1:02 Introduction and Guest Welcome

1:02 Hello, and welcome to today's episode of Rawkode Live at the Rawkode Academy. I am your host Rawkode, and I always kick myself for saying Rawkode three times in such quick succession. However, today we are taking a look at the cloud native API gateway take. I'm really excited to take a look at this project. It brings a lot of features and functionality to your cloud native architectures, and we'll dive into that in just a minute. A little bit of housekeeping. If you're not already subscribed to the channel, now would be a really good time to click that button,

1:32 and feel free to click the bell to get notifications for all new episodes. I'd also like to encourage you to like, comment, and share these videos to help other people discover them. There are also membership packages available at the academy starting as little as $1 per month that allow you to support this channel and all the content that is being produced. If you wanna continue your learning outside of these videos, we have a rather active Discord server where we talk about all things, cloud native, Kubernetes, eBPF, and everything in between. So come and say hello, and I look

1:41 Membership Packages

2:02 forward to meeting you. Alright. To guide us on our journey today into the Tyk API Gateway, I am joined by Andy and Budap from a Tyk team. Hi, both. How are you doing today? Hey. Good. Thanks. Thank you for having us. Well, thank you very much for joining me today. It's gonna be a lot of fun kicking the tires on this and seeing what we can do with Tyk. For anyone that is not familiar with yourselves, could you please just do as an honor of saying hello and introducing yourself? And we'll start with you, Andy, on the left.

2:33 Yeah. Hi, everyone. I'm a solutions architect at Tyk. I've been here for somewhere between eighteen months and two years now. So, yeah, I've been working in API management a little while and, before that, quite a bit of experience in integration generally. Thank you very much for sharing. And Buddha? Hello, everyone. I am Buddha. I am a product evangelist at Tyk, and I'm joining you today from Singapore. And just like Andy, actually, both of us, we joined almost at the same time about eighteen months ago, coincidentally almost. And it so happened that we also joined in right at the at the start

3:17 of the pandemic. So before I was done. Unfortunately, we yeah. Before it all went to hell, we joined the company. So but but it's been it's been quite fantastic learning more about API management. I think I've I've had worked with APIs before, but my journey into the world of API management and what that entails with the API gateways and all of the other things around security and that abstraction, which we'll be talking about today, has been really, really fascinating to learn about. And, that's that's fundamentally changed my perspective in terms of how I would architect API based

3:51 solutions now. So, hopefully, that'll be something of interest to people who are listening today as well. So, yeah, looking forward to the session. Alright. Thank you very much. And I I like that you say you both joined the company at the start of the pandemic. I also changed job at the start of the pandemic. And as such, I haven't actually met most of my team, like, ever, which is a that was pretty crap. Right? You wanna be able to meet up and and do the on sites and stuff. But hopefully, things are getting better now.

4:19 Absolutely. That's that's been exactly the thing. Because when I joined, I think at that point, Singapore was still okay, but they I think Singapore was early in terms of going into lockdowns. So I think as soon as I joined after a couple of weeks, that was that was the that was it. So work from home was the norm pretty much. So we've not ended up meeting either. So fingers crossed, we'll we'll get that opportunity soon enough. Yeah. I think Singapore has done well. I don't want us to try and test you about the pandemic. Right? And I'm definitely not gonna

4:47 rant about The UK's handling of it, but I do believe Singapore has done alright. So that's good. Anyway, I think we've got some slides from you, Bitter. Right? You're gonna introduce us to to Tyk, and then I'll do my best to get some questions across to you as we go. So if you wanna get your screen prepared and to the audience, I would encourage you to ask your questions. Drop them into the chat, and I'll do my best to relay them on to Andy and put it as we go. Okay. Your screen is live. Yeah. Take it away. I'll jump. Fantastic.

5:16 Introduction to Tyk and Platform Overview

5:19 Okay. Yeah. So I thought I'll give a quick introduction. These are just a few slides. And when I say few, it's about six or seven slides, just to sort of set the scene for today so that you understand a a little bit about, what we do, really, and who we are. So, going into the world of cloud native API management, just a little bit about us, about Tyk, how we began. We started off as an open source project actually all the way back in 02/2014. Our founder, Martin, he pretty much was looking for a solution. He found a couple of

5:20 Introduction

5:50 them not particularly to his liking, so he decided to just build one over a weekend. And that project gained some traction as he kept adding on things to it. And eventually, we got to commercializing the product in 02/2016. So it's been a pretty solid journey over the last, I think, about five years now overall. And we've built our team pretty strongly over the few years. And right now, I think we have crossed our hundred team members mark, and we are remote first. So I think we were remote first before the pandemic hit. So I think this has pretty much been

6:24 a norm for us in terms of working styles. Even though we do have offices in three different locations at the moment, UK, Singapore, and Atlanta in The United States, these are the three main offices, but we have team members in 27 different countries, I believe, at the moment. And so so we we could keep in touch completely remotely anyway. So we are remote first. A little bit about the platform itself, and, obviously, there there are a lot of things that I can go on about. I think we'll be demonstrating some of those things today, but I I picked out a couple of

6:55 them which I thought might be useful for people to know more about. And that was firstly that we are platform agnostic. What does that mean? We are an independent API management platform, which means that we are not tied to any particular ecosystem. We are pretty much neutral when it comes to vendors and hosting providers or any of those other things that you might want. We are independent of of infrastructure, so to speak. We we pretty much work play well with any of your existing stack. And overall, from a component perspective, we have a few different components, but three of them

7:33 primarily that we focus on. Starting off with the open source API gateway, which is what we are gonna be primarily focusing on today. And this is essentially the brains of the operation. This is where all the and computation primarily occurs when it comes to API management. And that's coupled with our proprietary dashboard, which effectively provides a a graphic user interface to interact with some of the capabilities that we have in place. And then we have a developer portal, which is sort of like a lightweight content management system in a in a sense, which which enables you to catalog slash publish

8:03 Developer Portal

8:13 the APIs that you've sort of managed through Tyk or have developed as well. So that those are the three main components. There are a couple more that I'll touch upon in in a little bit, but that's sort of what the extent of our platform is. And I I said, we are light on infrastructure, and we are very, very extendable. So it's very easy to extend the capabilities as well. So things that you know, we we've got a few capabilities coming out of the box. But if that is not your liking, you can very easily create your own plugins

8:42 in a few different languages, including, well, JavaScript, Node. Js, Python, and Go. Go is the language that Tyk has been built on to keep things really, really lightweight and and efficient. But if you if you do choose to do so, if you do choose to extend the capabilities, you can do so in other languages as well. Then the third point is around flexibility where we are capable of handling different API styles. And by this, I mean, essentially, not just REST endpoints or REST based API API endpoints, which is typical for for most API management platforms.

9:03 Flexibility

9:18 But we can also handle your more legacy systems like like SOAP or the more well, for the lack of better word, the the newer evolution of APIs, which is around GraphQL. By no means a replacement of REST, but it is a newer sort of technology, although it's been around for a while. But we are capable of handling all of these different API styles. So regardless of what you have as part of your stack, as part of your API product, you can use Tyk to to manage that, secure it, and perhaps extend the capabilities as well.

9:49 We have another component which we will be showcasing towards the end of the session today, which is called the universal data graph, which enables you to actually stitch together data from different data sources, which means if you do have REST endpoints, perhaps even SOAP endpoints or GraphQL endpoints, you can effectively combine all of those different data sources, data from those different data sources, and create a unified schema out of it, a GraphQL schema, and expose it out in that sense, in that fashion. And we'll show you how you can do that. Obviously, this this provides a big

9:53 Universal Data Graph

10:21 benefit when it comes to, you know, if you're looking to explore GraphQL or you're looking to bring together data from different data sources, you can do that in a low code or, in this case, no code manner as well. So we'll be showcasing this without having to write any code whatsoever. No resolve was required. No middleware required to do this. And then finally, we fit really well with your existing stack, sort of goes to that platform agnostic view of our existence where if you have your existing stack, if you have your existing products, we try our best to essentially fit in

10:51 as seamlessly possible as seamlessly as possible with that. So whether you're on Kubernetes, which is you've got the Tyk operator, enables you to manage that really, really easily, and we'll be showcasing that as well. If you are looking at API governance, for instance, we have open policy agent that will enable you to do that in a very powerful way. Or if you have if you want if you already have identity providers that act as authorization servers within your organization, then we can really easily integrate with that using the dynamic client registration. Out of the box, we have abilities

11:05 Api Governance

11:26 to integrate with Okta, Glue, Keycloak, but we are gonna be looking at further additions to that as well. So we're pretty, pretty flexible in that sense to do that. K. Just a little bit about the life cycle management. Just for those who are new to how the API life cycle sort of works, especially around the API management journey of things, there are usually two stakeholders. We look at API providers, people who are creating the APIs and making it available for consumption, and the API consumers who are effectively consuming the API endpoints to build out their own

11:44 The Api Lifecycle

12:02 product. So on the side of the API providers, you effectively create, test, secure, and manage your APIs on the side of the consumers. You are looking to discover and find out what what the available APIs are to you and how you would go about using it, develop products on top of those, consume it, and then, of course, monitor and optimize depending on how the consumption is happening on your end. So that's sort of a basic journey into the API lifecycle management, followed by what Tyk does in this space. So from the API provider perspective, things like

12:36 access control, your rate limiting, which is essentially the limitations or limitations that you might want to put in terms of how many requests that you might want to make available over a period of time. This could be part of your API monetization strategy or your load management strategy, but that's available to you. We've got an API designer that that provides you a bit bit more of a user interface to work with to to create or manage your APIs, analytics, versioning, authorization, authentication from a security perspective. From the API consumers perspective, we've got our documentation, which is, I think I mentioned around the

12:38 Tyk Component Architecture (OSS vs. Enterprise)

13:15 developer portal, which sort of handles the API consumption aspect of things. You can catalog your APIs and consume the APIs that are available to you. You can discover whatever is available to you and how to make use of that through documentation. So just as a as a simple sort of starting point, and we'll obviously see some of these in action shortly. It's a little bit about the components that we've got. This is not entirely exhaustive at the moment, but these are sort of the primary components with the API gateway, which is our open source component right at the center of it

13:45 Api Gateway

13:49 all with the ways to interact with the gateway being the dashboard, being the more graphic user interface aspect of things. This is this is part of the enterprise edition, not the open source edition. As part of your open source edition, you would have the command line interface coupled with Tyk operator, especially if you're working with the in the Kubernetes world like we're gonna be doing today. But these would be the ways to interact with the gateway and the capabilities of the gateway. On the other end, we have the developer portal, which is again the way to publish

14:21 or catalog your APIs. And then you have the Tyk pump, which is a component that enables you to. It's essentially the observability layer for, the the API management platform before Tyk. I don't I don't believe we're gonna be going too deep into this today, but this is essentially the component that enables you to look at monitoring and logging and analytics and all of those different things around observability. It basically allows us to send any any analytics data that's been generated as your gateway handles traffic. The pump allows you to send that analytics data out to any third party

15:00 observability platform. So maybe you're using Splunk or Prometheus or an ELK Stack. That's what it's there for, as well as actually sending analytics data into our own platform if you wanted to use the analytics that built that's built in with the Tyk Enterprise edition. Does this support in FluxDB? Because we know that's the best type for your database. I actually would have to check that, but ring us a bell. It does. I see it on the documentation yesterday. Yeah. Got it. Yeah. Got that. We got that. Yeah. Yeah. I'm a big fan of influx. Anyway, sorry.

15:41 No worries. No worries. Alright. Yeah. I think I think I think, like like Andy mentioned, I think it's very easy to plug into plug in this data into external systems. Of course, pump is what powers our internal analytics platform and monitoring platform as well within Tyk as part of our dashboard as well as the gateway. But like you mentioned, you can plug into external systems as well, which could include even your BI tools potentially as well. So depending on what you choose to make use of. Yeah. It's an it's an open source component. So if you did want to send Yeah.

16:12 Analytics data out to some observability or monitoring platform that we don't currently spot, you can write a a pump for it. Yep. So I I think this one sort of gives you that that idea as well. So I think this is sort of a little bit of a view of the open source landscape within a within Tyk. So I think the gateway itself looks at things like security, versioning, and body transforms, traffic control, monitoring. And part of that monitoring extension, we look at the Tyk pump. And like you said, we've got we've got support for

16:44 Influx, Datadog, Elasticsearch, Kafka as well as Splunk, Prometheus, Mosif. We are we are soon gonna be adding a couple more to it as well. But it's it's really, really simple to extend this capability. And if you if you do have an observability platform that you have, it's very easy to hook hook on to Tykbomb to to gather that information. So that's pretty much the Tykbomb we've got at the moment. There is the identity broker as well, which sort of connects to external or custom identity providers. So if you're looking at OAuth and third party authorization

17:08 Identity Broker

17:19 through any of these available systems, then you can do that using the identity broker as well. And then finally, we've got our Tyk operator for Kubernetes, which is what we'll be demonstrating today, coupled with the Tyk CLI, which, again, this is this completes sort of our open source API management offering at the moment. Just as an extension to this, of course, we do have an enterprise edition edition for Tyk as well where some of these capabilities are primarily extended. The base capability, the the open source gateway is the same that powers both of our products.

17:53 So there is no I would say there there are no two separate products under the hood. You have the API gateway, the same API gateway, open source API gateway powering both of them. With the enterprise edition, of course, a couple of things just become a little bit easier in that sense to to manage because you have a nicer interface to sort of work with. A couple of things that are associated with the dashboard, for instance, like the open policy agent at the moment and with the developer portal, like the the dynamic client registration capability, for instance, Those are

18:24 a bit more of an enterprise capability as it stands today. And, of course, the bigger one that we we are gonna be showcasing towards the end is the universal data graph where you really can design sort of your own GraphQL schema based on existing infrastructure. And that further enables you to publish those those schema stitched or sort of stitched data from different sources as a GraphQL endpoint. So I think that's sort of something that is is better shown off towards the end, but that is part of our enterprise edition here as well. And further to that, we

19:02 have a multi data center bridge, MDCB offering, which is especially useful when you're looking to manage Tyk across different multiple data centers, whether that is within a particular region or different data centers in the same region or across multiple regions, you can handle that. You can essentially install or deploy local instances of the gateway to provide all of the processing power at at a local level. But you can manage all of that through a centralized sort of control plane instead of having to manage each of the different gateways individually. So essentially, deploy locally and manage globally. That's sort of

19:46 the way to go with data center. Of course, I've I've oversimplified that a little bit because we can obviously go much deeper into the data center bridge. But I think as an introduction, I think that sort of does hopefully a good job. And from a from a offering as well as the multi geo thing that the MDCV is is also useful. I think it's more with the bigger clients that we work with where you find the different business units or teams within an organization. They want their own runtime environment. They want their own gateway, but they want

20:18 everything to be managed through this central control plane. So it also plays into that space. Yep. Exactly. And then finally, we've got our Tyk cloud offering, which is sort of our our SaaS offering in this case, which is for you to get up and running really quickly without having to think about managing your infrastructure. It is it is sort of part SaaS, part orchestration because you can choose where you want to deploy your control plane as well as your local instances of the of the local gateway, the edge gateways as we call them. And you can beyond just having a fully

20:55 managed solution with Tyk, you can also extend that further as a hybrid solution where you can use the Tyk control plane on the cloud and connect your local installations of the local gateway, which you can host in your own private cloud if you do choose to do so or in your own infrastructure. So that's sort of the the hybrid aspect of this that comes along with the Tykloud. I think with this, I think we'll dive into today's sort of today's demonstration, and I'm gonna pass this on to Andy to give you a little bit of more

21:35 into what the actual architecture of Tyk looks like. And then right after this, we will be heading on to the hands on session. So over to you, Andy. Yeah. Sure. So this this this architecture schema that we're looking at actually covers both the open source components and some of the license component as well. So it's a it's it's kind of a a a simple licensed architecture. For what we're gonna be focusing on today for the open source piece, that's essentially a gateway that sits between your API clients and your upstream services that are hosted on some API server.

21:45 Open Source Architecture (Gateway & Redis)

22:18 And the gateway has one dependency, which is Redis, and we use that to store session tokens. So it might be API keys, for example. We also temporarily store analytics data in Redis before TykE pump picks up that analytics data and sends it off, where it needs to go. So, in terms of, an open source installation, it's pretty simple. It's a gateway, and it's Redis and optionally pump. Okay. I think I'm gonna stop sharing the screen now. I do wonder if there are any questions that might have already come up at this moment. Otherwise, we can head on over to the

23:05 next segment. Nothing from the audience yet, but I'm sure they'll be in with their questions soon. I guess something that pops into my head through that is, like, what what doesn't Tyk do? Like, that was a healthy list of features. Right? Like, I mean, I guess that shows the maturity. Like, I didn't realize Tyk was seven years old at this point in time. So it's been developed for a while. I didn't realize the company had a hundred employees. I mean, that's a sizable you know, that's no venture beyond startup. Right? Like, Tyk must be kicking a lot of ass. I imagine a

23:06 Discussion & Q&A (Maturity, Redis vs. etcd)

23:38 lot of people are using this and I'm just really disappointed that I personally hadn't heard about it until recently because it seems to solve so many problems that I have in API management and a cloud native environment with microservices with delegated authorization. All all all these things are super painful, and all this time Tyk has been sitting there in open source land and gutted that I just missed it all this time. Yeah. We we sometimes call it batteries included, so it's it's it's cloud native. It's pretty lightweight. It fits in nicely with modern requirements around automation and CICD

24:13 and all of that. But it it remains lightweight while still providing a ton of capability. Awesome. Well, I think we just dive straight in and we start playing with it, and let's see what we can do with Tyk. So Let's do it. Let's pull up my screen share. I have the homepage here. For anyone who wants to check it out at their own time, you can visit tyk.io. I also have access to the getting started gate available via the documentation. And I have one Kubernetes cluster ready for us to start deploying too. But we haven't

24:46 done anything upfront other than provision a Kubernetes cluster and everything else we will do as we work through this. So we do have a question if you want to tackle that from Russell, which has just slid in there before we started our hands on component. So Russell asks, why Redis when etcd seems to be the default choice for key value storage and the cloud native ecosystem? I mean, it was an an architecture choice going back four, five years. I don't know if there is under consideration something like etcd to to bring in in the future, but I

25:26 think Redis has served us pretty well over the years so far. Yeah. Redis is a great database. Really, really fast. Written in c works really well. Guess the I mean, I'm I'm just gonna put words in your mouth. I don't work for Tyk or not even know why these decisions were made. But I would sometimes reach for Redis because the operational complexity versus STDs are lot simpler. And I wonder if maybe that was a decision there. So good question, Russell. Hopefully, that gives you some answers. Okay. So getting started guide. Now are we going to run through

25:58 Hands-on: Setting up the Kubernetes Environment

26:02 We're gonna do an install. So Yeah. Let's try and run through this menu structure. So install open source, and then for all of these different flavors of installation, be it self managed license or open source, there's there's all there's a number of different options. So I think somewhere either at the bottom of this page or in the menu on the left, we should be able to find our way to if you just scroll down the page, then there's an OSS section in there. And then I think probably from the left hand navigation on this page, you'll see open source installation.

26:41 Open Source Installation

26:44 Again, bunch of options because we can be installed on bare metal or virtual machines or Docker or Kubernetes. Let's go for a Kubernetes install. You read that name. Yeah. I was hoping you were gonna go along with this, then TykOSS Helm chart is how we shall do this. Okay. So we do have a couple of options here. Right? We can use the Helm charts. We can deploy directly with manifest and there as the operator. So are we going with Helm now and we'll look at the operator later? Is that the plan? Yeah. So how it works is

27:18 for installation, customers, most people we work with, they're gonna use the Helm charts to actually deploy Tyk, and then they would use the operator to actually publish API definitions and actually, yeah, publish their runtime resource. But the the the the the gateway itself will install with Helm. Cool. We have a cataculta scenario. Those are all the latest. I think this just popped up yesterday. So the the the docs are, yeah, on under change at the moment. So I think if we wanna work in your own terminal, in your own Yeah. This is directly just This is this is something

28:01 that we've sort of we are sort of introducing so that people can have a hands on component really, really quickly early on if they want to try it out without having to set things up for themselves. So, hopefully, that is gonna extend out to other aspects of the of the documentation as well. I think we've we've done a pretty decent job getting it up and running so far. So, hopefully, next time we speak, we'll have a even more complete part of this. Nice. Well, I have added the repository via Helm. I have run Helm repo update. I have created the Tyk namespace.

28:34 And now we have to install Redis first. Yep. And this we we within our Helm charts, we ship with a a simple Redis, which is really there just for, I would say, evaluation, just getting to know Tyk. There are official Vietnamese charts as well that you'd be more likely to use in a a real environment. Okay. So I ran that. It looks like a Redis was happy. I was oh, no. That's What's that process? Okay. There's our Redis inside. I was a bit worried we weren't gonna get a happy Redis because I don't remember if my cluster

29:17 has a CSI driver deployed, but it looks like it's okay. So phew. Phew. Yep. And now we can install take I'm assuming CEO's community edition. That's right. Actually, I was just gonna say before you do that, I think there's a little bit of configuration to do. So we might have to uninstall that. It's actually further down the page. So it breaks all this down and there's a step there where we actually there's some configuration values. We should at least have a look at that values dot YAML file. Yeah. Of course. So I I I would uninstall what

29:59 you just installed and then Okay. May maybe it just works, but so Yeah. I I can remove it. It it that's not a big deal. So we can do a helm l s at minus and take l s and delete. I mean, maybe if we could just leave it, we could try it. That's okay. Let's let's not introduce opportunity for things to go wrong just because I'm too quick to push the return key. So we do have our values dot YAML here. So Assuming I should change this. I think for now you can leave it.

30:39 It's up to you. Normally, you would, but, yeah, we're gonna need whatever you put in here, we're gonna need at some point. And then we have a some options here that tells Tyk how it needs to connect to Redis. So there's two options. There's that first part there, which is what we should use, that's, I I believe, the Redis service that you should have running now on port 6379. Yeah. It seems this is the default, so we should be okay just to leave that. Yeah. Then for what we're gonna do today, that's it. We're not using Mongo. We're not using pump.

31:21 So k. And then there's some gateway configuration around as a daemon set, supposedly on node port, cluster IP, and then there's the pump config. Okay. Yeah. I'm just gonna I think there are other than that as is should be okay. Just running. We'll find out. We'll see. So now if we take a look at our namespace, we have our three gateways running. That's because it's a daemon set and I have a I think a three node cluster. Okay. Interesting. Right. Is that what you expected? I've never tried it on anything beyond a a a one node cluster myself. So

32:08 yeah. And that that that in terms of installation, that's it. So we should have a gateway there. So you should be able to I would normally port forward my my service so I can hit my gateway from local host. So I don't know if we can just use one of those gateways. And then 808443. Perfect. Yeah. And then if you've got another window, there's a little health check we can try. Yep. What's the path? Slash hello. Let me zoom in on that. Oh, too much. Woah. It's okay to me. There we go. So we got a status

33:01 pass. We get the version. I get a little bit of description, and we get some information about the Redis connection. So to you, that looks like we have a healthy Tyk gateway running. To me, that looks pretty good. Yeah. Perfect. There you go. Painless. Absolutely painless. So So if we go back to the docs now and on the left hand nav under getting started, And we can start with create an API. And there's three tabs there. Yep. Perfect. So open source is the way we're gonna go. So with with the open source gateway, there's there's actually there's three ways to configure an

33:44 Configure an Api

33:45 API. So the first way is to actually configure an API definition, which is just that it's it's it's a JSON file. You would configure that on the file system. Option number two is to configure an API via the gateway's REST API, and I I think that's what we'll do next. And then once we've been through that, we'll have a look at how you would do this with the operator as well. Okay. So what you're saying there is to get to find an API with the TykEatway, we're gonna author something locally, have the rest API of the gateway is

33:51 Hands-on: Deploying and Testing a Keyless API

34:25 gonna do it. But at the same time, or at least afterwards, we can use the operator, which will allow us to use a custom resource to apply the same thing. That's right. So the operator essentially provides a number of custom resource definitions that basically allow you to work with Tyk in the same way that you would any other kind of Kubernetes object or or or primitive, and it allows you to do this in a kind of GitOps style declarative API management. But if we if we start with step two there, and so we've got a sample

34:59 API in the docs that we can use just to just to start things off, at the top of that curl command, there is an authorization header. The value for that authorization header should be your secret that was in your values dot YAML file. I can't remember if we left it as changing it. I did also notice as well, these docs have just they've just been they've been through a bit of a refresh, and it looks like something's gone amiss. So at the bottom of that kill command, you'll notice there's a missing closing quote for the payload.

35:37 And we're also missing the URL support and the path to the API endpoint. So I can I can take you through all of that? That has actually I've I've put a PR and I'm just waiting for that to be merged. Alright. Okay. So let's go with create an API. We're dropping our curl. I'll call host 88. Pilot's trying to get Too fancy there. Alright. The path is? Slash type slash APIs. Oh, the Copilot knows. See? I don't know if you've played with Copilot yet on Versus Code, but it can read my mind. It is ridiculous. Wow.

35:51 Create an Api

36:22 And I think that closing quote should be a single quote. Yeah. Well, yeah. There's doubles and syncs. Yeah. You're right. There we go. If the syntax highlighting doesn't work, you've messed up. That's my rule. Okay. And then, yeah, change the secret, the authorization header to whatever was in the file. I think we left it as default. Yep. I'll just make this a a real script. So that should be able to run now. So this is going to authorize against the Tyk Gateway, sending a post request. The payload this is how we describe an API then. So we

36:55 have to give it This is how we yeah. In in the nonoperator world, this is how we describe an API. There's actually there's a hell of a lot more that you could put in here that we're kind of doing bare minimum hello world type at the moment. So just the fields that we need to publish this API. That's essentially it's gonna be as simple as it can get on Tyk. It's gonna publish an API that should be keyless, so we won't need any kind of API key or other type of token to be able to hit this,

37:31 and it's gonna proxy to this request response service out on the Internet. Yeah. Nice. HTTP, Ben. I like that. Yeah. It's yeah. Okay. Let's create our API. So I'm gonna need to keep my port forward running. So let's just Yep. Put this. And I should be able to just run or create an API. Did that work? No. Getting connection reset back here. Let me recreate the port forward. Oh, hang on a minute. Sorry. Go to port forward again. If you bring up yeah. This port forward eighty eighty to four four three, isn't it? Yeah. What did I get here? Local host

38:24 a is it HTTPS or HTTP? HTTP. Sorry. That's it. That's better. There we go. Yeah. You can I mean, if you want to enable TLS, there's options in there to do that? But yeah. Does it have native ACME slash let's encrypt support, or would that be something I use cert manager for? You use cert manager for that. Alright. Okay. I think we as part of the operator installation, there's a step in there to actually install cert manager. You can actually build use operator to operate this gateway that's running in your Kubernetes cluster, you can also I'm not sure if

39:01 we mentioned, you can also use it to publish APIs and control non Kubernetes gateways as well. You could even point it at a a Tyk installation in Tyk Cloud, a SaaS service. So the operator itself is dependent on Kubernetes, but you don't have to use it to manage Kubernetes environments. Okay. Cool. Now if I'm following a lot blah blah blah. If I'm following along correctly, I I feel like I should be able to run local host local host hello world, and that would be proxied onto the API, or is there something to the path I need to augment it with in

39:40 order for that to work? So you would you might need a closing slash, and it's sometimes useful also to use. There's a bunch of methods on HTTP, bin, one of which I normally use is a slash get operation. But, yeah, try and try try and just hit hello world. Not quite. So let's go through this. I wanna make sure I understand this definition correctly. Yeah. So we've added something to the tech gateway that says if we ever request hello dash world slash, the the prop the request will be proxied through to the HTTP band service that you have publicly available here.

40:25 Although it does this trip lesson path. I'm not sure what's happening there. Oh, yes. Because when you pass it on to the following service, it takes that path off. Right? So it would just be slash on the remote service. Okay. And I don't think much of this is particularly important for right now. That is except for the keyless and off, we're just saying that there's no authorization on the remote API. Is there anything that you want to highlight here? Or is it am I correct to say that it's not that important right now? Andy, did we lose you? Yeah. I think

41:03 his Internet's gone. It's alright. Yeah. So I kind of expected this to work. Let's let's let's try try that a little bit differently. Maybe just I think maybe we don't need that x get for now. Let's if we were to get rid of that, just make the curl request. Is that just not finding the way okay. Yeah. I mean, we did create the API, didn't we? Yeah. We got 200 okay key hello world status action added. We should follow the documentation instead of me making it up. Maybe that's a good idea. So we we did see this. We're happy

41:53 with that. Mhmm. Oh, so there's an API's invite to pull them up. All you have to do think yeah. That I think is the authorization. Yeah. So we have to tell it to reload or restart the pods. So let's try the reload command then. So let me fix it off. So this is change me. Change This is HTTP local host, and I am forwarding on 8,080, and we're just passing a reload. And that looks okay. So I think now You need to you do need to hot reload the the gateway, I think. So I think that's that's why it's not picking up

42:38 the API otherwise. Yeah. I think that's what we're missing. So I think it worked now. Yeah. Yep. That's what was missing. Perfect. Yep. So I I think if you do if you run the same with the get at the end of that, so if you curl that with slash get, yeah, I think you should get a little bit nicer. Yeah. I think you get this one, which is a bit more easier to read rather than a, you know, HTML sort of thing coming through. Yeah. Definitely. Yeah. That's all. Yeah. Okay. I think we've got Andy back in.

43:04 Q&A (Hot Reload, Logging)

43:08 It was hard to lock it, didn't it? Had to happen. We did talk about it right at the beginning. It just had to happen. But we managed came back pretty quickly. But, yeah, then I I had trouble getting back in the session. But, anyway, I'm back here. So yeah. Sorry about that. We're we're smashing it. We're we're we're we're reading the documentation. We we we got through it. It was I think we needed to hot reload the gateway. So I think we just did that, and it seemed to be working at the moment. So that's

43:34 not a problem. Will be the next step. Yeah. Cool. Okay. Okay. So we did the reload. I can now proxy a request to the issue to prevent instance, and that's working quite nicely. Lovely. Okay. Right. So we've we've created an API using the REST API. We've we've hot reloaded. There's other options in here to create a file based, but I would suggest we move on to actually the next step in the tutorial. So I think that will be access and API. Oh, you might have asked a couple of questions. We also have one in the chat.

44:11 So Yeah. Sure. Why is the hot reloaded into Say again. Sorry. I was just gonna ask one one one final thing, one one thing. Andy, do we need to hit any other specific endpoint to for the hot reload to take effect? Something around the slash API slash reload or something on those lines slash Tyk slash reload, or are we good at the moment since we are getting a response? Is there anything else that we need to do to make sure it's it's all okay? If you hit that if you sent a request to that slash tyk slash reload,

44:43 you're good. We did And by virtue of the fact that you were able to actually send request and get a 200 response suggests that it has hot reloaded. So why is the hot reload not automatic when I create new p i's APIs? Like, why do I need to manually do that? In the enterprise edition, this is one of I'm not sure it's a benefit, but that's certainly something that happens. So when you in the enterprise edition, you publish in the dashboard, and then, basically, there's a a pub sub channel between the dashboard and the gateways, and

45:17 they hot reload automatically. In the gateways, why that is not built in by default? I honestly I don't know. But Okay. So oh, yeah. We got a a question from Russell who is asking, so what logging does take pervade? Does the log acts like whenever I is there an auto log for when I create or delete or edit APIs? Is there a logging when I access APIs? Like, what kind of stuff does it emit? There's so there's a number of things. So as as you send requests to the API, analytics logs are generated, and that's where this component that we mentioned

46:03 in Buddha's intro, we have this component called Tykbump pump, which essentially allows you to take those analytics logs, which could that could actually be full payload information or it could just be metadata and forward those analytics logs off to a third party analytics or monitoring system. There are also audit logs that that may be an enterprise thing I'd have to check, but in some part of the stack, there are also audit logs that show you when an administrator has published a new API definition, for example, or maybe they've they've created a key, they've done something

46:49 that we generated an audit event for. Alright. Perfect. Thank you very much. Okay. So what do wanna do next then, Andy? What was it you said there? So I think the next step, if we just scroll up, there's a next the next step in the tutorial is to access an API. We'll have a quick look at that, and we're we're gonna have to change something to do this. So this is right now, we've got an API that was we set it as keyless. And so what we're gonna do instead now is we're actually let's first of all,

47:05 Access an Api

47:25 we'll publish a new API, and I'll I'll I'll take you through what config you need to provide for that. And then we'll generate an API key that we'll then use at runtime to access that secured API. Did that make sense? It does. Yeah. So I think if you go back to the the definition that you had previously and let's just create another version of this and, yeah, maybe call it hello world two or something Or whatever you want. Create an API two. Why not? Come on, computer. You can do this. Okay. There we go. I mean, we could

48:14 just update that. We could send a put request and update the existing thing. But if we just create a new one so we'll give it a new name, change the slug, change the ID. Instead of use keyless, if we change that to be you could do that or you could just simply not have that configuration item and instead use we'll put in there in its place, use stand use underscore standard underscore auth. Oh, look at that. Oh, tried to and now it's no one no other things I want. Swagger. I'm sure it's off, but Yeah. Yeah.

49:00 And we'll set that to true. Is that it? Yeah. We've got the off header name. Yeah. And then I think just change the listen path that's in there somewhere. Oh, hello world tour. Yeah. Okay. Done. Cool. What's really, the main difference here is we have removed to use keyless, and instead we're using standard off. So what what does that mean? So it means to access this API night, now you need to provide a a bearer token that's been either generated by Tyk or imported in as a custom API key into Tyk. Okay. And so, yeah, that that's the next part

49:55 of the tutorial. You you you publish an API that's secured and then we generate an API key. And so if we Copy this. Take this and then we'll have a look at it and we'll we'll chain we'll change the API that it's trying to access. In fact, I think it's just templated, so it should be fine. Okay. So this is create a key. That should be change me. Yeah. Okay. So this is interesting. Right? So when we create a take key, we can actually set quarters and rate limits that allow you to access the That is really, really cool.

50:39 Yeah. There is actually another way to do this, which it's it's not part of the getting started guide. So you can do all of these things directly on a key, that's, I suggest, that's what we carry on doing. But there is also another object in Tyk called a security policy, and a security policy, basically allows you to kind of centralize the control of these keys such that imagine you've got hundreds or thousands of these keys that are set with certain rate limits and quotas on day one. If you wanted to go in and you wanted to

50:53 Security Policy

51:13 update all of those rate limits rather than updating all of the keys, If you use policies instead, you can just update the policy, which when you create a key, you template on values from the policy. So you see much the same configuration. You see rate limits, API access control lists, all of the same stuff. When you create a key from a policy, if you were to update that key, any related sorry. If you were to update that policy, any related key would also get updated. Okay. So there are two things in my head. I'll start with the the question first, and

51:44 Q&A (Rate Limits, Quotas)

51:48 then I'll add on the the weird thing that I wanna break on this key. So I I do a lot of automation with the YouTube API, and I have very strict quotas from Google on that YouTube API. Is that something I would try to replicate or emulate using a key intake? Or would I just rely on YouTube returning their quota saying I'm over? Like, if you were doing that yourself, how would you make that work? So just repeat that again. So, yeah. Whenever I created the YouTube API, I got a quota of, like, a thousand requests per day. Now would I

52:22 then try and replicate that quota with a take key so that I never really quite hit the YouTube one, or would I just rely on the YouTube one, throw in the error anyway, and handle it externally? So, typically, you offload that kind of thing onto Tyk. So, yeah, quite often, we work with customers that have historically, they've implement their own kind implemented their own rate limiting or quota quota system. Generally, you just when you introduce a gateway into the infrastructure, usually, you would leave that type of thing to be performed by the gateway. If if you if if your if your

53:02 API if you're saying that YouTube YouTube's already providing it, I would still do it in Tyk. Apart from anything else, if you use a a Tyk API key, as requests come in, you're gonna get analytics in Tyk via the pump to understand who's using what and when and how much. We would tie the analytics to the key. We also have we didn't configure it, but we've got rate limits on a key are fairly typical. We also allow you to configure rate limits on an API definition. It's actually it's a different use case at that point. That's more

53:30 Rate Limits

53:39 about protection. So if you know your infrastructure can only handle so many requests per second, then it makes sense to set a rate limit on the API definition rather than setting rate limits per consumer. Yeah. That makes a lot of sense. Thank you for that. We have a a couple of questions in the chat. So Bella is asking, is it possible to set a client max rate limit? I'm not sure I understand that. I don't know if that'll make sense for you. So a max rate limit per client. Like a rate I mean, the rate limit we set is

53:59 Is It Possible To Set a Client Max Rate Limit

54:12 the the maximum. So if you were to update that rate limit to be five requests per minute or or or second, that's the maximum amount that they can send. Okay. And one for the last question. Sorry. I I think the question might be around, if there is a restriction on the number clients themselves rather than the request. I think we go based on request. So regardless of I'm assuming is it is it specific for those requests to come from specific clients? I would assume not. I think it's dependent on the number of requests coming in.

54:43 So you set a rate limit per client. That's what we're doing here. The rate limit is tied to the key that we're creating. There is also that other rate limit. So we could have set a rate limit on an API. Say that rate limit was a hundred requests per second, and then you start issuing keys that have rate limits. The rate limit on the API definition is the one that rules all. So regardless of where the requests are coming from, if you hit that rate limit, you're gonna start getting four two nines or whatever it's gonna be.

55:17 Okay. Thank you. Okay. So we got one more question from Russell who's asking if those quotas could be part of a group or company level rather than a key. So could I set, like, my say that you know, we see org ID in here. Like, say I want to split my team into multiple organizations. Can the quotas be applied to that org ID? I think there might be some kind of organization quota. We might have to dip dip into the docs there to check it. Yeah. I guess you could always generate a key per group or team with that. You

55:55 could have a key shared by members of a team or group, I guess. Yeah. I'm wondering whether there is actually. There's something at the back of my mind that we've got some kind of organization quota as well, but I can't remember what that looks like. We can have a quick look in the docs. I could have dreamed that. Alright. Well okay. So let's can we change this quota to be one request per minute just so that we can, you know, contrive a situation where we get we get we have the quota. You can you can generate another key.

56:16 Hands-on: Testing Rate Limiting

56:32 So So would that just be allowance one, rate one? I think the per is that's per I think that's second. I'm just gonna bring up the docs myself and just check this. I think I think per is is per second, I think. So I think if you that's that's one of the best I can't hear you very well, Budder. Sorry? I can't hear you very well. I don't know if that's just me or Is it is it okay now? Are you Oh, yeah. Budder, your audio has dropped. What about now? Any changes? Anything? No. It's

57:17 still very, very, very quiet. Well, I get you guys continue for the time. Yes. Whatever you did there fixed it. Okay. Okay. Fine. No. I was just saying, I think it is per second. So it's a number of requests you do per second. So I think if you put it something like two requests over ten seconds, it'll be a little bit more visible, I would imagine. I think the allowance is actually deprecated. We'll leave it in. But allowance and rate are the same thing. And the rate is a is that is that one so that that

57:52 the unit is second. So that's one request per second you've got there. So I I think one second might be too small a time frame so for you to check it out. So maybe if you just do one rate per, I don't know, three or five seconds perhaps over the Five per 60 is something that's easy to check or or one. Yeah. Okay. Let's do two requests per one minute. We can we can I can take that fast? So and this is gonna restrict access to our hello world too, which is the API that we

58:23 have requiring standard authentication. So Yeah. Let's create our key then. A key. That's a good point, actually. That key could actually give you access to a bunch of different APIs. Or you can actually go further than that, and you can actually create keys that give access to different paths within within different APIs. So you might have some users that you want to be able to access all all all all paths within an API, for example. There might be others that you I don't know. You but you only wanna be able you want to be able to

59:01 limit them to the to the get requests rather than be able to create and update stuff. Alright. Okay. I'm get I'm getting cocky now. I think I know what I'm doing. So like, if we did this oh, what did I get wrong? In the header, you need authorization. What? Oh, yeah. It's authorization and then better space. Right? Like that. Yeah. I mean, you don't actually need Barry. You can it'll work if you include it, but you don't need it. Okay. What have I broken? I did call it hello world too, didn't I? Oh, I've not created it yet. Bet

59:50 you. Oh, I did. Okay. I think I've done something wrong. Let's so the API did you hot reload? No. Okay. We've reloaded again, brother. Access to this API has been disallowed. So that means that my authentication failed? It does. So either it means where it thinks we're trying to hit an API that this key hasn't been provided access to. Did we definitely API oh, the the case is different. So Yeah. Hello, world two. Hello, world two. Is everything okay. I think the case That might do it. Oh, this one's got a small w in it. I guess the slug doesn't really matter.

1:00:57 Right? It's the ID and the name. The ID. Let's try it. Let's try recreating that key. Yeah. And we get a new better token. Do I need to reload for keys? No. No? Okay. So we can probably quicker to go this way. Get okay. That worked. So we've two per 60. So this one should work again. And we would expect now to potentially see lefty. There we go. Oh, if I had to chat or tell us we forgot to reload. Thanks, Moe. Good to good to hear all paying attention. Alright. I like that. I like being able

1:01:48 to define the keys, which APIs they can access, build down all that rate limiting, etcetera, into it. It's a nice nice little feature. Do you fancy having a crack at the operator? Let's go for it. I'm feeling like we can do this now. So let's do oh, is it getting started? Install open source. Let's see if the operator's in the docs. You might it might be as easy just to go to the so the install instructions for the operator are in the GitHub repo. Yeah. I've got it here. And there's a link there installing Tyk operator,

1:02:34 Installing Type Operator

1:02:36 so let's do that. We're just past the hour mark, but I think we're good for time. So all of the prereqs, I think we're fine with. It says cert manager must be installed. Yeah. It's part of the instructions, so we'll we'll we'll do that. That's included. The operator so you can actually you can point operator at both an open source installation, which is what we're gonna do, so we're gonna point it at a gateway. If you're running the enterprise edition of Tyk, then you would point it at the dashboard instead. But for us, it's a gateway.

1:03:19 So could you maybe just zoom in a little bit? Just perfect. So we'll if we yeah. And you can create a separate namespace for this, but equally, if you wanted to run it in the same name namespace as your gateway, that's fine as well. Just make sure that we update any of the commands that we need to. Okay. So let's just take namespace. Yeah. Create a secret. And so the auth is going to be our change me. Correct. And the org, I don't think we set one. Is that just one? Think yeah. We can use one. I think that's what was

1:03:58 actually set in those definitions. To be honest, org is more an enterprise thing. It has more meaning because the the enterprise product is the dashboard is multi tenant, an organization equals a tenant, but we'll we'll set that to one. This should be your Kubernetes DNS for that type gateway service. What's the mode? If you go back to the dock, I think it's tight c or just c for yeah. Okay. So we're putting on the same same namespace, which means it should be able to have it on just just take Time. I guess we can let's just expand that out

1:04:43 just in case. Was it just Tykall? Was it Tykall? I think if you have a look at the service in in Kubernetes, then it will be something like type c headless. Something something something. Yep. You are correct. Good catch. So let's set this to first dot take dot s v c dot cluster dot org. Okay. Let's do this. We have our secret, and then the next step is to So there's yeah. There's options here for the operator to be able to just watch all namespaces or if you're only interested in watching certain namespaces, you can do that.

1:05:27 We can skip through some of this. The next install instruction is, I think, will be to install cert manager. So we can just copy that. Then Just a quick one to just just point out. You sort of I'm I'm hoping I'm audible now. When you when you created that service, I think instead of using Tyk, I think it's tk y as opposed to t yk. I don't know if it is intentional or not. If you go back to the command line, the service that you've got there. Oh, there's a tky.svc.+dr. Good spot. Yeah. That's the headless.tky

1:05:34 Install Cert Manager

1:06:14 instead of tyk. Yeah. Yeah. We we might need to correct that. Alright. Secret. It's gonna fail, so I'm gonna have to delete it. The secret. Good catch. So we've got cert manager. We've got our secret. Now we could deploy the CIDs. Yep. So it wants me to have this code locally. Right? No. Oh, yeah. Yeah. Sorry. And the CRDs can just be applied from there. I guess that's not gonna be take operator helm CRDs. And lastly, we can install our helm chart, which is just gonna give us a secret for configuration. Yeah. We'll change that namespace as well.

1:06:47 Deploy the Crds

1:07:30 Yep. Just a second. Just go back to the docs. Yeah. That looks correct. Okay. Sorry about haven't finished. Oh. Uh-oh. Describe. Oh, it's a crash lit back off. Hopefully, that's it just getting healthy. It could be, but it's been a while. I'd be a little bit suspicious. That's a fun message. Error registering call only. Okay. It's cert manager. I mean, this is a one twenty two cluster. It could just be cert manager. And it's a a newer version. I think we installed one zero three, which is a little bit old. Let's just go over the top of it

1:09:00 and see if that helps. Yeah. It seems about It looks a little better now. Yeah. Yeah. Okay. So let's try I will have to to set up grid. I thought you could do dash dash name. Oh no, it would be dash dash install, but we don't even need that anyway. Cool. So we have our three gateways only now. We have our operator container crane. So let's just pull in the image. So we got a comment from Chandra. It might just be an API version deprecation. Yeah. I think we just updated the the new assert manager.

1:10:06 A lot changed with one twenty two. A lot of APIs disappeared. So Right. So while that's coming up, why don't we head back to the docs for Tyk operator, and we'll just try and we can either build one from scratch, but given it's ten past three, it might make sense to just go into the samples and so if you go back to the root of Tyk operator, there's a config folder. Yep. And within there, there should be a samples directory. And then down the bottom or somewhere in the middle, in fact, there's a h t

1:10:49 t b bin dot yaml. We could work with that. We might need to change the name and the ID, but just scroll up a bit. There's just like a basic keyless thing, the equivalent of what we did when we first created an API using the gateway REST API. Yep. Okay. So we can do let's call it c r dot yaml. Let's define the new API. Let's change the name. Something else. So I don't think we have on code. It should be better. It's just called hello world. So we should be Oh, you're right. Yeah. We should be fine.

1:11:27 It's not okay. Yeah. Let's just go to I'm confident. Gonna work. Assuming So hope hopefully, the it's still creating. Okay. Let's see. It's waiting for Cert manager. That's not a certificate. Setup failed for volume. Cert. Webhook service cert not found. Is this? I think what happened is when we did the upgrade, we skipped one of the hooks that's probably required to generate the cert. Install and do it again. Yeah. Sorry, Fu. Same for you to leave. We could just do that again. Okay. There we go. Yeah. So just that broken install. I think we missed

1:12:35 a hook, but we appear to be alright now. Yeah. There we go. Two of two ready. So we can apply our c r dot yaml And Yeah. So you could do that. If you do that, k get tyk APIs now and just see if it's actually there's a thing configured that the operator's aware of. Type slash tyk slash a p I if you wanted to hit the rest of it. Oh, my key. And you do the key as well. I'm making this difficult for myself now. What was it? X take authorization? Very good. There we go.

1:13:21 So that means I'm just gonna feel really confident now. I I really wanna get to business demo too. So we should be able to have HTTP bin get now. Yep. Oh, reload. No. It shouldn't need to reload. I'm doing so kubectl get tyk APIs, all one word. Enabled. The path is correct. We might actually have to look in the operator logs. Oh, k. But, I think perhaps we just we'll move on. The manager. Yeah. So it did reconcile. So I was a bit quick to skip looking at this APIs, but we should be able to see all the APIs registered with

1:14:35 the gateway. Right? So there's hello world. Hello world two. And do we have h to be pinned? No. Okay. I don't think it worked. Correct. I think I think it might need to you might need to apply the file. No? I think I thought we already did that. But Yeah. Because we can run take APIs, and we can see it here. Yeah. Type APIs thinks it's there, but for one reason, I don't know why. But And the manager does seem to think it's reconciled. Are are there any errors in there if we look a bit further up? Or

1:15:33 Creating. Completed. And that is definitely the gateway on the node that we've been testing with. Because I know you, when we installed the gateway, I think you said you had a three node setup. So they're not clustered by default? Yeah. So that's the the clustering in the open source gateway, that's not there by default. And so, actually, yeah, if you're using the operator, that's something you've got to think about. We do have customers that run TykEatWay in a kind of highly available fashion. I believe they use the, file system method to configure their APIs. So

1:16:27 either they're using some kind of shared file system or some other way to make sure that their APIs are published on all the gateways, but there isn't any clustering by default as part of that open source deployment type. You you get that by default if you use the the licensed version. Right. Okay. So why does it deploy as a daemon set? That seems a bit strange. It's I mean, it's it's it's so that's a default setting to get started within the health checks charts. You can go in and you can change that to be a

1:17:04 a deployment. Maybe we should have done that, actually. Alright. I'm sorry. We have seen a lot of really cool stuff. So really nice. I I like the operator. I'm gonna have to play around with this a little bit more. But in the interest of time today, and I don't wanna keep you here all afternoon, why don't we allow Buddha to run through some of the shiny UI stuff that we have available as well? But you wanna pop your screen up, and we can jump over to that? Yep. Great. Okay. So before I get started, there are a couple

1:17:39 Installations

1:17:39 of installations that I have. One is purely the Tyk cloud, which I'll show you. And the other one is a local installation that I have on my own system. So you can do either one. I'm not gonna go through the installation process again, which might take a little bit of time, but it pretty much follows a similar structure. Maybe it's actually, it might even be a little bit easier in terms of installation. Follow the docs. You'll be able to get up and running really, really quickly. The only difference between the cloud versus the the enterprise edition for installation is that when

1:18:10 you're starting off with a free trial on the cloud, it you don't need a license key. I think for the local installation, you will need a license trial license key as well for that. So that's pretty much the only difference. Otherwise, you can pretty much do the same things as you can do local versus cloud. So I'll just show you the interface of both of them just so that you know a bit, And then I'll go into the universal data. Okey dokey. So let me share the screen. Hopefully, I'm just gonna share. Alright. There we go. So this is the

1:18:46 Tykloud. So this is sort of the overview of what we are providing here. So Tykloud is a little bit different from basic SaaS because it's more of a it's sort of a combination of a completely managed solution plus an orchestration solution as well, where you can choose regions to deploy your control plane as well as edge gateway. The control plane, which is essentially your your dashboard for for management of your APIs, essentially is in the region in which you are based out of. So you that's a singular region that you would choose. For instance, I

1:19:20 have chosen Singapore at the moment, so my control plane is gonna be deployed in in Singapore. And then within the control plane, you have options to actually add on further gateways, local gateways or edge gateways as we call it. So I already have a setup with a control plane and the edge gateway. If I go into this, you'll see that I've got my manager dashboard here and developer portal all set up, which I can access through this URL. And underneath this all, I've got the edge gateway, which is gonna be my localized gateway for the processing part of things.

1:20:01 To just give you a sense of the dashboards, So here you go. You've got your dashboard, which is essentially an overview at the moment of all the API activities that is going on. This is as an overview. And And then you can go into the specifics of this, which I'll go over when I switch on to the the on premises version. But you can see your APIs that you might have created. You can have your policies and keys, which I'll touch upon shortly as well. So it's it's kind of like the a user interface for you to interact with

1:20:37 whatever is going on at the gateway level or whatever capabilities that you want to make available. The only other thing is in terms of deployments and things like that, it's it's pretty straightforward to do this over here if you do choose to deploy a new edge gateway. So if you're man trying to manage multiple local gateways, you essentially put in a name, you add in a type, and then fill in a a few information, and it would be ready to go for you. The the interesting part is also around versions because we do have certain versions available

1:21:10 already. The latest version that we're working on right now is three point two point one. And but you can add older versions as well if you do want to do so. Probably not recommended, but in case that is something that you're looking at. So in the interest of time, I'm gonna switch over to my local installation, which is gonna seem very familiar. So this is a local installation at the moment. This should look very familiar from a dashboard perspective, very similar to what we had here with the Tyk cloud. And in here, we've got a few different capabilities.

1:21:31 Demonstrating Universal Data Graph (UDG) and GraphQL Stitching

1:21:41 And so what I'm gonna be doing today is that I'm gonna be showing you how you can use two REST endpoints and construct a GraphQL schema using that. And then once we have the GraphQL schema, we'll add in a little bit of security policy on top of that as well. So before the example that I'm gonna be using, I'm gonna be using this user information, which I've gotten from the website, jasonplaceholdertykico.com. I'm gonna be using users, and I'm gonna be mapping this as as in the form of a GraphQL schema. So, hopefully, this is visible,

1:22:20 And I'm gonna head back onto my installation, head on over to APIs. I've got a bunch of these already, but I'm gonna create a new one. This is gonna be a GraphQL API. I'm gonna call it test user info. I'm gonna be choosing the universal data graph, and I'm gonna be composing a new GraphQL service. So with that, I'm gonna hit configure. To begin with, again, you've got all of these different options, which we can go into the details of it for now. I'm gonna skip that. The one that I'm interested in to begin with

1:22:55 is this authentication mode towards the end. I'm just gonna make this keyless to begin with and save it. Back on into the user info, and I'm gonna start constructing my schema. So by default, of course, we have mutation and query queries in there. I'm not gonna use mutations for now, so I'm just gonna skip that. And before I change my query, I'm gonna add in a new type called user. It's gonna map my user object. I'm not gonna map everything. So if you see this object has a few different fields or keys, which is ID, name, username, email. I'm just

1:23:06 Constructing My Schema

1:23:34 gonna pick out the ID name and email for demonstration. So let's start off with ID, and we've got name, which is of type string, and we've got email. So that is that. An insight query, which is what I'm gonna be using to make the request, I'm just gonna call this get user info. And this is gonna be of type user. So what I can do here is, of course, I can I can call the entire list of users? There are 10 users that are available at the moment. But what I actually want to do is to actually query

1:24:17 a specific user. So in order to do that, as part of this offering, we've got slash one will give me ID number one. So if you do a slash ID number, you get specific information for that particular user. So I'm just gonna try to map that over here. So in order to do that, I'm gonna add in parameter. I'm gonna call it ID. With that, I'm gonna head on over to my data sources. And here, I need to just map out this particular field. So I'm gonna define my data source, call it rest. The URL is gonna be,

1:24:44 Data Sources

1:24:59 I'm just gonna take the first half first. And here, because the ID is gonna be dynamic, so I'm gonna map this using my ID argument. So if you just start with a curly bracket, if you just add a curly bracket to begin with, it'll give you a choice, drop down choices of the IDs that we've got. As you can remember, as part of our when we were defining it, we had the ID parameter as part of the argument there. I can give this a name. I can call it user info. Method here is gonna be get,

1:25:36 and that should be it. So if I update this and update my definition, we do have an inbuilt playground which I can make use of. So let me just test that out here and hopefully, say, I'm gonna try and make this a little bit larger so that it's visible. So I've got my get user info. I'm gonna call it ID number one, ID, name, and email. Everything goes well. I should be able to get back that information. So now imagine what's happening over here is that we have effectively transformed a REST endpoint into GraphQL without having to write any code whatsoever. We've

1:25:43 Playground

1:26:15 essentially configured that through the universal data graph, which is obviously very powerful to begin with. And if I were to change this ID to three, I will obviously get back that specific information as well. And I can add on more fields if I want to. What I want to do as an extension to this is as part of every user, the user also users also have a to dos list. I can access based on user slash ID slash to dos. So this is something that I'm just gonna try and replicate at the moment. So I

1:26:46 want as part of so these are two different endpoints. Right now, they are not really connected. You have to call this particular endpoint to be able to get that. What I'm gonna try to do here is I am going to combine these two different endpoints or information from these endpoints. So I've got I'm gonna create a new object called to do. Within that, I'm just gonna look at the fields that are available. I've got user ID, ID, title, and completed. Gonna try and map that user ID, integer, d is an integer. I believe completed is

1:27:30 boolean. K. I want this information to be available. So when I'm querying a user information, I want this to be available to me directly. And for doing that, I'm gonna add in a field called to dos, and I'm gonna get back a list of to do, which is why there is a square bracket there. So I go into my data sources because I want to I need to map out my to dos as well. I'm gonna define my data source. I can use the template that I just created for the user info, so I can just

1:28:02 use that. Get rid of this now because what we're gonna be using here is this, the ID of the type user, which is object ID and to dos here. I'll change the name of my data source to call it to dos. Update my field now and update my API definition. Go back to my playground, to dos, let's say title and complete should get back all the to dos of that particular user. So I can obviously change up my user and get the to dos of that specific listing. But effectively, what we have done here is we have combined

1:28:45 two different data sources and created a GraphQL schema out of that. And now you can query through that one single endpoint. You can query both of those different data sources in a combined manner. So that is essentially the power of Universal Data Graph. Of course, we can go further into this also, and we can add more data sources. There is no limit to that. But right now, I think I'm gonna just stop here. What I'll do as an extension to this, of course, is we already have this endpoint. I'm gonna show you a little bit about

1:29:15 the security feature aspect as well with a couple of minutes to go. One thing that we can do, I'm gonna switch over to, let's see, we do have an external playground as well. So if you want to enable that, we can enable the external playground and hit update. So the way to access this would be, you use the API URL on top and slash playground after that. So I'm just gonna do this. That loads up, well, a GraphQL playground. And if I were to run my query once again here, I should get this back. Okay. So I'm getting the information back. Now

1:29:31 Enable the External Playground

1:30:21 let me head on over to policies. So like Andy had mentioned previously, policies essentially are like they define sort of the rules of engagement when it comes to your security, your rate limits, and all the keys that are created based on those policies will inherit all of the settings or configuration that you have at that policy level. So I'm gonna call it, let's say, user. So I can I can select this particular user info here? Oh, I need to change the format. So if I go back to my I APIs, I'm gonna change my authentication type

1:30:22 Policies

1:30:56 to authentication token. Hit update on the policies, add policy, select the API. You can obviously add or remove APIs if you want. There can be multiple APIs in there. I'm gonna hit configuration. I need to give this a name, so I'm gonna call it test info policy. Is never, but you can choose a shorter time frame if you want. And that will create my policy. Now once the policy has been created, I can go in and create my key based on that policy. Just hit key here, that's it. Pretty straightforward to do that. If I head back over to my playground right

1:31:44 now, it should prevent me from making this available. So I'm gonna just add in my diarization header. Hopefully, this will get me back my information. So now there is an authentication token that is gonna be governing this. One last thing that I want to show as part of this, because we are talking GraphQL endpoints, of course, GraphQL endpoints, unlike REST, they don't just operate at the HTTP layer, but they are also at the data query layer as well. So there are a couple of issues that that brings in, which is a, the depth of queries need to be

1:32:22 limited in some cases because you can have nested queries which could balloon up too much, that can result in a denial of service attack, or it could pretty much hemorrhage your server. So in order to do that, here you've got your query depth. I'm gonna set this to two, and the way you look at this is if you go back to the playground, well, a hack that I use essentially is to look at the open curly braces that sort of gives me how deep we are at the moment. So right now, we are at one, two, three levels deep at the

1:32:58 moment. So if I were to go back and hit update on this, because my I've I've set a maximum query depth to number two, this is gonna prevent me from going further. But if I were to get rid of the to dos part and go in there, then it'll get me back my information. So it sort of prevents me from going too deep if that is something that needs to be configured there. That's one thing. I'm gonna reset that. And the other aspect is our field based permissions. Now imagine you have different APIs because with with GraphQL,

1:33:28 Field Based Permissions

1:33:36 it brings a lot of flexibility to how you're constructing your schema. But also equally, it also exposes that information to clients, and it gives pretty much puts the onus on the clients to request information, whatever information that they want. So to sort of make sure that you're not exposing things that you don't want exposed to specific clients, you can put restrictions on the fields as well. So for instance, I can do that at that entire user level, so I can deny access to the to do or the or the user itself, or I can look at specific fields.

1:34:10 So for instance, if I don't want email to be available for a particular user, then I can deny access to that. So if I hit update at the moment, and if I were to hit play, it's gonna tell me email is restricted on this user, and I cannot query that information. So if I would got rid of that, I will get back my information. I can also add in to dos because we got got rid of query depth limiting, and I can get that information back in as well. So that's about it. I think this was

1:34:41 a very, very fast tracked version or introduction into the Universal Data Graph. Hopefully, this sort of made sense, gave you a little bit of a sense of how the dashboard works, how you can set your policies. You obviously set your rate limits and things like that as well in a through this interface. But I think I'm gonna just stop here given that we're about 35 in the hour. Alright. Thank stop sharing. Oh, he pushed the wrong button. That does happen, unfortunately. The hang up button and the stop sharing button are right next to each other. I have complained to Ecamm

1:35:06 Discussion on UDG and Enterprise Capabilities

1:35:17 a couple of times. It is not ideal. We'll get better just a few seconds to come back. Maybe. I hope he's not talking to himself. Could be. So how familiar are you with Universal Datagraph, MB? Yeah. I'm pretty familiar with it. It was released about, I'm not sure now, maybe six months ago. So it's yeah. We're rolling out. Right now, you can stitch together GraphQL, REST. You can even do SOAP as well, but the idea is that, actually, we're gonna be providing resolvers for things like I I wouldn't like to say what next, but I

1:36:08 wouldn't be surprised if it was something like Kafka. Maybe we'll even provide an SDK for Tyk users to actually build these themselves as well. Nice. And there's support for subscriptions coming in and also Federation Federation Plus subscriptions. Federation is something that I find really interesting. I mean, I'm I'm curious, you know, as you know, me just as a a solo developer, like, do I have access to universal data graph? Is it just a UI that's behind the the paywall? Can I still leverage some of that functionality? How does that work? I better have to welcome back.

1:36:44 The hang up button's right next to the stops the stop sharing button. I'm I'm really sorry about that. No worries. So all all the kind of all that type of capability, whether you run open source or whether you run the enterprise edition, We don't that there's nothing hidden in the gateway from our open source consumers, users. I think with Universal Data Graph, you could configure it using something like operator, but it's pretty complicated, and I think it's one of those things where that's pretty well suited to a UI rather than doing it on the on the command line. Technically

1:37:21 possible. Like I say, everything, we don't we don't exclude any functionality from the from the open source users in terms of think of it as runtime capability. The the licensed product's really providing a management layer Nice. That's useful. It provides the UI that's useful for especially for something like UDG. It's also got enterprise y features like single sign on and and and visibility as well. So open source gateways are great, I think, if you're working in a small team. But if you're a large organization where lots of people are working with with Tyk, it's useful to have that management layer

1:38:01 layer that exposes everything that's configured to those different users. And then there's functions in there where, actually, if you are working in a big company with lots of different teams, there's ways to kind of isolate and segregate your installation so one team can work on their APIs, and another team can work on theirs without stepping on each other's toes. Alright. Perfect. Alright. Plenty there for me to go and play with there. Any any last words, Anthony, you want to share before we say goodbye for today? Besides, try it, Tyk. This is I I I don't know if I'm I'm hopefully, I'm

1:38:26 Concluding Remarks and Call to Action

1:38:39 audible. There's been a bit of a boo boo there with, I think, the stop sharing screen button. I was like, what what just happened? Because everything just went blank, but it's all good. No. This has been fantastic going through going through our installation process and just seeing somebody else trying that out as well on a on a live platform, of course. That's been quite interesting to to go over. What I would recommend is if if people do want to obviously make try this out themselves, go ahead. Go over to the doc docs and try it out for yourself.

1:39:11 If you do want to try out the cloud trial or the the version that I showcased to you, you can do that as well. The installation guide for that is part of docs. It's very, very straightforward to get signed up for the cloud trial. I think right at the moment, it's about fourteen days that you can try it out for for free. Then beyond that, I think you you might have to pay for that. But it's a very simple way for you to get started with some of the more enterprise editions if you want to do that.

1:39:37 But, like, we just went through, the overall installation of the open source gateway is pretty pretty pretty simple as well. Awesome. Well, thank you both very much for joining me today. It's a really cool product. I'm looking forward to playing with it more, and I I really appreciate you joining me and sharing your insights and knowledge along the way. So we'll leave it there. I'll let you both get back to your day, and I'll hopefully speak to you both again soon. So have a nice one, and thank you for joining Thank you. Thanks so much. Thank you for having

1:39:46 Wrap-up

1:40:06 us. Bye bye. Bye.