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    StorageEngineCode:
      type: string
      x-go-package: github.com/TykTechnologies/tyk/apidef
    StringRegexMap:
      properties:
        match_rx:
          type: string
          x-go-name: MatchPattern
        reverse:
          type: boolean
          x-go-name: Reverse
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    TemplateData:
      properties:
        enable_session:
          type: boolean
          x-go-name: EnableSession
        input_type:
          $ref: '#/components/schemas/RequestInputType'
        template_mode:
          $ref: '#/components/schemas/TemplateMode'
        template_source:
          type: string
          x-go-name: TemplateSource
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    TemplateMeta:
      properties:
        method:
          type: string
          x-go-name: Method
        path:
          type: string
          x-go-name: Path
        template_data:
          $ref: '#/components/schemas/TemplateData'
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    TemplateMode:
      type: string
      x-go-package: github.com/TykTechnologies/tyk/apidef
    TrackEndpointMeta:
      properties:
        method:
          type: string
          x-go-name: Method
        path:
          type: string
          x-go-name: Path
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    TransformJQMeta:
      properties:
        filter:
          type: string
          x-go-name: Filter
        method:
          type: string
          x-go-name: Method
        path:
          type: string
          x-go-name: Path
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    URLRewriteMeta:
      properties:
        MatchRegexp:
          $ref: '#/components/schemas/Regexp'
        match_pattern:
          type: string
          x-go-name: MatchPattern
        method:
          type: string
          x-go-name: Method
        path:
          type: string
          x-go-name: Path
        rewrite_to:
          type: string
          x-go-name: RewriteTo
        triggers:
          items:
            $ref: '#/components/schemas/RoutingTrigger'
          type: array
          x-go-name: Triggers
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    ValidatePathMeta:
      properties:
        error_response_code:
          description: >-
            Allows override of default 422 Unprocessible Entity response code
            for validation errors.
          format: int64
          type: integer
          x-go-name: ErrorResponseCode
        method:
          type: string
          x-go-name: Method
        path:
          type: string
          x-go-name: Path
        schema:
          additionalProperties:
            type: object
          type: object
          x-go-name: Schema
        schema_b64:
          type: string
          x-go-name: SchemaB64
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    VersionInfo:
      properties:
        paths:
          properties:
            black_list:
              items:
                type: string
              type: array
              x-go-name: BlackList
            ignored:
              items:
                type: string
              type: array
              x-go-name: Ignored
            white_list:
              items:
                type: string
              type: array
              x-go-name: WhiteList
          type: object
          x-go-name: Paths
        expires:
          type: string
          x-go-name: Expires
        extended_paths:
          $ref: '#/components/schemas/ExtendedPathsSet'
        global_headers:
          additionalProperties:
            type: string
          type: object
          x-go-name: GlobalHeaders
        global_headers_remove:
          items:
            type: string
          type: array
          x-go-name: GlobalHeadersRemove
        global_size_limit:
          format: int64
          type: integer
          x-go-name: GlobalSizeLimit
        name:
          type: string
          x-go-name: Name
        override_target:
          type: string
          x-go-name: OverrideTarget
        use_extended_paths:
          type: boolean
          x-go-name: UseExtendedPaths
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    VirtualMeta:
      properties:
        function_source_type:
          type: string
          x-go-name: FunctionSourceType
        function_source_uri:
          type: string
          x-go-name: FunctionSourceURI
        method:
          type: string
          x-go-name: Method
        path:
          type: string
          x-go-name: Path
        proxy_on_error:
          type: boolean
          x-go-name: ProxyOnError
        response_function_name:
          type: string
          x-go-name: ResponseFunctionName
        use_session:
          type: boolean
          x-go-name: UseSession
      type: object
      x-go-package: github.com/TykTechnologies/tyk/apidef
    apiAllKeys:
      description: apiAllKeys represents a list of keys in the memory store
      properties:
        keys:
          items:
            type: string
          type: array
          x-go-name: APIKeys
      type: object
      x-go-package: github.com/TykTechnologies/tyk
    apiModifyKeySuccess:
      description: apiModifyKeySuccess represents when a Key modification was successful
      properties:
        action:
          type: string
          x-go-name: Action
        key:
          description: 'in:body'
          type: string
          x-go-name: Key
        key_hash:
          type: string
          x-go-name: KeyHash
        status:
          type: string
          x-go-name: Status
      type: object
      x-go-package: github.com/TykTechnologies/tyk
    apiStatusMessage:
      description: apiStatusMessage represents an API status message
      properties:
        message:
          description: Response details
          type: string
          x-go-name: Message
        status:
          type: string
          x-go-name: Status
      type: object
      x-go-package: github.com/TykTechnologies/tyk
    APIAllCertificates:
      description:  APIAllCertificates represents a list of certificates
      properties:
        certs:
          items:
            type: string
          type: array
          x-go-name: Certs
      type: object
      x-go-package: github.com/TykTechnologies/tyk
    APIAllCertificateBasics:
      description: APIAllCertificates represents a list of certificate basics
      properties:
        certs:
          items:
            $ref: '#/components/schemas/CertificateBasics'
          type: array
          x-go-name: Certs
      type: object
      x-go-package: github.com/TykTechnologies/tyk
    CertificateBasics:
      description: CertificateBasics represents basic details of a certificate
      properties:
        id:
          type: string
          x-go-name: ID
        issuer_cn:
          type: string
          x-go-name: IssuerCN
        subject_cn:
          type: string
          x-go-name: SubjectCN
        dns_names:
          type: array
          items:
            type: string
          x-go-name: DNSNames
        has_private:
          type: string
          x-go-name: HasPrivateKey
        not_before:
          type: string
          x-go-name: NotBefore
        not_after:
          type: string
          x-go-name: NotAfter
      type: object
      x-go-package: github.com/TykTechnologies/tyk
    CertificateMeta:
      description: CertificateBasics represents basic details of a certificate
      properties:
        id:
          type: string
          x-go-name: ID
        fingerprint:
          type: string
          x-go-name: Fingerprint
        has_private:
          type: string
          x-go-name: HasPrivateKey
        issuer:
          $ref: '#/components/schemas/pkixName'
        subject:
          $ref: '#/components/schemas/pkixName'
        not_before:
          type: string
          x-go-name: NotBefore
        not_after:
          type: string
          x-go-name: NotAfter
        dns_names:
          type: array
          items:
            type: string
          x-go-name: DNSNames
      type: object
      x-go-package: github.com/TykTechnologies/tyk
    pkixName:
      description: Name represents an X.509 distinguished name
      properties:
        Country:
          type: array
          items:
            type: string
        Organization:
          type: array
          items:
            type: string
        OrganizationalUnit:
          type: array
          items:
            type: string
        Locality:
          type: array
          items:
            type: string
        Province:
          type: array
          items:
            type: string
        StreetAddress:
          type: array
          items:
            type: string
        PostalCode:
          type: array
          items:
            type: string
        SerialNumber:
          type: string
        CommonName:
          type: string
        Names:
          type: array
          items:
            $ref: '#/components/schemas/pkixAttributeTypeAndValue'
        ExtraNames:
          type: array
          items:
            $ref: '#/components/schemas/pkixAttributeTypeAndValueSET'
    pkixAttributeTypeAndValue:
      description: AttributeTypeAndValue mirrors the ASN.1 structure of the same name in RFC 5280, Section 4.1.2.4.
      properties:
        Type:
          type: array
          items:
            type: integer
        Value:
          type: object
    pkixAttributeTypeAndValueSET:
      description: AttributeTypeAndValueSET represents a set of ASN.1 sequences of AttributeTypeAndValue sequences from RFC 2986 (PKCS #10).
      properties:
        Type:
          type: array
          items:
            type: integer
        Value:
          type: array
          items:
            type: array
            items:
              $ref: '#/components/schemas/pkixAttributeTypeAndValue'
    APICertificateStatusMessage:
      description: Status message when certificate is added
      properties:
        id:
          type: string
          x-go-name: CertID
        status:
          type: string
          x-go-name: Status
        message:
          type: string
          x-go-name: Message
      type: object
      x-go-package: github.com/TykTechnologies/tyk
    OASSchemaResponse:
      description: OAS schema endpoint response
      type: object
      properties:
        status:
          type: string
          x-go-name: Status
        message:
          type: string
          x-go-name: Message
        schema:
          type: string
          description: <OAS schema definition>
    BooleanQueryParam:
      type: string
      enum: [ true, false ]
      example: true
    APIVersionMeta:
      description: API version meta
      type: object
      properties:
        id:
          type: string
        name:
          type: string
        versionName:
          type: string
        internal:
          type: boolean
        expirationDate:
          type: string
        isDefaultVersion:
          type: boolean
  parameters:
    UpstreamURL:
      name: upstreamURL
      in: query
      description: Upstream URL for the API
      required: false
      schema:
        type: string
    ListenPath:
      name: listenPath
      in: query
      description: Listen path for the API
      schema:
        type: string
      required: false
    CustomDomain:
      name: customDomain
      schema:
        type: string
      description: Custom domain for the API
      in: query
      required: false
    ApiID:
      name: apiID
      schema:
        type: string
      description: ID of the API
      in: query
      required: false
    ValidateRequest:
      name: validateRequest
      in: query
      description: Enable validateRequest middleware for all endpoints having a request body with media type application/json
      required: false
      schema:
        $ref: '#/components/schemas/BooleanQueryParam'
    AllowList:
      name: allowList
      in: query
      description: Enable allowList middleware for all endpoints
      required: false
      schema:
        $ref: '#/components/schemas/BooleanQueryParam'
    MockResponse:
      name: mockResponse
      in: query
      description: Enable mockResponse middleware for all endpoints having responses configured.
      required: false
      schema:
        $ref: '#/components/schemas/BooleanQueryParam'
    Authentication:
      name: authentication
      in: query
      description: Enable or disable authentication in your Tyk Gateway as per your OAS document.
      schema:
        $ref: '#/components/schemas/BooleanQueryParam'
    SearchText:
      name: searchText
      schema:
        type: string
      description: Search for API version name
      in: query
      required: false
    AccessType:
      name: accessType
      schema:
        type: string
        enum: [ "internal", "external" ]
      description: Filter for internal or external API versions
      in: query
      required: false
  securitySchemes:
    api_key:
      in: header
      name: X-Tyk-Authorization
      type: apiKey
security:
  - api_key: []