When orgs are migrated to CPS there is a limit of 18 custom attributes on apps, apiproducts, etc. as described here: https://docs.apigee.com/release/deprecated-features#cps
There are 2 options that come to mind:
When reaching this limit during initial design, its manageable. However when retrofitting existing designs its a significant change management issue, especially for hundreds of proxies.
Has anyone contrasted these approaches or come up with another solution?
I'd suppose each case would be different.
To me, a token with 18 distinct attributes is a design smell. That's too many.
If there's that much information, it wants to be managed separately and explicitly, in a datastore. Maybe firebase/firestore or something else. But The token store is not a database.
As to whether to use JSON or KVM.... JSON might be a good idea even if you don't face the 18-attribute limit.
And KVM is a good idea if you want to manage the data outside the API Proxy bundle code.