If your setup has a cluster of multiple Key Manager nodes that are fronted by a load balancer that does not support Thrift, change the key management protocol from Thrift to WSClient using the
<KeyValidatorClientType> element in . Thrift uses TCP load balancing.
In a typical production environment, you can configure one of the following setups:
- Configure a WSO2 API Manager instance as the Key Manager in a separate server. See product profilesProduct Profiles.
- Configure an instance of WSO2 Identity Server as the Key Manager. SeeSee Configuring WSO2 Identity Server as the Key Manager.
- Configure a third-party authorization server for key validations and an API Manager instance for the rest of the key management operations. See Configuring a Third-Party Key Manager.
When an API is created, a file with its synapse configuration is added to the API Gateway. You can find it in the
<APIM_HOME>/repository/deployment/server/synapse-configs/default/api folder. It has a set of handlers, each of which is executed on the APIs in the same order they appear in the configuration. You find the default handlers in any API's Synapse definition