docker.recipes

Tyk API Gateway

intermediate

Open-source API gateway with analytics and developer portal.

Overview

Tyk Gateway is a high-performance, open-source API gateway built in Go that provides comprehensive API management capabilities including authentication, rate limiting, quota management, and analytics. Originally developed to address the scalability and performance limitations of traditional API management solutions, Tyk has become a popular choice for organizations needing enterprise-grade API gateway functionality without vendor lock-in. The gateway acts as a reverse proxy that sits between your APIs and clients, enforcing policies, collecting analytics, and managing API lifecycles through JSON configuration files. This stack combines Tyk Gateway with Redis to create a complete API management platform where Redis serves as the high-performance backend for session storage, rate limiting counters, and analytics data buffering. Redis's sub-millisecond response times are crucial for Tyk's real-time rate limiting and quota enforcement, while its data structures like sorted sets and hashes efficiently store API usage statistics and authentication tokens. The combination enables Tyk to handle thousands of API requests per second while maintaining consistent policy enforcement across distributed deployments. This configuration is ideal for development teams transitioning from monolithic architectures to microservices, DevOps engineers implementing API-first strategies, and organizations requiring granular control over API access without the complexity of enterprise solutions. The stack provides production-grade API gateway capabilities that scale horizontally, making it suitable for both startup environments managing a few APIs and larger organizations orchestrating hundreds of microservices across multiple environments.

Key Features

  • JSON-based API definition system allowing version-controlled API configurations stored in the apps directory
  • Built-in authentication methods including JWT, OAuth 2.0, basic auth, and custom middleware plugins
  • Advanced rate limiting with Redis-backed counters supporting per-key, per-API, and global rate limits
  • Real-time analytics collection with Redis buffering for API usage metrics and performance monitoring
  • Request/response transformation using JavaScript middleware and Go plugins for custom business logic
  • Quota management with automatic reset cycles and overage handling backed by Redis persistence
  • Circuit breaker functionality to protect upstream services from cascading failures
  • URL rewriting and path-based routing for legacy API modernization and service mesh integration

Common Use Cases

  • 1Microservices API orchestration for organizations decomposing monolithic applications into distributed services
  • 2SaaS platform API monetization with usage-based billing requiring accurate quota tracking and enforcement
  • 3Mobile application backend protection with device-specific rate limiting and authentication token management
  • 4Third-party API integration hub consolidating multiple external services behind a single managed endpoint
  • 5Development environment API mocking and staging with different rate limits and authentication rules per environment
  • 6Legacy system modernization providing REST APIs over SOAP services with transformation middleware
  • 7Multi-tenant application API isolation ensuring resource limits and security boundaries between customers

Prerequisites

  • Minimum 512MB RAM for Redis data storage and 1GB for Tyk Gateway under moderate load
  • Port 8080 available for Tyk Gateway API traffic and Redis port 6379 accessible within Docker network
  • Understanding of JSON structure for creating API definition files in the apps directory
  • Basic knowledge of HTTP authentication schemes and rate limiting concepts for policy configuration
  • Familiarity with reverse proxy concepts and upstream service connectivity requirements
  • Docker host with at least 2GB available memory for optimal performance under concurrent API requests

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  tyk-redis: 
3    image: redis:alpine
4    container_name: tyk-redis
5    restart: unless-stopped
6    networks: 
7      - tyk-network
8
9  tyk-gateway: 
10    image: tykio/tyk-gateway:latest
11    container_name: tyk-gateway
12    restart: unless-stopped
13    environment: 
14      TYK_GW_SECRET: ${TYK_SECRET}
15    volumes: 
16      - ./tyk/tyk.conf:/opt/tyk-gateway/tyk.conf:ro
17      - ./tyk/apps:/opt/tyk-gateway/apps
18    ports: 
19      - "8080:8080"
20    depends_on: 
21      - tyk-redis
22    networks: 
23      - tyk-network
24
25networks: 
26  tyk-network: 
27    driver: bridge

.env Template

.env
1TYK_SECRET=changeme-secret-key

Usage Notes

  1. 1Docs: https://tyk.io/docs/tyk-oss/
  2. 2Gateway on port 8080 - route traffic through here
  3. 3API definitions go in ./tyk/apps/ as JSON files
  4. 4Configure tyk.conf for global settings, secret key, Redis connection
  5. 5Built-in rate limiting, auth, quota management per API
  6. 6Add Tyk Dashboard for web UI (requires license for full features)

Individual Services(2 services)

Copy individual services to mix and match with your existing compose files.

tyk-redis
tyk-redis:
  image: redis:alpine
  container_name: tyk-redis
  restart: unless-stopped
  networks:
    - tyk-network
tyk-gateway
tyk-gateway:
  image: tykio/tyk-gateway:latest
  container_name: tyk-gateway
  restart: unless-stopped
  environment:
    TYK_GW_SECRET: ${TYK_SECRET}
  volumes:
    - ./tyk/tyk.conf:/opt/tyk-gateway/tyk.conf:ro
    - ./tyk/apps:/opt/tyk-gateway/apps
  ports:
    - "8080:8080"
  depends_on:
    - tyk-redis
  networks:
    - tyk-network

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  tyk-redis:
5    image: redis:alpine
6    container_name: tyk-redis
7    restart: unless-stopped
8    networks:
9      - tyk-network
10
11  tyk-gateway:
12    image: tykio/tyk-gateway:latest
13    container_name: tyk-gateway
14    restart: unless-stopped
15    environment:
16      TYK_GW_SECRET: ${TYK_SECRET}
17    volumes:
18      - ./tyk/tyk.conf:/opt/tyk-gateway/tyk.conf:ro
19      - ./tyk/apps:/opt/tyk-gateway/apps
20    ports:
21      - "8080:8080"
22    depends_on:
23      - tyk-redis
24    networks:
25      - tyk-network
26
27networks:
28  tyk-network:
29    driver: bridge
30EOF
31
32# 2. Create the .env file
33cat > .env << 'EOF'
34TYK_SECRET=changeme-secret-key
35EOF
36
37# 3. Start the services
38docker compose up -d
39
40# 4. View logs
41docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/tyk-gateway/run | bash

Troubleshooting

  • Gateway returns 'redis connection refused' errors: Verify tyk.conf contains correct Redis hostname 'tyk-redis' and port 6379 in storage configuration
  • API definitions not loading with 'file not found' errors: Ensure JSON files in ./tyk/apps directory have valid syntax and .json extensions
  • Authentication failures with 'invalid key' messages: Check TYK_SECRET environment variable matches the secret configured in API definition auth sections
  • High memory usage in Redis container: Configure Redis maxmemory policy in redis.conf and monitor API definition cleanup intervals
  • Rate limiting not working correctly: Verify Redis persistence is enabled and rate limit policies reference correct Redis storage backend in tyk.conf
  • Upstream connection timeouts: Increase proxy timeout values in tyk.conf and ensure upstream services are accessible from tyk-network

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

tyk-gatewayredis

Tags

#tyk#api-gateway#analytics#developer-portal

Category

Web Servers & Reverse Proxies

Related Recipes

Ad Space