REST API Caching: Advanced Techniques for Improved Performance

In today's world, REST APIs play a critical role in communication between various software components and applications. One of the key aspects of maintaining high-performance APIs is to implement proper caching strategies. This blog post will discuss advanced techniques for improving the performance of your REST APIs through caching, targeting developers who have basic knowledge of APIs and caching concepts. We'll cover different caching techniques, such as cache headers, server-side caching, and reverse proxy caching, along with code examples and explanations.

Caching Overview

Caching is a technique that stores a copy of a given resource and serves it back when requested. This saves time and computing resources, as the original resource does not need to be fetched, processed, or generated every time it is requested. In the context of REST APIs, caching can be implemented on the client-side, server-side, or even by using intermediary components like reverse proxies.

Cache Headers

Cache headers are an essential part of caching in REST APIs. They provide information to clients and intermediary components about the cacheability of a resource. The most common cache headers are:

  • Cache-Control
  • Expires
  • ETag
  • Last-Modified

Let's discuss these headers in detail and see how they can be used in practice.


The Cache-Control header allows you to specify caching directives for clients and intermediaries. Some of the most common directives are:

  • public: The response can be cached by any cache.
  • private: The response can be cached only by the client's browser cache.
  • no-cache: The response must be validated before using a cached copy.
  • no-store: The response should not be cached anywhere.
  • max-age: The maximum time (in seconds) the response can be cached.

Here's an example of how to use the Cache-Control header in a Node.js Express application:

const express = require('express'); const app = express(); app.get('/api/data', (req, res) => { res.set('Cache-Control', 'public, max-age=3600'); res.json({ message: 'Cached data' }); }); app.listen(3000, () => console.log('Server listening on port 3000'));

In this example, the /api/data endpoint sets the Cache-Control header to public, max-age=3600, allowing the response to be cached by clients and intermediaries for up to an hour.


The Expires header specifies an absolute date and time when the cached response becomes stale. It is an older approach to caching, and using Cache-Control is generally preferred. However, it can still be used for compatibility reasons.

Here's an example of setting the Expires header in a Node.js Express application:

const express = require('express'); const app = express(); app.get('/api/data', (req, res) => { const expiryDate = new Date( + 3600 * 1000); res.set('Expires', expiryDate.toUTCString()); res.json({ message: 'Cached data with expiry' }); }); app.listen(3000, () => console.log('Server listening on port 3000'));


The ETag header is a unique identifier for a specific version of a resource. When the resource changes, the ETag value should also change. Clients can use the If-None-Match header to check if their cached copy is still valid by comparing the ETag values.

Here's an example of using the ETag header in a Node.js Express application:

const express = require('express'); const app = express(); app.get('/api/data',(req, res) => { const data = { message: 'ETag example' }; const etag = generateETag(data); // Assume generateETag is a custom function that generates an ETag for the given data res.set('ETag', etag); res.json(data); }); app.listen(3000, () => console.log('Server listening on port 3000')); function generateETag(data) { // Implement your custom ETag generation logic here, e.g., a hash of the data return require('crypto').createHash('md5').update(JSON.stringify(data)).digest('hex'); }

In this example, the generateETag function creates an MD5 hash of the JSON representation of the data object. The generated ETag is then added to the response header.


The Last-Modified header indicates the date and time when the resource was last modified. Clients can use the If-Modified-Since header to check if their cached copy is still valid by comparing the Last-Modified values.

Here's an example of using the Last-Modified header in a Node.js Express application:

const express = require('express'); const app = express(); app.get('/api/data', (req, res) => { const lastModifiedDate = new Date(); res.set('Last-Modified', lastModifiedDate.toUTCString()); res.json({ message: 'Last-Modified example' }); }); app.listen(3000, () => console.log('Server listening on port 3000'));

In this example, we set the Last-Modified header to the current date and time.

Server-Side Caching

Server-side caching involves storing data on the server to reduce the processing time and resources required to generate a response. A common server-side caching technique is to use in-memory caching.

In-Memory Caching

In-memory caching stores data in the server's memory, providing fast access to cached data. Here's an example of in-memory caching in a Node.js Express application using the memory-cache package:

const express = require('express'); const cache = require('memory-cache'); const app = express(); const cacheMiddleware = (duration) => { return (req, res, next) => { const key = req.originalUrl || req.url; const cachedData = cache.get(key); if (cachedData) { res.json(cachedData); } else { res.sendResponse = res.json; res.json = (data) => { cache.put(key, data, duration * 1000); res.sendResponse(data); }; next(); } }; }; app.get('/api/data', cacheMiddleware(3600), (req, res) => { // Assume fetchData is a function that fetches data from an external source fetchData().then((data) => res.json(data)); }); app.listen(3000, () => console.log('Server listening on port 3000'));

In this example, we created a custom middleware called cacheMiddleware that checks for cached data before executing the route handler. If there's cached data, it returns the cached data; otherwise, it fetches the data, caches it, and sends the response.

Reverse Proxy Caching

Reverse proxy caching involves using an intermediary component, such as a reverse proxy server, to cache and serve API responses. A popular reverse proxy server for caching is Varnish.

Varnish Configuration

To use Varnish for caching, you need to install Varnish and configure it to cache your API responses. Here's anexample Varnish configuration file (default.vcl) that demonstrates caching for a REST API:

vcl 4.1; backend default { .host = ""; .port = "3000"; // Your API server's port } sub vcl_recv { unset req.http.Cookie; } sub vcl_backend_response { // Set the cache TTL based on the Cache-Control header from the backend if (beresp.http.Cache-Control ~ "max-age") { set beresp.ttl = std.duration(beresp.http.Cache-Control, 3600s); } // Remove cookies from the backend response to prevent cache poisoning unset beresp.http.Set-Cookie; }

This configuration defines a backend server at (replace this with your API server's address) and modifies the incoming and outgoing headers to remove cookies for caching. The cache TTL (time-to-live) is set based on the Cache-Control header from the backend server.

After configuring Varnish, start it with the following command:

varnishd -f /path/to/your/default.vcl -s malloc,256m -a :8080

This command starts Varnish with a 256 MB in-memory cache and listens on port 8080.

With Varnish up and running, clients can now send requests to the Varnish server (port 8080), which will cache and serve the API responses as configured.


What are the advantages of caching in REST APIs?

Caching in REST APIs improves performance, reduces server load, and minimizes latency. It allows clients to reuse previously fetched data, reducing the need for additional requests to the server. As a result, it saves bandwidth and provides a better user experience.

Can I use a combination of caching techniques?

Yes, using a combination of caching techniques can often lead to the best results. For example, you can use cache headers to provide caching instructions to clients and intermediaries, while also using server-side caching to reduce the time it takes to generate responses.

How do I choose the best caching technique for my API?

The best caching technique depends on your API's specific requirements and constraints. Client-side caching with cache headers is generally the easiest to implement and provides the most significant performance improvements. However, if your API has complex processing requirements, server-side caching can help reduce response times. If you need even more performance and scalability, consider using a reverse proxy caching solution like Varnish.

How do I prevent caching of sensitive data?

To prevent caching of sensitive data, you can use the Cache-Control header with the no-store directive. This instructs clients and intermediaries not to cache the response.

res.set('Cache-Control', 'no-store');

Additionally, you can use the private directive to restrict caching to the client's browser cache only.

res.set('Cache-Control', 'private');

Sharing is caring

Did you like what Mehul Mohan wrote? Thank them for their work by sharing it on social media.


No comments so far

Leave a question/feedback and someone will get back to you