As you use WSO2 API Manager, the number of revoked, inactive and expired tokens accumulates in the IDN_OAUTH2_ACCESS_TOKEN table. These tokens are kept in the database for logging and audit purposes, but they can have a negative impact on the server's performance over time. Therefore, it is recommended to clean them periodically as given in the instructions below:
Tip : It is safe to run these steps in read-only mode or during a time when traffic on the server is low, but that is not mandatory.
- Take a backup of the running database.
Set up the database dump in a test environment and test it for any issues.
For more information on setting up a database dump, go to the MySQL, SQL Server, and Oracle offical documentation.
Tip: We recommend you to test the database dump before the cleanup task as the cleanup can take some time.
Run the following scripts on the database dump. It takes a backup of the necessary tables, turns off SQL updates and cleans the database of unused tokens.
Once the cleanup is over, start the API Manager pointing to the cleaned-up database dump and test throughly for any issues.
You can also schedule a cleanup task that will be automatically run after a given period of time. Here's an example: