Get from cache

APPLIES TO: All API Management tiers

Use the cache-lookup policy to perform cache lookup and return a valid cached response when available. This policy can be applied in cases where response content remains static over a period of time. Response caching reduces bandwidth and processing requirements imposed on the backend web server and lowers latency perceived by API consumers.


This policy must have a corresponding Store to cache policy.


Built-in cache is volatile and is shared by all units in the same region in the same API Management service.


Set the policy's elements and child elements in the order provided in the policy statement. To help you configure this policy, the portal provides a guided, form-based editor. Learn more about how to set or edit API Management policies.

Policy statement

<cache-lookup vary-by-developer="true | false" vary-by-developer-groups="true | false" caching-type="prefer-external | external | internal" downstream-caching-type="none | private | public" must-revalidate="true | false" allow-private-response-caching="@(expression to evaluate)">
  <!-- should be present in most cases -->
  <!-- should be present in most cases -->
  <!-- should be present when allow-private-response-caching is "true"-->
  <vary-by-header>header name</vary-by-header>
  <!-- optional, can be repeated -->
  <vary-by-query-parameter>parameter name</vary-by-query-parameter>
  <!-- optional, can be repeated -->


Attribute Description Required Default
allow-private-response-caching When set to true, allows caching of requests that contain an Authorization header. Policy expressions are allowed. No false
caching-type Choose between the following values of the attribute:
- internal to use the built-in API Management cache,
- external to use the external cache as described in Use an external Azure Cache for Redis in Azure API Management,
- prefer-external to use external cache if configured or internal cache otherwise.

Policy expressions aren't allowed.
No prefer-external
downstream-caching-type This attribute must be set to one of the following values.

- none - downstream caching is not allowed.
- private - downstream private caching is allowed.
- public - private and shared downstream caching is allowed.

Policy expressions are allowed.
No none
must-revalidate When downstream caching is enabled this attribute turns on or off the must-revalidate cache control directive in gateway responses. Policy expressions are allowed. No true
vary-by-developer Set to true to cache responses per developer account that owns subscription key included in the request. Policy expressions are allowed. Yes false
vary-by-developer-groups Set to true to cache responses per user group. Policy expressions are allowed. Yes false


Name Description Required
vary-by-header Add one or more of these elements to start caching responses per value of specified header, such as Accept, Accept-Charset, Accept-Encoding, Accept-Language, Authorization, Expect, From, Host, If-Match. No
vary-by-query-parameter Add one or more of these elements to start caching responses per value of specified query parameters. Enter a single or multiple parameters. Use semicolon as a separator. No


Usage notes

  • API Management only performs cache lookup for HTTP GET requests.
  • When using vary-by-query-parameter, you might want to declare the parameters in the rewrite-uri template or set the attribute copy-unmatched-params to false. By deactivating this flag, parameters that aren't declared are sent to the backend.
  • This policy can only be used once in a policy section.


Example with corresponding cache-store policy

        <base />
        <cache-lookup vary-by-developer="false" vary-by-developer-groups="false" downstream-caching-type="none" must-revalidate="true" caching-type="internal" >
        <cache-store duration="seconds" />
        <base />

Example using policy expressions

This example shows how to configure API Management response caching duration that matches the response caching of the backend service as specified by the backend service's Cache-Control directive.

<!-- The following cache policy snippets demonstrate how to control API Management response cache duration with Cache-Control headers sent by the backend service. -->

<!-- Copy this snippet into the inbound section -->
<cache-lookup vary-by-developer="false" vary-by-developer-groups="false" downstream-caching-type="public" must-revalidate="true" >

<!-- Copy this snippet into the outbound section. Note that cache duration is set to the max-age value provided in the Cache-Control header received from the backend service or to the default value of 5 min if none is found  -->
<cache-store duration="@{
    var header = context.Response.Headers.GetValueOrDefault("Cache-Control","");
    var maxAge = Regex.Match(header, @"max-age=(?<maxAge>\d+)").Groups["maxAge"]?.Value;
    return (!string.IsNullOrEmpty(maxAge))?int.Parse(maxAge):300;

For more information, see Policy expressions and Context variable.

For more information about working with policies, see: