
Custom plugin examples for the Tyk Gateway - if you ever needed to extend the functionality!

Primary LanguageC#

Custom Gateway Plugins

This is a repository that contains examples of Tyk Plugins. A Plugin is a custom middleware that is injected into the API request lifecycle, which further complements the built-in Tyk functionality such as authentication & rate limiting.

Here's the different phases you can inject plugins in the request lifecycle. A response plugin is also possible.


Language Phase Description Link
Golang All Go plugin for v3.2.2 which uses Go Mods Link
Golang Pre Injects client certificate attributes as a Header Link
GoLang Post-Auth OAuth2 Introspection Link
GoLang Post-Auth Authorizes request against OPA Link
Golang Post + Auth Dummy one to test the 2 hooks in go Link
Golang Pre Checks Basic Auth creds against an AWS DynamoDB instance Link
gRPC (GoLang) Pre Header Injection & Auth example Link
gRPC (GoLang) Pre Invokes an AWS Lambda Link
gRPC (Java) Auth Decodes JWT, inserts a claim and resigns it Link
gRPC (Java) Post Inserts Metadata from the portal requested key as an HTTP header Link
gRPC (.NET) Auth Performs auth check against a SQL server Link
gRPC (Ruby) Pre Modifies HTTP header Link
Javascript Pre Inserts tracing ID in header Link
Javascript Pre Auth Token & mTLS protection Link
Javascript Pre Evaluates the validity of a Tyk Token Link
Javascript Post Checks API requests against a WAF Link
Javascript Post-Auth Checks the request path against the user's meta data. If there is a cross-over, will deny the request Link
Lua Pre header injection Link
Python Auth Checks API requests against a hard-coded token Link
Python Auth Validates credentials against an LDAP server Link
Python Pre This plugin sends a message to a queue server, it uses kombu as the messaging library Link
Python Pre This plugin sends log data to a Datadog agent. Link
Python Pre This plugin sends log data to a Loggly HTTPS endpoint Link
Python Pre This plugin will block requests from specific user agents, using regular expressions. Link
Python Pre + Post Inserts a correlation ID as a header Link
Python Post Injects a signed JWT as Authorization Header Link

Virtual Endpoints

Virtual Endpoints are slightly different, more of a FaaS / Lambda as opposed to a plugin, and thus are treated differently

Language Description Link
Javascript Tyk as an OAuth2.0 Client in client_credentials flow in Auth0 https://gist.github.com/letzya/ba7c2cd833c11fac61ae4a1d1908f1dc
Javascript Tyk as an OAuth2.0 Client in client_credentials flow in Azure https://gist.github.com/letzya/7e852181643e871481a7997ae3d5b84a
Javascript Demo body transform of response, XML to JSON using petstore's endpoint /pet/{id} https://gist.github.com/letzya/7df4dbc37f2f075795995efb8e205d3e
Javascript Make POST request with FormData to Upstream Link
Javascript Create API Key via Dashboard API Link


Have a cool or useful idea to add to this list? Feel free to open an issue.


If adding an example, first off, thank you.

Create a new directory the following name pattern:


For example:

|- README.md
|- myplugin.js
|- apidef.js
  1. Include a README with instructions, and the supporting files in the directory