Inbound traffic to all four micro gateways began to fail with an authorisation error around 21:00 SAST on Tuesday night. (two in Dev, two in Production ) .. at the same time.
401 {"error":"invalid_token","error_description":"invalid_token"}
"A trace run on Apigee-Auth shows it passes the verifyApiKey where Apigee responds with a valid token, but after that the gateway fail.
We then had to remove –oauth from the config after which it started to work again. Tuesday 15h00 SAST was the last time the gateways have send any analytics to Apigee"
RCA
Oauth piece in config file :
oauth: allowAPIKeyOnly: true productOnly: false cacheKey: true allowNoAuthorization: false allowInvalidAuthorization: false verify_api_key_url: 'https://{prod}-{env}.apigee.net/edgemicro-auth/verifyApiKey'
So what makes our config unique is we had to remove recognising Authorization header and only use x-api-key. Since we are passing Auth headers to SAP
But the experts will hopefully know that from looking at the auth config
Edge Microgateway 3.0.8
edgemicro-auth is now Hosted Target version, upgraded from Trireme.
Plea for assistance or clues, good people.