If multiple instances of Smart API Manager are configured for load-balancing, such as in a web farm, you must also set consistent machine keys on all the Smart API Manager instances to prevent security errors.
What happens if machine keys are inconsistent?
If different instances have different machine keys, errors similar to the following might be generated when Smart API Manager attempts to generate an access token:
Message: AntiForgeryTokenValidator validating token
System.Security.Cryptography.CryptographicException: Error occurred during a cryptographic operation
How to generate a machine key for Smart API Manager
For more information on generating a machine key for a web application, see the following Microsoft blog post: https://blogs.msdn.microsoft.com/amb/2012/07/31/easiest-way-to-generate-machinekey/.
In IIS Manager, select the Smart API Manager web application and double-click Machine Key.
On the Machine Key page, select the SHA1 validation method and the AES encryption method.
Clear all check boxes in the Validation key and Decryption key sections.
Click Generate Keys, and then click Apply.
A <machineKey> entry is added to the web.config file, located at:
[Smart API Manager Install Folder]\Dashboard
Copy the <machineKey> entry to the web.config file for each remaining Smart API Manager instance in the web farm.
Do not generate different machine keys on other Smart API Manager instances within the same web farm.
To determine what needs to happen next in your environment, see Where to Go From Here.