SkillsApr 15, 2026·3 min read

Tyk — Open Source API Gateway with Developer Portal

Tyk is a Go-based API gateway with plugins, rate limiting, OAuth2/OIDC, GraphQL federation, and a built-in developer portal — packaged as a single binary or full Kubernetes operator.

AI Open Source · Community

Agent ready

Review-first install path

This asset needs a review step. The copied prompt tells the agent to dry-run, show the writes, then proceed only after confirmation.

Needs Confirmation · 64/100Policy: confirm

Agent surface

Any MCP/CLI agent

Kind

Skill

Install

Single

Trust

Trust: Established

Entrypoint

Tyk Guide

Review-first command

npx -y tokrepo@latest install 9d870738-3908-11f1-9bc6-00163e2b0d79 --target codex

Dry-run first, confirm the writes, then run this command.

TL;DR

Tyk is a Go API gateway with plugins, rate limiting, OAuth2/OIDC, GraphQL, and a developer portal.

§01

What it is

Tyk is a high-performance, open-source API gateway written in Go. It handles quota enforcement, rate limiting, authentication (OAuth2, OIDC, JWT, HMAC, mTLS), request/response transformations, analytics, and a developer portal. You can deploy it as a single binary, a Docker container, or a full Kubernetes operator.

Tyk is built for teams that need a self-hosted gateway without vendor lock-in. Platform engineers, DevOps teams, and API product managers use it to manage internal and external APIs at scale.

§02

How it saves time or tokens

Instead of building rate limiting, auth middleware, and analytics from scratch, Tyk provides all of these as declarative configuration. A single API definition JSON file replaces hundreds of lines of custom middleware code. Hot-reloading means you push config changes without restarting the gateway process, reducing deployment risk.

For AI workloads, Tyk can sit in front of LLM API endpoints to enforce per-consumer rate limits and track token-level usage through its analytics pipeline.

§03

How to use

Clone the official Docker Compose stack and start Tyk with Redis:

git clone https://github.com/TykTechnologies/tyk-gateway-docker
cd tyk-gateway-docker
docker compose up -d

Hot-reload the configuration so the new API is live without downtime:

curl localhost:8080/tyk/reload/group \
  -H 'x-tyk-authorization: YOUR_SECRET'

§04

Example

A minimal API definition that proxies requests to an upstream service with rate limiting enabled:

{
  'name': 'My API',
  'api_id': 'my-api-1',
  'proxy': {
    'listen_path': '/my-api/',
    'target_url': 'https://httpbin.org'
  },
  'rate_limit': {
    'rate': 100,
    'per': 60
  },
  'active': true
}

This routes all traffic on /my-api/ to httpbin.org with a cap of 100 requests per 60 seconds.

§05

Related on TokRepo

AI Gateway Providers -- Compare API gateways purpose-built for AI traffic routing and observability
DevOps Automation Tools -- Infrastructure tools that pair well with API gateway deployments

§06

Common pitfalls

Forgetting to run tyk/reload/group after config changes. Without the reload call, new API definitions are not picked up.
Using the default authorization secret in production. Always rotate the x-tyk-authorization header value before exposing the admin API.
Skipping Redis persistence configuration. Tyk uses Redis for rate-limit counters and session storage; losing Redis data resets all quotas.

Frequently Asked Questions

What authentication methods does Tyk support?+

Tyk supports OAuth2, OpenID Connect, JWT, HMAC signing, mutual TLS, and basic auth. You configure the auth method per API definition, and Tyk handles token validation, key management, and session enforcement at the gateway level without custom code.

Can Tyk run on Kubernetes?+

Yes. Tyk provides an official Kubernetes operator that manages gateway instances, API definitions, and policies as custom resources. You can also deploy via Helm charts for a more traditional approach.

How does Tyk compare to Kong?+

Both are open-source API gateways. Tyk is written in Go as a single binary with a built-in dashboard and developer portal. Kong is Lua/Nginx-based with a plugin architecture. Tyk includes analytics natively while Kong typically requires additional plugins or Kong Konnect.

Does Tyk support GraphQL?+

Yes. Tyk can act as a GraphQL proxy with federation support, schema stitching, and per-field rate limiting. It can also convert REST APIs to GraphQL endpoints using its Universal Data Graph feature.

Is the open-source version sufficient for production?+

The open-source gateway handles core routing, rate limiting, auth, and plugins. The commercial version adds a dashboard UI, developer portal, and multi-data-center support. Many teams run the OSS gateway in production behind their own admin tooling.

Citations (3)

Tyk GitHub— Tyk is a Go-based API gateway with plugins and rate limiting
Tyk Documentation— Tyk supports OAuth2, OIDC, JWT, HMAC, and mTLS authentication
Tyk Operator GitHub— Kubernetes operator for managing Tyk as custom resources

Related on TokRepo

AI Gateway Providers DevOps Tools API Tools

Discussion

No comments yet. Be the first to share your thoughts.

Related Assets

Lago — Open Source Usage-Based Billing API

Lago is an open-source metering and billing engine for usage-based pricing, subscription management, invoicing, and payment orchestration.

Skills

AI Open Source

Bruno — Open-Source IDE for API Exploration & Testing

Bruno is an open-source IDE for exploring and testing APIs — a lightweight, offline-first alternative to Postman and Insomnia. Stores collections as plain text files in your filesystem so they version-control naturally with Git.

Skills

Script Depot

Webstudio — Open Source Visual Website Builder

Webstudio is an open-source Webflow alternative with a visual drag-and-drop editor, full CSS support, headless CMS integration, and self-hosting on Cloudflare.

Skills

AI Open Source

Kepler.gl — Open Source Geospatial Data Visualization

A powerful open-source tool for large-scale geospatial data visualization built on deck.gl and Mapbox GL.

Skills

AI Open Source