Multiple Gateways to handle production and sandbox requests separately

<RevokeAPIURL> is used by store node to call revoke and token APIs of gateway node, when you (re)generate tokens (by client credential grant type) from store UI.

But in this deployment pattern, there is a kind of limitation that is you have to pick one gateway node and configure that for <RevokeAPIURL> in store node's api-manager.xml.

Fo example, let's say you configured prod-gateway there. So, when you generate keys (either prod or sandbox) from store UI, it will call prod-gateway's revoke and token APIs. Since both gateways are pointing to the same keymanager (or km cluster), token generation should work without a problem.

The only downside is with caching. When you regenerate sandbox keys from store UI, it calls prod-gateway and clears the key cache of that gateway only. Therefore, the sandbox-gateway key cache won't be invalidated. So you will be able to call your sandbox-gateway's APIs with old revoked token for about 15 more minutes until the cache expires.

But, if you don't use Store UI to generate keys (i.e. client credentials grant type), which do not happen in a typical production environment where password grant type is usually used, (and calls gateway's token API for that directly), you won't experience this limitation.