APIM caching inbound policy does not work with API request made from different API Product

Question

APIM caching inbound policy does not work with API request made from different API Product

Bi Tan 60

Hi MS team and community,

I have set up a caching policy at the API Operation Level of a GET API with the example policies (see the bottom of this comment.

When I am testing, the caching is working as expected when I use the same subscription key. I then try to use different subscription keys, it is still working until I try the subscription keys of different API Product.

In my APIM, I have API Products of different API scopes and different policies. In the above case, there are 2 API Products, Product A and Product B, that both share the same API scope, both granting access to this API (refer as API A).

Since I have specified the 'vary-by-developer="false"'. If I made the first API call with the Product A subs key, I expect a cache hit when I made a second API request within the cache store duration with Product B subs key, but this result into a cache miss. This is verified in my Azure Diagnostic Logs.

I then look into the Trace for each of the API call in APIM's testing console. I noticed that the cacheKey is capturing the API Product ID.

e.g.

"cacheKey": "3_abc.azure-api.net.12_data.74482w-data;rev=12.194748_get-data.194749_8_https_abc.azurewebsites.net_443/api/data-api?dataType=Combined&pageNumber=1&Id=123123",

"cacheKey": "3_abcazure-api.net.12_data-premium.86443w-data;rev=12.194748_get-data.194749_8_https_abc.azurewebsites.net_443/api/data-api?dataType=Combined&pageNumber=1&Id=123123",

Can you please investigate if this is expected and how I can address this? I would like to achieve caching regardless of the API subscription key and the API Product which the key is associated with (i.e. any authenticated/authorized user making the exact same API request should be able to fetch the data from cache if the query string match).

Many thanks.

<policies>
    <inbound>
        <base />
        <cache-lookup vary-by-developer="false" vary-by-developer-groups="false" allow-private-response-caching="false" must-revalidate="false" downstream-caching-type="none">
            <vary-by-query-parameter>Id</vary-by-query-parameter>
            <vary-by-query-parameter>dataType</vary-by-query-parameter>
            <vary-by-query-parameter>pageNumber</vary-by-query-parameter>
        </cache-lookup>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <redirect-content-urls />
        <base />
        <cache-store duration="600" />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-03-27T07:50:22.6+00:00
Hi Bi Tan,

It seems that the caching policy in your Azure API Management (APIM) setup is not working as expected when using different API Products.

To make the cache work across different API Products, you need to remove the dependency on the API Product ID. The best way to do this is by modifying your caching policy to ignore the subscription key when generating the cache key.

Modify your caching policy by adding <vary-by-header>Ocp-Apim-Subscription-Key</vary-by-header>.

This ensures that APIM does not use the subscription key (or API Product ID) when generating cache keys.

Now, any authorized user making the same API request will get a cache hit, regardless of which API Product their subscription belongs to.

Here’s the updated caching policy:

<policies> <inbound> <base /> <cache-lookup vary-by-developer="false" vary-by-developer-groups="false" allow-private-response-caching="false" must-revalidate="false" downstream-caching-type="none"> <vary-by-query-parameter>Id</vary-by-query-parameter> <vary-by-query-parameter>dataType</vary-by-query-parameter> <vary-by-query-parameter>pageNumber</vary-by-query-parameter> <vary-by-header>Ocp-Apim-Subscription-Key</vary-by-header>  </cache-lookup> </inbound> <backend> <base /> </backend> <outbound> <redirect-content-urls /> <base /> <cache-store duration="600" /> </outbound> <on-error> <base /> </on-error> </policies>

Please let me know if you need further assistance.
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-03-28T07:05:15.9266667+00:00

Hello Bi Tan,

Following up to see if you have a chance to check my previous response and helped do let me know if you have any further questions on this.
Bi Tan 60 Reputation points

2025-04-01T00:39:34.1666667+00:00

Hi @Shireesha Eeraboina , thank you for looking into this and your suggestion on my issue.

I have added <vary-by-header>Ocp-Apim-Subscription-Key</vary-by-header> as you suggested, but it isn't working as expected. Now, when I use 1) different subscription keys of the same API product, and 2) different subs keys of the different API products consecutively, both scenarios are still resulting to cache misses.

The Cache Key generated from (bolded the cache key sections that are different):

API Product A, Subs key 1:

"cacheKey": "3_abc.azure-api.net.12_data-premium.86443w-data;rev=12.194748_get-data.194749_8_https_abc.azurewebsites.net_443/api/data-api?dataType=Combined&pageNumber=1&Id=201001&::Ocp-Apim-Subscription-Key=fcffxxxxxxxxxxxxxxxxxxxxxxxx"

API Product A, Subs key 2:

"cacheKey": "3_abc.azure-api.net.12_data-premium.86443w-data;rev=12.194748_get-data.194749_8_https_abc.azurewebsites.net_443/api/data-api?dataType=Combined&pageNumber=1&Id=201001&::Ocp-Apim-Subscription-Key=5066xxxxxxxxxxxxxxxxxxxxxxxx"

API Product B, Subs key 1:

"cacheKey": "3_abc.azure-api.net.12_data.74482w-data;rev=12.194748_get-data.194749_8_https_abc.azurewebsites.net_443/api/data-api?dataType=Combined&pageNumber=1&Id=201001&::Ocp-Apim-Subscription-Key=7671xxxxxxxxxxxxxxxxxxxxxxxx"

Could you please review if there are any other solutions?

On the other hand, if I am understanding the <vary-by-header>Ocp-Apim-Subscription-Key</vary-by-header> correctly, this policy is looking up for the value in the APIM subs key and will keep a cache record if the values from 2 API consecutive calls are different. Hence, my test results above are expected since the subs key from different users should have different values even if it is the same API product. Regardless, the API products are still showing a different cache key if the subs key belongs to a different API Product.
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-04-03T05:00:50.37+00:00
Hello Bi Tan,

I apologize for the delay in my response and thank you for your understanding.

To make caching work regardless of the subscription key or API Product, you need to create a custom cache key that does not include the subscription key.

Use a policy like this:

<set-variable name="customCacheKey" value="@(context.Request.Url.Path + context.Request.Url.QueryString)" /> <cache-lookup vary-by-value="@((string)context.Variables["customCacheKey"])" />

This ensures the cache key only includes the URL path and query string, so any user making the same request gets a cache hit, no matter the subscription key or API product.

I hope this addresses your query. Please let me know if you need any further assistance or clarification.
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-04-04T04:13:34.55+00:00

Hello Bi Tan,

Just checking in to see if the information above was helpful. If you have any further updates on this issue, please feel free to post them here.
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-04-07T05:07:47.47+00:00

Hello Bi Tan,

Following up to see if you have a chance to check my previous response and helped do let me know if you have any further questions on this.

Bi Tan 60

Hi Shireesha Eeraboina, sorry for the late response, I have tested your solution and further refine the solution based on Microsoft Documentation.

I found that your solution isn't working because the vary-by-value operation is not a valid input for the <cache-lookup /> policy.

I had a closer look into the documentation, if we need to use a customCacheKey as you suggested above, we will have to use the <cache-lookup-value /> policy.

I have got the cache working but is still trying to fix an issue of my policy where the API response body returning null value (i.e. there are response header, but the body section is completely empty).

Could you please review my solution below:

<inbound>
<set-variable name="customCacheKey" value="@(context.Request.Url.Path + context.Request.Url.QueryString)" />
        <cache-lookup-value key="@((string)context.Variables["customCacheKey"])" variable-name="cachedResponse" caching-type="internal" />
        <choose>
            <when condition="@((context.Variables.ContainsKey("cachedResponse")) && ((string)context.Variables["cachedResponse"] != null))">
                <return-response>
                    <set-header name="Content-Type" exists-action="override">
                        <value>application/json</value>
                    </set-header>
                    <set-body>@((string)context.Variables["cachedResponse"])</set-body>
                </return-response>
            </when>
        </choose>
</inbound>


<outbound>
        <base />
        <choose>
            <when condition="@(!context.Variables.ContainsKey("cachedResponse"))">
                <set-variable name="responseContent" value="@((string)context.Response.Body.As<string>())" />
                <cache-store-value key="@((string)context.Variables["customCacheKey"])" value="@((string)context.Variables["responseContent"])" duration="600" caching-type="internal" />
            </when>
        </choose>
    </outbound>

Another follow up question about this solution, since the custom cache key will now look up the URI that is being called. Will the cache look up still work if the user submits the query string in different order:

/api/data-api?dataType=Combined&pageNumber=1&Id=201001

vs.

/api/data-api?dataType=Combined&Id=201001&pageNumber=1

Any advice on my findings above would be greatly appreciated. Thanks.

Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-04-08T06:05:36.78+00:00

Hi Bi Tan,

Thanks for your details.

You're right — to avoid cache misses due to different subscription keys or API products, using <cache-lookup-value> with a custom cache key is the correct approach.

To avoid cache misses due to different query parameter order, make sure to normalize the query string when building the cache key — extract each parameter individually and rebuild it in a consistent order.

Also, if your response body is returning null, double-check the format and how you're reading it. Use .As<string>() or .As<JObject>() depending on your backend response type.

Please let me know if you have any further queries.
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-04-09T03:41:02.0266667+00:00

Hello Bi Tan,

Following up to see if you have a chance to check my previous response and helped do let me know if you have any further questions on this.
Bi Tan 60 Reputation points

2025-04-09T07:29:38.4566667+00:00
Hi Shireesha Eeraboina, your latest response does help with the API Product issue, and I have completed another full testing. However, I found that with the usage of custom key policy, the cache key is now sensitive to the order of the query parameters.

e.g.

/api/data-api?dataType=Combined&pageNumber=1&Id=123123

/api/data-api?dataType=Combined&Id=123123&pageNumber=1

The 2 same requests above now will result in storing 2 cache responses, it won't fetch the response from the cache if I call both API requests consecutively (i.e. cache miss).

Do you know if there is any simple way to address this?

If we add further complexity to the <set-variable name="customCacheKey" value="@(context.Request.Url.Path + context.Request.Url.QueryString)" /> policy, we might able to get it to work regardless of the order of query parameters. However, I'm afraid that it might increase the latency.
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-04-11T05:18:44.31+00:00

Hello Bi Tan,

Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back.
Bi Tan 60 Reputation points

2025-04-16T04:28:52.37+00:00
Hi Shireesha Eeraboina,

Thanks for your suggestion, with the sorted query string, I have tested that the solution is now working as I was hoping. Thank you for your assistance.

In summary, I ended up using <cache-lookup-value> and <cache-store-value> policies + the normalized query parameters to create my custom cache key.

A minor change to your suggestion about normalizing the query string, as I am getting an error (p.Name is not valid) while testing. Below is the solution I used:

Thanks again!

<set-variable name="sortedQuery" value="@{ var queryParams = context.Request.Url.Query .OrderBy(p => p.Key) .Select(p => p.Key + "=" + p.Value); return string.Join("&", queryParams); }" /> <set-variable name="customCacheKey" value="@($"{context.Request.Url.Path}?{context.Variables["sortedQuery"]}")" />
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-04-16T04:32:43.6133333+00:00

Hello Bi Tan,

Thanks for your response and glad to know that your problem has been resolved. I have converted my comment to answer.

Please accept as Yes if the answer is helpful so that it can help others in the community.

Accepted answer

0 additional answers

Your answer

Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-03-27T07:50:22.6+00:00

Hi Bi Tan,

It seems that the caching policy in your Azure API Management (APIM) setup is not working as expected when using different API Products.

To make the cache work across different API Products, you need to remove the dependency on the API Product ID. The best way to do this is by modifying your caching policy to ignore the subscription key when generating the cache key.

Modify your caching policy by adding <vary-by-header>Ocp-Apim-Subscription-Key</vary-by-header>.

This ensures that APIM does not use the subscription key (or API Product ID) when generating cache keys.

Now, any authorized user making the same API request will get a cache hit, regardless of which API Product their subscription belongs to.

Here’s the updated caching policy:

<policies> <inbound> <base /> <cache-lookup vary-by-developer="false" vary-by-developer-groups="false" allow-private-response-caching="false" must-revalidate="false" downstream-caching-type="none"> <vary-by-query-parameter>Id</vary-by-query-parameter> <vary-by-query-parameter>dataType</vary-by-query-parameter> <vary-by-query-parameter>pageNumber</vary-by-query-parameter> <vary-by-header>Ocp-Apim-Subscription-Key</vary-by-header>  </cache-lookup> </inbound> <backend> <base /> </backend> <outbound> <redirect-content-urls /> <base /> <cache-store duration="600" /> </outbound> <on-error> <base /> </on-error> </policies>

Please let me know if you need further assistance.
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-03-28T07:05:15.9266667+00:00

Hello Bi Tan,

Following up to see if you have a chance to check my previous response and helped do let me know if you have any further questions on this.
Bi Tan 60 Reputation points

2025-04-01T00:39:34.1666667+00:00

Hi @Shireesha Eeraboina , thank you for looking into this and your suggestion on my issue.

I have added <vary-by-header>Ocp-Apim-Subscription-Key</vary-by-header> as you suggested, but it isn't working as expected. Now, when I use 1) different subscription keys of the same API product, and 2) different subs keys of the different API products consecutively, both scenarios are still resulting to cache misses.

The Cache Key generated from (bolded the cache key sections that are different):

API Product A, Subs key 1:

"cacheKey": "3_abc.azure-api.net.12_data-premium.86443w-data;rev=12.194748_get-data.194749_8_https_abc.azurewebsites.net_443/api/data-api?dataType=Combined&pageNumber=1&Id=201001&::Ocp-Apim-Subscription-Key=fcffxxxxxxxxxxxxxxxxxxxxxxxx"

API Product A, Subs key 2:

"cacheKey": "3_abc.azure-api.net.12_data-premium.86443w-data;rev=12.194748_get-data.194749_8_https_abc.azurewebsites.net_443/api/data-api?dataType=Combined&pageNumber=1&Id=201001&::Ocp-Apim-Subscription-Key=5066xxxxxxxxxxxxxxxxxxxxxxxx"

API Product B, Subs key 1:

"cacheKey": "3_abc.azure-api.net.12_data.74482w-data;rev=12.194748_get-data.194749_8_https_abc.azurewebsites.net_443/api/data-api?dataType=Combined&pageNumber=1&Id=201001&::Ocp-Apim-Subscription-Key=7671xxxxxxxxxxxxxxxxxxxxxxxx"

Could you please review if there are any other solutions?

On the other hand, if I am understanding the <vary-by-header>Ocp-Apim-Subscription-Key</vary-by-header> correctly, this policy is looking up for the value in the APIM subs key and will keep a cache record if the values from 2 API consecutive calls are different. Hence, my test results above are expected since the subs key from different users should have different values even if it is the same API product. Regardless, the API products are still showing a different cache key if the subs key belongs to a different API Product.
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-04-03T05:00:50.37+00:00

Hello Bi Tan,

I apologize for the delay in my response and thank you for your understanding.

To make caching work regardless of the subscription key or API Product, you need to create a custom cache key that does not include the subscription key.

Use a policy like this:

<set-variable name="customCacheKey" value="@(context.Request.Url.Path + context.Request.Url.QueryString)" /> <cache-lookup vary-by-value="@((string)context.Variables["customCacheKey"])" />

This ensures the cache key only includes the URL path and query string, so any user making the same request gets a cache hit, no matter the subscription key or API product.

I hope this addresses your query. Please let me know if you need any further assistance or clarification.
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-04-04T04:13:34.55+00:00

Hello Bi Tan,

Just checking in to see if the information above was helpful. If you have any further updates on this issue, please feel free to post them here.
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-04-07T05:07:47.47+00:00

Hello Bi Tan,

Following up to see if you have a chance to check my previous response and helped do let me know if you have any further questions on this.
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-04-08T06:05:36.78+00:00

Hi Bi Tan,

Thanks for your details.

You're right — to avoid cache misses due to different subscription keys or API products, using <cache-lookup-value> with a custom cache key is the correct approach.

To avoid cache misses due to different query parameter order, make sure to normalize the query string when building the cache key — extract each parameter individually and rebuild it in a consistent order.

Also, if your response body is returning null, double-check the format and how you're reading it. Use .As<string>() or .As<JObject>() depending on your backend response type.

Please let me know if you have any further queries.
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-04-09T03:41:02.0266667+00:00

Hello Bi Tan,

Following up to see if you have a chance to check my previous response and helped do let me know if you have any further questions on this.
Bi Tan 60 Reputation points

2025-04-09T07:29:38.4566667+00:00

Hi Shireesha Eeraboina, your latest response does help with the API Product issue, and I have completed another full testing. However, I found that with the usage of custom key policy, the cache key is now sensitive to the order of the query parameters.

e.g.

/api/data-api?dataType=Combined&pageNumber=1&Id=123123

/api/data-api?dataType=Combined&Id=123123&pageNumber=1

The 2 same requests above now will result in storing 2 cache responses, it won't fetch the response from the cache if I call both API requests consecutively (i.e. cache miss).

Do you know if there is any simple way to address this?

If we add further complexity to the <set-variable name="customCacheKey" value="@(context.Request.Url.Path + context.Request.Url.QueryString)" /> policy, we might able to get it to work regardless of the order of query parameters. However, I'm afraid that it might increase the latency.
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-04-11T05:18:44.31+00:00

Hello Bi Tan,

Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back.
Bi Tan 60 Reputation points

2025-04-16T04:28:52.37+00:00

Hi Shireesha Eeraboina,

Thanks for your suggestion, with the sorted query string, I have tested that the solution is now working as I was hoping. Thank you for your assistance.

In summary, I ended up using <cache-lookup-value> and <cache-store-value> policies + the normalized query parameters to create my custom cache key.

A minor change to your suggestion about normalizing the query string, as I am getting an error (p.Name is not valid) while testing. Below is the solution I used:

Thanks again!

<set-variable name="sortedQuery" value="@{ var queryParams = context.Request.Url.Query .OrderBy(p => p.Key) .Select(p => p.Key + "=" + p.Value); return string.Join("&", queryParams); }" /> <set-variable name="customCacheKey" value="@($"{context.Request.Url.Path}?{context.Variables["sortedQuery"]}")" />
Shireesha Eeraboina 2,815 Reputation points Microsoft External Staff

2025-04-16T04:32:43.6133333+00:00

Hello Bi Tan,

Thanks for your response and glad to know that your problem has been resolved. I have converted my comment to answer.

Please accept as Yes if the answer is helpful so that it can help others in the community.

Answer 1

Hi Bi Tan,

Great to hear you’ve made progress!

You’re right when using a custom cache key, query parameter order can cause cache misses since the raw query string is treated as-is. To handle this and avoid duplicate cache entries, we recommend normalizing the query parameters by sorting them alphabetically before building the cache key.

Here’s how you can do it:

<set-variable name="sortedQuery" value="@{
    var queryParams = context.Request.Url.Query
        .OrderBy(p => p.Name)
        .Select(p => p.Name + "=" + p.Value);
    return string.Join("&", queryParams);
}" />
<set-variable name="customCacheKey" value="@($"{context.Request.Url.Path}?{context.Variables["sortedQuery"]}")" />

Then use this customCacheKey with your <cache-lookup-value> and <cache-store-value> policies as before. This ensures a consistent key regardless of parameter order and avoids extra latency.

You can also refer to these documentation here for working with custom cache keys:

Azure API Management caching policies

I hope this addresses your query. Please let me know if you need any further assistance or clarification.

Share via

APIM caching inbound policy does not work with API request made from different API Product

0 additional answers

Your answer