DocumentationAPIChangelogTest your siteWatch a demoDashboard
Documentation
Start typing to search…

Tyk

DataDome Tyk integration detects and protects against bot activity.

The DataDome plugin is developed in Go and integrates smoothly with Tyk.

The plugin makes a call to the DataDome API using a KeepAlive connection during the custom pre-middleware event of a Tyk request lifecycle (before connecting to the origin services).

The plugin has been developed to protect the users' experience: if any errors were to occur during the process or if the timeout is reached, the plugin will automatically disable its blocking process and allow those hits to proceed with the Tyk process.

Supported versions

DataDome supports Tyk TLS versions until they are unsupported by the maintainer.
You can find the supported TLS versions on this page.

This module is compatible with Tyk version 4.3 and above.
The module has been tested and verified on the following components:

  • Tyk Gateway (Open Source)
  • Tyk Self Management
  • Tyk Cloud installations

Installation and Configuration

DataDome plugin can be installed in Tyk from local files as follows:

  1. Download the source for code for the DataDome Tyk plugin here
  2. Check the version of Tyk being used and retrieves the commit hash of the version that will be used to build the plugin. Commit hashes can be found for tagged Gateway releases.
  3. Install the tyk package by following the official Tyk documentation depending of your version:
    1. For Gateway version 5.1 and above
    2. For Gateway version earlier than 5.1
  4. Compile the DataDome Tyk plugin for the specific version of Tyk using the following command: 
    docker run --rm -v .:/plugin-source tykio/tyk-plugin-compiler:vVERSION datadome-go-tyk.so
    • In the snippet above, VERSION is the version of Tyk. For example, to compile the DataDome Tyk plugin for Tyk 5.2.0, use the following command: 
      docker run --rm -v .:/plugin-source tykio/tyk-plugin-compiler:v5.2.0 datadome-go-tyk.so
  5. The compilation process will generate a .so file having a file name in the format:
    datadome-go-tyk_vVERSION_PLATFORM.so.
    • For example, the result of compiling the DataDome Tyk plugin for Tyk 5.2.0 will be the file:
      datadome-go-tyk_v5.2.0_linux_amd64.so
  6. Place the filedatadome-go-tyk_vVERSION_PLATFORM.so in the middleware folder of your Tyk installation.
  7. Go to the API definition file (api-definition.json) of the API that you would like to protect.
    • This is typically found in the _apps_folder of your Tyk installation.
  8. Add the DataDome middleware to the pre event
    • The DataDome plugin should be added to the existing list of custom Tyk middleware if there are other plugins already installed.
  9. Add the datadome section to the config_data element 
{
  ...,
	"custom_middleware": {
		    "pre": [
		      {
		        "name": "DataDome",
		        "path": "./middleware/datadome-go-tyk.so"
		      },
		      ....
		    ],    
		    "driver": "goplugin"
		  },
  ...,
	"config_data": {
	  "datadome": {
	    "datadome_server_side_key": "server_side_key"
	  }
	}
}

pre is the phase in the cycle, name is the name of the GO function and path is the binary location

  1. Reload Tyk
  • The following command will hot-restart Tyk Gateway process without dropping any connections:
 sudo kill -SIGUSR2 {gateway-pid}

Settings

We support as well configuration by environment variable with the same setting name uppercase.

Setting

Description

Required

Default Value

datadome_server_side_key

Your DataDome server side key, found in your dashboard

yes

datadome_debug

Enable the debug mode

no

false

datadome_enable_graphql_support

Enable the support of GraphQL requests

no

false

datadome_enable_referrer_restoration

Set to true to restore original referrer after a challenge is passed.

no

false

datadome_endpoint

Host of the API Server
Available endpoints

no

api.datadome.co

datadome_timeout

Timeout for regular API calls

no

150 (in milliseconds)

datadome_url_pattern_inclusion

Regular expression to include URLs

no

datadome_url_pattern_exclusion

Regular expression to exclude URLs

no

List of excluded static assets below

"\\.(avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|webp|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js|map|json)$"

Settings example:

{
	"config_data": {
	  "datadome": {
	    "datadome_server_side_key": "datadadome_server_side_key",
	    "datadome_debug": "false",
	    "datadome_enable_graphql_support": "false",
	    "datadome_enable_referrer_restoration": "false",
	    "datadome_endpoint":"api.datadome.co",
	    "datadome_timeout" : "150",
	    "datadome_url_pattern_inclusion" : "",
	    "datadome_url_pattern_exclusion": "\\.(myextension|otherextension|avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|webp|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js|map|json)$",
	  }
	}
}

FAQ

How do I restore the Referer request header after a challenge is passed?

After passing a DataDome challenge on browsers other than Firefox, the referrer value is updated to the current URL which can lead to inconsistent results in website analytics.

Since version 1.3.0, it is possible to restore the Referer header to its original value for your backend:

  • Contact our support team, they will review your requirements and provide you with the best recommendations.
  • Set the boolean value of the datadome_enable_referrer_restoration option to true.

Updated 1 day ago