3.3.9.API Caching (2 of 2) Concepts & Design decisions

Cache control directive
- Cache control directives must be obeyed by all caching mechanisms along the request/response chain
Cache-Control
- HTTP Header
  - Cache-Control: "private, max-age=60"
- API server (Response HTTP Header)
  - who can cache the response?
  - for how long?
  - under what conditions?
- Browser (Request HTTP Header)
  - override the caching behavior
  - protect sensitive data from caching
- public vs private
  - Sensitive data should not be cached on intermediaries (除了intermediaries外的端點都可以cache)
  - private data is meant for single user
    Cache-Control: "private, max-age=60"
  - default is public (任何端點都能cache)
- no-store
  - 資料有時會被儲存在local當作備份
  - 使用no-store, 任何端點都不能cache
  - Sensitive data should not be stored anywhere
    e.g., banking data, medical data
  - HTTP Header
    Cache-Control: "no-store, max-age=60"
- E-tag
  - E-tag header can be used to check if the data has changed
  - 如果資料改變了, 再去拿資料, 通常會搭配no-store使用
- max-age
  - cache資料的有效時間 (seconds)
Practices
- 1.Take advantage of caching especially for high volume API
- 2.Consider no-store and private for sensitive data
- 3.Provide the validation tag(Etag) especially for large responses
- 4.Carefully decide on the optimal max-age

Last updated 4 years ago