It doesn’t look like our code would request client credentials and then not use them, especially not at that ratio. If anything, I would expect more API events than success_exchange_client_credentials_grantsince we frequently make multiple API calls with the same instance of our Auth0Client from the ruby SDK.
Even we add the success_signup and success_change_password (which are currently flowing through the API exclusively) we still fall far short of being roughly the same.
I suspect this is more of an issue of understanding events / flows than a software issue
Looking at the details provided, my opinion is that the large number of success_exchange_client_credentials_grant events could indicate that these likely are generated by a backend process or a worker and are not attributed to usual traffic.
The success_api_operation ( sapi ) events refer to the Successful management API write event and they are logged in the context of a write operation. If there are large number of token exchanges, but much fewer write events, this can indicate that your application is initializing a new Auth0::Client instance for every single request or operation, rather than reusing a cached token.
The Ruby SDK could be exchanging client_id/client_secret pairs each time for a new token, basically completing a full Client Credentials Exchange every time, instead of re-using the token which by default are valid for 24 hours.
I would recommend implementing token caching to store them for your application to reuse. Allow me to share some useful documentation that could further help:
