This documentation is for WSO2 API Manager 1.9.0. View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Disable caching at the API Gateway by adding the following entry to the APIGateway section of the <APIM_HOME>/repository/conf/api-manager.xml file.

    Code Block
  • Enable the Key Manager cache by adding the following entry to the APIKeyManager section of the api-manager.xml file.

    Code Block


JWT cache



You sometimes pass certain enduser attributes to the backend using JSON Web Tokens (JWT). If you enable JWT generation, the token is generated in the Key Manager server for each validation information object and is sent as part of the key validation response. Usually, the JWT also gets cached with the validation information object, but you might want to generate JWTs per each call. You can do this by enabling JWT caching at key manager server. Add the following entry to APIKeyManager section of the api-manager.xml file. 


Code Block


OAuth cache

The OAuth token is saved in this cache, which is enabled by default. Whenever a new OAuth token is generated, it is saved in this cache to prevent constant database calls. Unless an OAuth expires or is revoked, the same token is sent back for the same user. Therefore, you do not need to change this cached token most of the time.  

Response cache

The API Manager uses WSO2 ESB's cache mediator to cache response messages per each API. Caching improves performance, because the backend server does not have to process the same data for a request multiple times. To offset the risk of stale data in the cache, you set an appropriate timeout period.