Skip to main content
PUT
/
api
/
profiles
/
{id}
Update a profile
curl --request PUT \
  --url http://localhost:3010/api/profiles/{id} \
  --header 'Authorization: <api-key>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "ID": "github-sso-dashboard",
  "Name": "GitHub SSO - Dashboard Login",
  "OrgID": "5e9d9544a1dcd60001d0ed20",
  "MatchedPolicyID": "5f8f9e3c1b5e4a0001b3c4d5",
  "CustomEmailField": "email",
  "CustomUserIDField": "sub",
  "ProviderConfig": {},
  "IdentityHandlerConfig": {
    "oauth-client-id": "tyk-portal-client",
    "oauth-client-secret": "s3cr3t",
    "oauth-client-base-url": "http://gateway:8080"
  },
  "ProviderConstraints": {
    "Domain": "tyk.io",
    "Group": "engineering"
  },
  "ReturnURL": "https://dashboard.example.com/tap",
  "DefaultUserGroupID": "5f8f9e3c1b5e4a0001b3c4d6",
  "CustomUserGroupField": "groups",
  "UserGroupMapping": {
    "admins": "5f8f9e3c1b5e4a0001b3c4d7",
    "developers": "5f8f9e3c1b5e4a0001b3c4d8"
  },
  "UserGroupSeparator": ",",
  "SSOOnlyForRegisteredUsers": false
}
'
{
  "Status": "ok",
  "ID": "github-sso-dashboard",
  "Data": {
    "ID": "github-sso-dashboard",
    "Name": "GitHub SSO - Dashboard Login",
    "OrgID": "5e9d9544a1dcd60001d0ed20",
    "MatchedPolicyID": "5f8f9e3c1b5e4a0001b3c4d5",
    "CustomEmailField": "email",
    "CustomUserIDField": "sub",
    "ProviderConfig": {},
    "IdentityHandlerConfig": {
      "oauth-client-id": "tyk-portal-client",
      "oauth-client-secret": "s3cr3t",
      "oauth-client-base-url": "http://gateway:8080"
    },
    "ProviderConstraints": {
      "Domain": "tyk.io",
      "Group": "engineering"
    },
    "ReturnURL": "https://dashboard.example.com/tap",
    "DefaultUserGroupID": "5f8f9e3c1b5e4a0001b3c4d6",
    "CustomUserGroupField": "groups",
    "UserGroupMapping": {
      "admins": "5f8f9e3c1b5e4a0001b3c4d7",
      "developers": "5f8f9e3c1b5e4a0001b3c4d8"
    },
    "UserGroupSeparator": ",",
    "SSOOnlyForRegisteredUsers": false
  }
}

Authorizations

Authorization
string
header
required

Must equal the Secret value in tib.conf. Example: Authorization: your-tib-secret

Path Parameters

id
string
required

The unique identifier of the authentication profile.

Body

application/json
ID
string
required

Unique identifier for this profile. Must match the {id} path parameter when creating or updating.

Example:

"github-sso-dashboard"

ActionType
enum<string>
required

Determines what TIB does with the confirmed identity.

  • GenerateOrLoginDeveloperProfile – create/log in a Tyk Developer Portal API Consumer
  • GenerateOrLoginUserProfile – create/log in a Tyk Dashboard user or Tyk Developer Portal API Owner
  • GenerateOAuthTokenForClient – generate an OAuth token for an API client (also used for the OAuth password flow)
  • GenerateTemporaryAuthToken – generate a short-lived Tyk access token
Available options:
GenerateOrLoginDeveloperProfile,
GenerateOrLoginUserProfile,
GenerateOAuthTokenForClient,
GenerateTemporaryAuthToken
Type
enum<string>
required
  • redirect – the user is redirected to an external IdP (OAuth, SAML)
  • passthrough – credentials are validated inline without a redirect (LDAP, Proxy)
Available options:
redirect,
passthrough
ProviderName
enum<string>
required

Identifier for the concrete provider implementation.

Available options:
SocialProvider,
ADProvider,
SAMLProvider,
ProxyProvider
Name
string

Human-readable display name for this profile.

Example:

"GitHub SSO - Dashboard Login"

OrgID
string

Tyk organisation ID this profile belongs to.

Example:

"5e9d9544a1dcd60001d0ed20"

MatchedPolicyID
string

Tyk policy ID to attach to tokens or sessions generated by this profile.

Example:

"5f8f9e3c1b5e4a0001b3c4d5"

CustomEmailField
string

Override the claim/attribute used to extract the user's email address. Leave empty to use the provider default.

Example:

"email"

CustomUserIDField
string

Override the claim/attribute used to extract the user's unique identifier.

Example:

"sub"

ProviderConfig
object

Provider-specific configuration object. The shape depends on ProviderName:

  • SocialProvider → see GothConfig schema
  • ADProvider → see ADConfig schema
  • SAMLProvider → see SAMLConfig schema
  • ProxyProvider → see ProxyConfig schema
IdentityHandlerConfig
object

Additional key/value settings passed to the identity handler (e.g. OAuth client credentials, token TTL).

Example:
{
  "oauth-client-id": "tyk-portal-client",
  "oauth-client-secret": "s3cr3t",
  "oauth-client-base-url": "http://gateway:8080"
}
ProviderConstraints
object

Optional constraints that restrict which users may authenticate via this profile.

ReturnURL
string

URL the user is redirected to after successful authentication.

Example:

"https://dashboard.example.com/tap"

DefaultUserGroupID
string

Tyk user-group ID assigned to users that do not match any entry in UserGroupMapping.

Example:

"5f8f9e3c1b5e4a0001b3c4d6"

CustomUserGroupField
string

Claim/attribute name that carries the user's group membership.

Example:

"groups"

UserGroupMapping
object

Maps IdP group names to Tyk user-group IDs.

Example:
{
  "admins": "5f8f9e3c1b5e4a0001b3c4d7",
  "developers": "5f8f9e3c1b5e4a0001b3c4d8"
}
UserGroupSeparator
string

Separator used when a single claim contains multiple group values (e.g. "," or " ").

Example:

","

SSOOnlyForRegisteredUsers
boolean

When true, only pre-existing Tyk users may log in via SSO. New users will be rejected rather than auto-created.

Example:

false

Response

Profile updated successfully.

Status
enum<string>
Available options:
ok
Example:

"ok"

ID
string

The profile ID the operation was performed on.

Example:

"github-sso-dashboard"

Data
object

Payload — a single Profile object, a list of Profiles, or an empty object.