Removing Unused Tokens from the Database
- Former user (Deleted)
- Former user (Deleted)
- Former user (Deleted)
- Former user (Deleted)
As you use WSO2 API Manager, the number of revoked, inactive and expired tokens accumulates in the IDN_OAUTH2_ACCESS_TOKEN table. These tokens are kept in the database for logging and audit purposes, but they can have a negative impact on the server's performance over time. Therefore, it is recommended to clean them periodically as given in the instructions below:
Tip : It is safe to run these steps in read-only mode or during a time when traffic on the server is low, but that is not mandatory.
- Take a backup of the running database.
Set up the database dump in a test environment and test it for any issues.
For more information on setting up a database dump, go to the MySQL, SQL Server, and Oracle offical documentation.
Tip: We recommend you to test the database dump before the cleanup task as the cleanup can take some time.
Run the following queries on the database dump to clean the database of unused tokens.
Once the cleanup is over, start the API Manager pointing to the cleaned-up database dump and test throughly for any issues. You can also schedule a cleanup task that will be automatically run after a given period of time. Here's an example:
USE 'WSO2AM_DB'; DROP EVENT IF EXISTS 'cleanup_tokens_event'; CREATE EVENT 'cleanup_tokens_event' ON SCHEDULE EVERY 1 WEEK STARTS '2015-01-01 00:00.00' DO CALL 'WSO2AM_DB'.'cleanup_tokens'(); -- 'Turn on the event_scheduler' SET GLOBAL event_scheduler = ON;Replace
WSO2AM_DBwith the name of your API Manager database in the above script.