This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Implementing Token Handler pattern in Apigee X

Posted on 10-26-2023 01:53 PM
IgorCherkovskiy
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Good day,

I am considering implementation of Token Handler pattern for an SPA in Apigee X. In the past, another part of the business I work for implemented it in Apigee Hybrid. They claimed that they found out that the Apigee database where they stored JWT and cookies relatively quickly become a bottleneck. Ultimately, moving the complexity to a DotNet BFF seemed a better decision. So, I am a bit skeptical about Token Handler in Apigee X but just in case...  Has anyone done anything similar? Could you share please if you faced any performance/scaling constraints? 

Thanks a lot!

1 2 358
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM
They claimed that they found out that the Apigee database where they stored JWT and cookies relatively quickly become a bottleneck.

Pardon me for being so direct, but: I doubt it. And if so, they're probably doing it wrong. What is the scale of the transaction load on this system, in which "the database quickly became a bottleneck"? Apigee hybrid with the default (small) configuration will perform over 1000tps, including token issuance and validation. And there are customers who run 50x that. A statement like "it very quickly became a bottleneck" without qualification, is a dubious claim.

It sounds like you have concerns about performance. I suggest that you test it yourself. Build it and measure it. Then, with concrete data, decide if there are "performance constraints". 

What is your EXPECTED transaction volume? What transaction types are in the mix? How often do you issue tokens, verify tokens, etc? start from there. If you have 100 tps, then, there's literally nothing you have to do, the smallest Apigee hybrid configuration will satisfy. (Depending on the latency of the upstream system! Apigee cannot make up for a slow upstream) If your goal is 1000tps, then probably the smallest hybrid Apigee cluster would still satisfy, but you'll want to test. If 10ktps then you will need an extra database node, and an extra runtime node, and you should test. If 100ktps , then you should get professional services assistance as you design your architecture.

 

0 Likes

Posted on --/--/---- --:-- AM
IgorCherkovskiy
Bronze 1
Bronze 1
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi Dino,

Thanks for the reply. Yes, I cannot confirm the whether they were doing it right, and surely I didn't want to imply Apigee design is inherently flawed. 

My transaction load should be below 1000tps, token's TTL is around a week. I do not have any idea what are the clusters under the hood as my Apigee setup is Apigee X SAAS (1 region). 

After all, having read one of your posts with the sentiment that a cookie-based auth being the task better implemented on a web server rather than in Apigee, I am having more doubts now about starting this endeavor.

Thanks.

Top Solution Authors
View all