The Tyk Dashboard Admin API provides super-administrative access to the Tyk Dashboard, enabling management of organizations and system-level configuration. It is used for bootstrapping and managing multi-organization Tyk deployments.
openapi: 3.0.0
info:
title: Tyk Dashboard Admin API
version: 5.3.0
description: >-
For Tyk On-Premises installations only, the Dashboard Admin API has two
endpoints and is used to set up and provision a Tyk Dashboard instance
without the command line.
In order to use the Dashboard Admin API, you'll need to get the
`admin_secret` value from your Tyk Dashboard configurations.
The secret you set should then be sent along as a header with each Dashboard
Admin API Request in order for it to be successful:
```
admin-auth: <your-secret>
```
servers:
- url: http://localhost/
- url: https://localhost/
tags:
- name: Export
description: >-
To make Tyk installations more portable, the Export API enables you to
export key configuration objects required to back-up and re-deploy a basic
Tyk Pro installation.
- name: Import
description: >-
The import API enables you to add Organisations, APIs and Policies back
into a Tyk installation while retaining their base IDs so that they work
together.
- name: Single Sign On
description: >-
The Dashboard SSO API allows you to implement custom authentication
schemes for the Dashboard and Portal. Our Tyk Identity Broker (TIB)
internally also uses this API.
- name: Dashboard URL Reload
description: >-
Since the Dashboard can have multiple URLs associated with it. It is
possible to force a URL reload by calling an API endpoint of the Dashboard
API.
- name: Organisations
description: >-
The organisations API gives the ability to manage your Tyk
organisation(s).
- name: Users
description: >-
The admin portion of the users API gives you the ability to manage
password reset policies for your Dashboard users.
paths:
/admin/system/reload:
get:
summary: Reloads dashboard urls
description: Reloads dashboard urls.
operationId: reloadURLs
tags:
- Dashboard URL Reload
responses:
'200':
description: URLs reloaded successfully.
content:
application/json:
schema:
properties:
status:
type: string
example:
status: ok
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: Error
Message: Not authorised
/admin/sso/:
post:
summary: Generate authentication token
description: >-
The Dashboard exposes the /admin/sso Dashboard API which allows you to
generate a temporary authentication token, valid for 60 seconds.
operationId: generateAuthToken
tags:
- Single Sign On
requestBody:
content:
application/json:
schema:
properties:
ForSection:
type: string
enum:
- dashboard
- portal
OrgID:
type: string
EmailAddress:
type: string
GroupID:
type: string
example:
ForSection: dashboard
OrgID: 588b4f0bb275ff0001cc7471
EmailAddress: [email protected]
GroupID: ''
responses:
'200':
description: Additional Permissions updated successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: OK
Message: SSO Nonce created
Meta: YTNiOGUzZjctYWZkYi00OTNhLTYwODItZTAzMDI3MjM0OTEw
'400':
description: Back Request.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: Error
Message: >-
Cannot create an SSO session for an invalid payload: [Error:
Org id not found ('588b4f0bb275ff0001cc7471').]
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: Error
Message: Not authorised
/admin/organisations/{orgID}:
get:
summary: Export Organisations
description: >-
The organisation object is the most fundamental object in a Tyk setup,
all other ownership properties hang off the relationship between an
organisation and its APIs, Policies and API Tokens.
operationId: exportOrgs
tags:
- Export
parameters:
- name: orgID
in: path
description: ID of organisation
required: true
schema:
type: string
responses:
'200':
description: Organisation exported successfully.
content:
application/json:
schema:
properties:
apis:
type: array
items:
$ref: '#/components/schemas/APIDefinition'
example:
id: 53ac07777cbb8c2d53000002
owner_name: Test
owner_slug: test
cname_enabled: true
cname: my.domain.com
apis:
- api_human_name: API 2
api_id: 5fa2db834e07444f760b7ceb314209fb
- api_human_name: API 1
api_id: 7a6ddeca9244448a4233866938a0d6e2
- api_human_name: API 3
api_id: 109eacaa50b24b64651a1d4dce8ec385
developer_quota: 123
developer_count: 21
event_options:
key_event:
webhook: ''
email: ''
redis: true
key_request_event:
webhook: ''
email: ''
redis: false
hybrid_enabled: false
ui:
languages: {}
hide_help: false
default_lang: ''
login_page: {}
nav: {}
uptime: {}
portal_section: {}
designer: {}
dont_show_admin_sockets: false
dont_allow_license_management: false
dont_allow_license_management_view: false
'400':
description: Back Request.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: Error
Message: Request body malformed
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: Error
Message: Not authorised
'404':
description: Org not found.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: Error
Message: Could not retrieve org detail
/admin/organisations/import:
post:
summary: Import organisations
description: >-
The organisation object is the most fundamental object in a Tyk setup,
all other ownership properties hang off the relationship between an
organisation and it s APIs, Policies and API Tokens.
operationId: importOrgs
tags:
- Import
requestBody:
content:
application/json:
schema:
properties:
apis:
type: array
items:
$ref: '#/components/schemas/APIDefinition'
example:
id: 53ac07777cbb8c2d53000002
owner_name: Test
owner_slug: test
cname_enabled: true
cname: my.domain.com
apis:
- api_human_name: API 2
api_id: 5fa2db834e07444f760b7ceb314209fb
- api_human_name: API 1
api_id: 7a6ddeca9244448a4233866938a0d6e2
- api_human_name: API 3
api_id: 109eacaa50b24b64651a1d4dce8ec385
developer_quota: 123
developer_count: 21
event_options:
key_event:
webhook: ''
email: ''
redis: true
key_request_event:
webhook: ''
email: ''
redis: false
hybrid_enabled: false
ui:
languages: {}
hide_help: false
default_lang: ''
login_page: {}
nav: {}
uptime: {}
portal_section: {}
designer: {}
dont_show_admin_sockets: false
dont_allow_license_management: false
dont_allow_license_management_view: false
responses:
'200':
description: Org imported successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: OK
Message: Org imported
Meta: 53ac07777cbb8c2d53000002
'400':
description: Back Request.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: Error
Message: Failed to save new Org object to DB
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: Error
Message: Not authorised
/admin/apis/import:
post:
summary: Import APIs
description: The import APIs operates on lists of APIs.
operationId: importAPIs
tags:
- Import
requestBody:
content:
application/json:
schema:
properties:
apis:
type: array
items:
type: object
properties:
api_model:
type: object
api_definition:
$ref: '#/components/schemas/APIDefinition'
hook_references:
type: array
items:
type: object
is_site:
type: boolean
sort_by:
type: integer
example:
apis:
- api_model: {}
api_definition:
api_human_name: API 2
api_id: 5fa2db834e07444f760b7ceb314209fb
hook_references: []
is_site: false
sort_by: 0
- api_model: {}
api_definition:
api_human_name: API 1
api_id: 7a6ddeca9244448a4233866938a0d6e2
hook_references: []
is_site: false
sort_by: 0
responses:
'200':
description: APIs imported successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: OK
Message: APIs imported
Meta:
5fa2db834e07444f760b7ceb314209fb: true
7a6ddeca9244448a4233866938a0d6e2: true
'400':
description: Back Request.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: Error
Message: Request body malformed
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: Error
Message: Not authorised
/admin/policies/import:
post:
summary: Import Policies
description: The import Policies operates on lists of Policies.
operationId: importPolocies
tags:
- Import
requestBody:
content:
application/json:
schema:
properties:
data:
type: array
items:
$ref: '#/components/schemas/Policy'
example:
data:
- access_rights:
5fa2db834e07444f760b7ceb314209fb:
allowed_urls: []
api_id: 5fa2db834e07444f760b7ceb314209fb
api_name: API 2
versions:
- Default
7a6ddeca9244448a4233866938a0d6e2:
allowed_urls: []
api_id: 7a6ddeca9244448a4233866938a0d6e2
api_name: API 1
versions:
- Default
active: true
date_created: '0001-01-01T00:00:00Z'
hmac_enabled: false
is_inactive: false
key_expires_in: 0
last_updated: '1478791603'
name: Default
org_id: 53ac07777cbb8c2d53000002
partitions:
acl: false
quota: false
rate_limit: false
per: 60
quota_max: -1
quota_renewal_rate: 3600
rate: 1000
tags: []
responses:
'200':
description: Policies imported successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: OK
Message: Policies imported
Meta:
61df10078f11dd00097cb55f: true
'400':
description: Back Request.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: Error
Message: Failed to save new Org object to DB
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/apiStatusMessage'
example:
Status: Error
Message: Not authorised
/admin/users/{USER_ID}/actions/allow_reset_passwords:
parameters:
- name: USER_ID
in: path
description: User ID of the user whose password is being reset
required: true
schema:
type: string
- name: admin-auth
in: header
description: admin_secret value from your tyk_analtyics.conf
required: true
schema:
type: string
put:
summary: Allow password reset for a User
description: Allow password reset for a User.
operationId: allowResetPassword
tags:
- Users
responses:
'200':
description: Password reset for user enabled
content:
application/json:
example:
Status: OK
Message: User updated
Meta:
api_model: {}
first_name: John
last_name: Doe
email_address: [email protected]
org_id: 60ef3a1dcb83670001bf2df9
active: true
id: 614215edb2d47190f98b3b79
access_key: 68b225c4376748207453c235ed8e2a82
user_permissions:
IsAdmin: admin
ResetPassword: admin
group_id: ''
password_max_days: 0
password_updated: '2021-09-15T15:49:01.863Z'
PWHistory: []
last_login_date: '2021-09-15T15:49:49.754Z'
created_at: '2021-09-15T15:49:01Z'
/admin/users/{USER_ID}/actions/disallow_reset_passwords:
parameters:
- name: USER_ID
in: path
description: >-
User ID of the user whose password reset capability is being
disallowed
required: true
schema:
type: string
- name: admin-auth
in: header
description: admin_secret value from your tyk_analtyics.conf
required: true
schema:
type: string
put:
summary: Disallow password reset for a User
description: Disallow password reset for a User.
operationId: disallowResetPassword
tags:
- Users
responses:
'200':
description: Password reset for user disabled
content:
application/json:
example:
Status: OK
Message: User updated
Meta:
api_model: {}
first_name: John
last_name: Doe
email_address: [email protected]
org_id: 60ef3a1dcb83670001bf2df9
active: true
id: 614215edb2d47190f98b3b79
access_key: 68b225c4376748207453c235ed8e2a82
user_permissions:
IsAdmin: admin
group_id: ''
password_max_days: 0
password_updated: '2021-09-15T15:49:01.863Z'
PWHistory: []
last_login_date: '2021-09-15T15:49:49.754Z'
created_at: '2021-09-15T15:49:01Z'
/admin/organisations/{org-id}:
parameters:
- name: org-id
in: path
description: Organisation ID of the org to add, update, or delete.
required: true
schema:
type: string
- name: admin-auth
in: header
description: admin_secret value from your tyk_analtyics.conf
required: true
schema:
type: string
get:
summary: Retrieve a single organisation
description: Retrieve a single organisation
operationId: getOrg
tags:
- Organisations
responses:
'200':
description: Organisation retrieved
content:
application/json:
example:
id: 5cc03283d07e7f00019404b3
owner_name: TestOrg5 Ltd.
owner_slug: testorg
cname_enabled: true
cname: www.tyk-portal-test.com
apis:
- api_human_name: 'First API #Test'
api_id: 5508bd9429434d5768c423a04db259ea
developer_quota: 0
developer_count: 0
event_options: {}
hybrid_enabled: false
ui:
languages: {}
hide_help: false
default_lang: ''
login_page: {}
nav: {}
uptime: {}
portal_section: {}
designer: {}
dont_show_admin_sockets: false
dont_allow_license_management: false
dont_allow_license_management_view: false
cloud: false
org_options_meta: {}
put:
summary: Update organisation details
description: >-
Update Organisation details. This operation will replace the existing
Organisation details with those provided in the request payload. It is
important to provide the entire object - for example linked APIs - to
avoid overwriting existing data with empty values.
operationId: updateOrg
tags:
- Organisations
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OrganisationDocument'
example:
id: 5cc03283d07e7f00019404b3
owner_name: Jively
owner_slug: testorg
cname: jive.ly
cname_enabled: true
apis:
- api_human_name: 'First API #Test'
api_id: 5508bd9429434d5768c423a04db259ea
developer_quota: 0
developer_count: 0
event_options: {}
hybrid_enabled: false
ui:
languages: {}
hide_help: false
default_lang: ''
login_page: {}
nav: {}
uptime: {}
portal_section: {}
designer: {}
dont_show_admin_sockets: false
dont_allow_license_management: false
dont_allow_license_management_view: false
cloud: false
org_options_meta: {}
responses:
'200':
description: Organisation updated successfully
content:
application/json:
schema:
type: object
example:
Status: OK
Message: Org updated
Meta: ''
delete:
summary: Delete an organisation
description: Delete an organisation
operationId: deleteOrg
tags:
- Organisations
responses:
'200':
description: Organisation deleted
content:
application/json:
schema:
type: object
example:
Status: OK
Message: Org deleted
Meta: ''
/admin/organisations/:
parameters:
- name: admin-auth
in: header
description: admin_secret value from your tyk_analtyics.conf
required: true
schema:
type: string
get:
summary: List all organisations
description: List all organisations
operationId: getOrgs
tags:
- Organisations
responses:
'200':
description: Organisations retrieved successfully
content:
application/json:
schema:
type: object
example:
organisations:
- id: 5cc03283d07e7f00019404b3
owner_name: TestOrg5 Ltd.
owner_slug: testorg
cname_enabled: true
cname: www.tyk-portal-test.com
apis:
- api_human_name: 'First API #Test'
api_id: 5508bd9429434d5768c423a04db259ea
developer_quota: 0
developer_count: 0
event_options: {}
hybrid_enabled: false
ui:
languages: {}
hide_help: false
default_lang: ''
login_page: {}
nav: {}
uptime: {}
portal_section: {}
designer: {}
dont_show_admin_sockets: false
dont_allow_license_management: false
dont_allow_license_management_view: false
cloud: false
org_options_meta: {}
- id: 5ccae84aa402ce00018b5435
owner_name: Jively
owner_slug: ''
cname_enabled: true
cname: jive.ly
apis: []
developer_quota: 0
developer_count: 0
event_options: {}
hybrid_enabled: false
ui:
languages: {}
hide_help: false
default_lang: ''
login_page: {}
nav: {}
uptime: {}
portal_section: {}
designer: {}
dont_show_admin_sockets: false
dont_allow_license_management: false
dont_allow_license_management_view: false
cloud: false
org_options_meta: {}
pages: 0
post:
summary: Create an Organisation
description: Create an Organisation
operationId: createOrg
tags:
- Organisations
requestBody:
content:
application/json:
schema:
type: object
example:
owner_name: Jively
cname: jive.ly
cname_enabled: true
responses:
'200':
description: Organisation created
content:
application/json:
schema:
type: object
example:
Status: OK
Message: Org created
Meta: 54b53d3aeba6db5c35000002
components:
securitySchemes:
ApiKeyAuth:
type: apiKey
in: header
name: Admin-Auth
schemas:
apiStatusMessage:
description: apiStatusMessage represents an API status message
properties:
message:
description: Response details
type: string
x-go-name: Message
status:
type: string
x-go-name: Status
type: object
x-go-package: github.com/TykTechnologies/tyk
APIDefinition:
properties:
tags:
items:
type: string
type: array
x-go-name: Tags
CORS:
properties:
allow_credentials:
type: boolean
x-go-name: AllowCredentials
allowed_headers:
items:
type: string
type: array
x-go-name: AllowedHeaders
allowed_methods:
items:
type: string
type: array
x-go-name: AllowedMethods
allowed_origins:
items:
type: string
type: array
x-go-name: AllowedOrigins
debug:
type: boolean
x-go-name: Debug
enable:
type: boolean
x-go-name: Enable
exposed_headers:
items:
type: string
type: array
x-go-name: ExposedHeaders
max_age:
format: int64
type: integer
x-go-name: MaxAge
options_passthrough:
type: boolean
x-go-name: OptionsPassthrough
type: object
active:
type: boolean
x-go-name: Active
allowed_ips:
items:
type: string
type: array
x-go-name: AllowedIPs
api_id:
type: string
x-go-name: APIID
auth:
$ref: '#/components/schemas/Auth'
auth_provider:
$ref: '#/components/schemas/AuthProviderMeta'
base_identity_provided_by:
$ref: '#/components/schemas/AuthTypeEnum'
basic_auth:
properties:
body_password_regexp:
type: string
x-go-name: BodyPasswordRegexp
body_user_regexp:
type: string
x-go-name: BodyUserRegexp
cache_ttl:
format: int64
type: integer
x-go-name: CacheTTL
disable_caching:
type: boolean
x-go-name: DisableCaching
extract_from_body:
type: boolean
x-go-name: ExtractFromBody
type: object
x-go-name: BasicAuth
blacklisted_ips:
items:
type: string
type: array
x-go-name: BlacklistedIPs
cache_options:
$ref: '#/components/schemas/CacheOptions'
certificates:
items:
type: string
type: array
x-go-name: Certificates
client_certificates:
items:
type: string
type: array
x-go-name: ClientCertificates
config_data:
additionalProperties:
type: object
type: object
x-go-name: ConfigData
custom_middleware:
$ref: '#/components/schemas/MiddlewareSection'
custom_middleware_bundle:
type: string
x-go-name: CustomMiddlewareBundle
definition:
properties:
key:
type: string
x-go-name: Key
location:
type: string
x-go-name: Location
strip_path:
type: boolean
x-go-name: StripPath
type: object
x-go-name: VersionDefinition
disable_quota:
type: boolean
x-go-name: DisableQuota
disable_rate_limit:
type: boolean
x-go-name: DisableRateLimit
do_not_track:
type: boolean
x-go-name: DoNotTrack
domain:
type: string
x-go-name: Domain
dont_set_quota_on_create:
type: boolean
x-go-name: DontSetQuotasOnCreate
enable_batch_request_support:
type: boolean
x-go-name: EnableBatchRequestSupport
enable_context_vars:
type: boolean
x-go-name: EnableContextVars
enable_coprocess_auth:
type: boolean
x-go-name: EnableCoProcessAuth
enable_ip_blacklisting:
type: boolean
x-go-name: EnableIpBlacklisting
enable_ip_whitelisting:
type: boolean
x-go-name: EnableIpWhiteListing
enable_jwt:
type: boolean
x-go-name: EnableJWT
enable_signature_checking:
type: boolean
x-go-name: EnableSignatureChecking
event_handlers:
$ref: '#/components/schemas/EventHandlerMetaConfig'
expire_analytics_after:
format: int64
type: integer
x-go-name: ExpireAnalyticsAfter
global_rate_limit:
$ref: '#/components/schemas/GlobalRateLimit'
hmac_allowed_algorithms:
items:
type: string
type: array
x-go-name: HmacAllowedAlgorithms
hmac_allowed_clock_skew:
format: double
type: number
x-go-name: HmacAllowedClockSkew
id:
$ref: '#/components/schemas/ObjectId'
internal:
type: boolean
x-go-name: Internal
jwt_client_base_field:
type: string
x-go-name: JWTClientIDBaseField
jwt_expires_at_validation_skew:
format: uint64
type: integer
x-go-name: JWTExpiresAtValidationSkew
jwt_identity_base_field:
type: string
x-go-name: JWTIdentityBaseField
jwt_issued_at_validation_skew:
format: uint64
type: integer
x-go-name: JWTIssuedAtValidationSkew
jwt_not_before_validation_skew:
format: uint64
type: integer
x-go-name: JWTNotBeforeValidationSkew
jwt_policy_field_name:
type: string
x-go-name: JWTPolicyFieldName
jwt_scope_claim_name:
type: string
x-go-name: JWTScopeClaimName
jwt_scope_to_policy_mapping:
additionalProperties:
type: string
# --- truncated at 32 KB (68 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/tyk/refs/heads/main/openapi/tyk-dashboard-admin-api-openapi.yml