Caching responses to authenticated requests (in Apigee)

Question

Apigee provides various caching mechanisms but how do they work in the presence of authentication? if each request must go all the way back to the server to be authenticated then how you can cache anything between the client and server? My assumption is that when using Apigee OAuth nothing is cacheable between client and server, and the only usable cache services are those within the Apigee servers?

Answer 1

OAuth will mandate validating the Access Token in the incoming request before giving access to resources. It is an orthogonal problem to caching.

Once the access token is validated, you can serve the response from Apigee Edge the cache. Apigee Edge policies does not, in any way, restrict you from using response cache policies after using the validate access token policy.

Answer 2

This is how response cache in apigee currently works - Currently when you add a response cache policy to proxy request flow, it gets attached to a proxy request flow as well as the target response post flow. So now when you have a fresh request coming in - It hits the cache policy in the request flow and checks for a cache hit and proceeds. For the first request it is not going to find a hit but when it hits the policy in the target response post flow, it captures and creates the cache entry. Now the next request is going to be a cache hit in the request flow and thus responds back with a cached response.

I dont see a reason why the same logic should not work with Apigee Oauth if you have the responsecache policy after the security policies. Also remember that it is a business and I would say a strategic decision on where you want to perform cache hit check and where you want to populate the cache.