Revoking developer app keys - latency

nathanaw
Participant V

Hi all, while revoking developer app keys, realised and found out that there are latency from the time I revoke the keys to the time I get the error message -- "faultstring": "Consumer Key not approved",

Latency is around a minute or lesser. Is this to be expected? i.e., part of the design.

Thank you.

Nathan Aw (Singapore)

0 1 199
1 REPLY 1

Yes, the behavior you are describing and observing is part of the design of Apigee Edge.

When a key is presented and handled by VerifyApiKey, or OAuthV2/VerifyAccessToken, it requires a read from the persistent store. The Apigee runtime then caches the result of that read operation, to save the cost of the read on subsequent invocations of VerifyApiKey or OAuthV2/VerifyAccessToken.

The lifetime (or TTL) of that cached item is not specifically defined and may vary, but in my tests it is 180 seconds. Any update to the API Credential, like revoking the credential, or adding an API Product to the credential, won't be "seen" by a Message Processor that has previously handled the API Key or access token, until the TTL expires.

If a Message processor has not previously "seen" the API Key or Access Token then the cache will be cold, and so an update to the credential will be immediately available to the MP during the first call to VerifyApiKey or OAuthV2/VerifyAccessToken.