# 3.3.9.API Caching (2 of 2) Concepts & Design decisions

* Cache control directive
  * [Cache control directives must be obeyed by all caching mechanisms along the request/response chain](https://www.w3.org/Protocols/rfc2616/rfc2616.html)

    ![](https://163116165-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M4M0G7tIs4o9F9vSrao%2F-M4M0IVB0ax0vs2ocz_r%2F-M4M0XYU-ttLcJRP9tIo%2F201803183.jpg?generation=1586302966138128\&alt=media)
* Cache-Control
  * HTTP Header
    * Cache-Control: "private, max-age=60"
  * API server (Response HTTP Header)
    * who can cache the response?
    * for how long?
    * under what conditions?
  * Browser (Request HTTP Header)
    * override the caching behavior
    * protect sensitive data from caching
  * public vs private
    * Sensitive data should not be cached on intermediaries (**除了intermediaries外的端點都可以cache**) ![](https://163116165-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M4M0G7tIs4o9F9vSrao%2F-M4M0IVB0ax0vs2ocz_r%2F-M4M0XYWqBgk6G2RBY5H%2F201803184.jpg?generation=1586302966048992\&alt=media)
    * private data is meant for single user
      * Cache-Control: "private, max-age=60"
    * **default is public (任何端點都能cache)**
  * no-store
    * 資料有時會被儲存在local當作備份
    * **使用no-store, 任何端點都不能cache**
    * Sensitive data should not be stored anywhere
      * e.g., banking data, medical data 
    * HTTP Header
      * Cache-Control: "no-store, max-age=60"
  * E-tag 
    * E-tag header can be used to check if the data has changed
    * 如果資料改變了, 再去拿資料, 通常會搭配no-store使用
  * max-age
    * cache資料的有效時間 (seconds)
* Practices
  * 1.Take advantage of caching especially for high volume API
  * 2.Consider **no-store** and **private** for sensitive data
  * 3.Provide the validation tag(Etag) especially for large responses
  * 4.Carefully decide on the optimal max-age