3.3.9.API Caching (2 of 2) Concepts & Design decisions

  • Cache-Control

    • HTTP Header

      • Cache-Control: "private, max-age=60"

    • API server (Response HTTP Header)

      • who can cache the response?

      • for how long?

      • under what conditions?

    • Browser (Request HTTP Header)

      • override the caching behavior

      • protect sensitive data from caching

    • public vs private

      • Sensitive data should not be cached on intermediaries (除了intermediaries外的端點都可以cache)

      • private data is meant for single user

        • Cache-Control: "private, max-age=60"

      • default is public (任何端點都能cache)

    • no-store

      • 資料有時會被儲存在local當作備份

      • 使用no-store, 任何端點都不能cache

      • Sensitive data should not be stored anywhere

        • e.g., banking data, medical data

      • HTTP Header

        • Cache-Control: "no-store, max-age=60"

    • E-tag

      • E-tag header can be used to check if the data has changed

      • 如果資料改變了, 再去拿資料, 通常會搭配no-store使用

    • max-age

      • cache資料的有效時間 (seconds)

  • Practices

    • 1.Take advantage of caching especially for high volume API

    • 2.Consider no-store and private for sensitive data

    • 3.Provide the validation tag(Etag) especially for large responses

    • 4.Carefully decide on the optimal max-age

Last updated

Was this helpful?