In a typical API Manager deployment, the Gateway is deployed in a DMZ while the Key Manager is in MZ. By default, caching is enabled at the Gateway. If you do not like to cache token related information in a leniently secured zone, you can do that on the Key Manager side. In this method, for each and every API call that hits the API Gateway, the Gateway issues a Web service call to the Key Manager server. If the cache entry is available in the Key Manager server, it is returned to the Gateway. Else, the database will be checked for the validity of the token.
This method has Storing the cache in the Key Manager causes low performance compared to storing it in the earlier oneGateway, but you do not have to store any security-related information at the Gateway side. Using this cache combined with the Gateway cache is not recommended. it is more secure. If you enable the key cache in a clustered environment, you should have only one Gateway per Key Manager, whereas you can have two Gateways per Key Manager when the Gateway cache is enabled instead. Note that we do not recommend using both caches combined.
Disable caching at the API Gateway by adding the following entry under the
APIGateway>element in the
Code Block language xml
Enable the Key Manager cache by adding the following entry under the
APIKeyValidator>element in the api-manager.xml file.