Layer7 API Management

  • Private Community
 View Only

  • 1.  clarification on API key Caching

    Posted Nov 18, 2015 03:40 PM

    API Key is generated when an application is created in API Portal. In the Gateway "Lookup API Key" assertion will help in testing if API Key passed is a valid one. I see Lookup API Key working even when the API portal is down/not accessible. Does this mean that the API Keys are cached in Gateway? If yes what is the Cache duration and when does the Sync of API keys and Gateway(v8.2) happen.

     

    Regards,

    Ganesh Reddy



  • 2.  Re: clarification on API key Caching
    Best Answer

    Posted Nov 20, 2015 03:11 AM

    Hello Ganesh,

    The API key and all the references to which app it refers to (including the name of the app and other characteristics) and which API can use it as well as what plans are linked to it are all stored in the local database of the gateway, inside the generic_entity table where you can find an entry with the same name as the API key and in there there is an XML body that does all the referencing.

     

    This is to be expected: can you imagine the amount of network traffic that it would cause between the portal and the gateway if all the references of all API keys would stay only on the portal? It could bring that network segment down to its knees. Moreover, as you noticed this removes the Portal as a point of failure: even if the portal is down, the apps can still function.

     

    I hope this answered the question,

     

    Thanks



  • 3.  Re: clarification on API key Caching

    Posted Nov 20, 2015 03:39 AM

    Thank you for the response Maurizio .

    It makes sense to put these in Gateway for faster responses and availability. But then, when does the API Key sync happen between gateway and portal? Only when we do Sync API's from admin settings?

     

    Regards,

    Ganesh Reddy



  • 4.  Re: clarification on API key Caching

    Posted Nov 20, 2015 03:55 AM

    You are welcome styganesh,

    This synchronisation happens everytime there is a change made on the Portal regarding the app itself: the portal will initiate a call to the portalman service on the gateway to sync all the details, afterall, even at the beginning, when a registered app is approved, the generation of the actual API key an secret are done on the gateway, not the portal. Any detail editing about Apps (generation of APIkeys, plan changing, addition of API to the APP) as well as changes to APIplans and business plans will trigger a call to the gateway from the portal to sync the data.

     

    Thanks

    Maurizio



  • 5.  Re: clarification on API key Caching

    Broadcom Employee
    Posted Nov 23, 2015 08:59 AM

    Hi styganesh and GARMA26,

     

    I would be more clear in portail vs gateway operations. From my point of view, using the "sync" term is irrelevant.

    From my understanding of the solution :

    - the gateway expose some API keys services

    - api keys and related info are stored into gateway related mysql database

    - the portal consume these services. For example : you create an API key via the portal -> call to dedicated PortalMan API -> Portal get the response from Gateway and "print it"

     

    That's explaining why Portail is unusable when related Gateways are off/in failed state

     

    Have a nice day