Azure API Management Service Policies


Policies are a powerful capability of Azure API Management that allow changing the behavior of the API through configuration.

Policies are collection of statements that are executed sequentially on the request or response of an API.

Before starting, please read my previous blog on how to get start with Azure management service.

There are many policies available in Azure API Management Service, in this blog I’m going to explain how to apply cache-lookup and cache-store policies.

Caching policies:

We have Response and value caching polices in API Management.

Response caching policies

  1. Get from cache
  2. Store to cache

Get from cache

It performs a cache lookup and return a valid cached response when available.

The cache-lookup policy can be applied when response content remains static over a period of time. It reduces the bandwidth a process requirement imposed on the back-end web server and lower latency perceived the API consumers.

This policy must have a corresponding store to cache policy.

Go to your Azure API management service in Azure portal. You can apply the polices at different level of scope, here I will explain how to apply the policy for particular API.

Select the API blade and select the particular API where you need to apply the cache policy.

Click on Add Policy from inbound processing section, and select cache-lookup template from the list, the corresponding cache-store policy will be applied for outbound processing as shown in below figures.

Cache-lookup script

        <base />
        <cache-lookup vary-by-developer="false" vary-by-developer-groups="false" downstream-caching-type="none" />
        <base />
        <base />
        <cache-store duration="3600" />
        <base />


  it’s a mandatory root element


   Is set to false. Set to true to cache responses per developer account that owns subscription key included in the request.


   Is set to false. Set to true to cache responses per user group.

cache-store duration

     Is set to 3600 seconds. It caches the response (Time -to-live) for 3600 seconds after that it will invalidate.

Save all the changes, and test the API, check the response time and you will see a big difference in the response time.

Policy Scope

Global Scope – affects all APIs within the instance of API Management

Product Scope– manage access to the product as a single entity

API Scope – affects only a single API

Operation Scope – affects only one operation within the API.

In this example I have applied operation scope. I have applied the cache policy only for GetAllCities API.

Test the GetAllCities from portal can observe the improvement in the response time.


We have seen what is the API Management Policies, what is caching policies and finally how to apply the policies for the operators. We will see more about policies in my next blog.


Leave a Reply

%d bloggers like this: