Layer7 API Management

  • 1.  Query on usage of Cache Assertion for caching tokens

    Posted Jul 26, 2017 06:49 AM

    I have used the Store Cache and Lookup Cache assertion for Caching the OAuth Token required to invoke a target API. The logic first looks up the cache to check if there is any token exists if not it makes a call to OAuth end point to get the fresh one and stores it in Cache. The logic is in an encapsulated assertion which is used across multiple APIs.
    Below is the Cache Configurations

    Store to Cache:

    • Cache ID : POC (This is hardcoded and remains same for all)
    • Cache Entry Key : ${request.http.parameter.clientid}  (Mapped from Query Param Client ID and as of now all requests come with same client id)
    • Max Entry Age : 3600 seconds

    Lookup from Cache:

    • Cache ID : POC (This is hardcoded and remains same for all)
    • Cache Entry Key : ${request.http.parameter.clientid}
    • Max Acceptable Age : 3600 seconds

     

    With the above configuration since Cache ID and Cache Key remains same for all requests , I am expecting the call to OAuth Endpoint should happen every one hour. But sometimes i observed that  even if a fresh entry was made 30 mins back the lookup assertion is not finding and the policy is calling OAuth endpoint. What could be the reason for this behavior?

    Policy Flow and Configurations Screenshot:



  • 2.  Re: Query on usage of Cache Assertion for caching tokens

    Broadcom Employee
    Posted Jul 26, 2017 11:03 AM

    You say you are using the same cache ID for multiple API's,  I see you have your store to Cache set to a maximum of 10 entries this means when the cache has reach 10 entries keys it will replace the oldest one causing the lookup to fail as it is no longer in the cache. Try increasing the maximum entries and see if that resolves your issue.

     

    Also If this is a cluster  of gateways each node cache is local and not shared so if a entry is cached on one node it is not available to the other nodes.



  • 3.  Re: Query on usage of Cache Assertion for caching tokens

    Posted Jul 27, 2017 01:09 PM

    What would be recommended approach to have a global cache within a cluster of gateways ?



  • 4.  Re: Query on usage of Cache Assertion for caching tokens
    Best Answer

    Broadcom Employee
    Posted Jul 27, 2017 07:10 PM

    Hi Arvind.S ,

    there is a tactical assertion for remote cache, please open a support ticket to ask for it.

     

    Regards,

    Mark



  • 5.  Re: Query on usage of Cache Assertion for caching tokens

    Posted Jul 29, 2017 10:22 AM

    Thanks. Will check it out.



  • 6.  Re: Query on usage of Cache Assertion for caching tokens

    Posted Jul 26, 2017 01:15 PM

    Thanks Barry!  That helps.  I would check on the sharing across nodes 

    How ever with the above logic and all calls being made with same client ID is there a possiblity of having multiple entries in Cache? 

    For example every time the policy tries store it uses  below values 

     Cache id : POC

     Cache key : client1

     Max entry age : 3600

    So I assume it will override the existing instead of creating new one. So at any point there can be only one entry in Cache and it can not reach Max entry size. Is that correct understanding?