This documentation is for WSO2 API Manager 1.9.0 View documentation for the latest release.
Page Comparison - Configuring Caching (v.6 vs v.7) - API Manager 1.9.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When caching is enabled at the Gateway and a request hits the Gateway, it first populates the cached entry for a given token. If a cache entry does not exist in cache, it calls the key manager Kay Validator server. This process is carried out using Web service calls. Once the key manager Key Validator server returns the validation information, it gets stored in the Gateway. Because the API Gateway issues a Web service call to the key manager server Key Validator server only if it does not have a cache entry, this method reduces the number of Web service calls to the key manager serverKey Validator server. Therefore, it is faster than the alternative method.

...

  1. In the api-manager.xml file of the key manager Key Validator node, point the revoke endpoint as follows:

    Code Block
    languagexml
    <RevokeAPIURL>https://${carbon.local.ip}:${https.nio.port}/revoke</RevokeAPIURL>
  2. In the API Gateway, point the Revoke API to the OAuth application deployed in the key manager Key Validator node. For example,

    Code Block
    languagexml
    <api name="_WSO2AMRevokeAPI_" context="/revoke">
            <resource methods="POST" url-mapping="/*" faultSequence="_token_fault_">
                <inSequence>
                    <send>
                        <endpoint>
                            <address uri="https://keymgt.wso2.com:9445/oauth2/revoke"/>
                        </endpoint>
                    </send>
                </inSequence>
                <outSequence>
                    <send/>
                </outSequence>
            </resource>
            <handlers>
                <handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/>
            </handlers>
    </api>

...

Code Block
<EnableGatewayResourceCache>true</EnableGatewayResourceCache>

...

Key Validator cache

The following caches are available: 

Table of Contents
maxLevel4
minLevel4

...

In a typical API Manager deployment, the Gateway is deployed in a DMZ while the Key Manager Validator is in MZ. By default, caching is enabled at the Gateway. If you do not like to cache token related information in a leniently secured zone, you can do that on the Key Manager Validator side. In this method, for each and every API call that hits the API Gateway, the Gateway issues a Web service call to the Key Manager Validator server. If the cache entry is available in the Key Manager Validator server, it is returned to the Gateway. Else, the database will be checked for the validity of the token.

...

  • Disable caching at the API Gateway by adding the following entry to the APIGateway section of the <APIM_HOME>/repository/conf/api-manager.xml file.

    Code Block
    languagexml
    <EnableGatewayKeyCache>false</EnableGatewayKeyCache>
  • Enable the Key Manager Validator cache by adding the following entry to the APIKeyManager section under the <APIKeyValidator> element of the api-manager.xml file.

    Code Block
    <EnableKeyMgtValidationInfoCache>true</EnableKeyMgtValidationInfoCache>

...

You sometimes pass certain enduser attributes to the backend using JSON Web Tokens (JWT). If you enable JWT generation, the token is generated in the Key Manager server Validator server for each validation information object and is sent as part of the key validation response. Usually, the JWT also gets cached with the validation information object, but you might want to generate JWTs per each call. You can do this by enabling JWT caching at key manager serverthe Key Validator server. Add the following entry to APIKeyManagerunder the <APIKeyValidator> section of the <APIM_HOME>/repository/conf/api-manager.xml file. 

...

Tip

You must disable caching at the Key Manager Validator server side in order to generate JWTs per each call. Disabling the JWT cache only works if you have enabled the Key Manager Validator cache, which is disabled by default.

...