I’ve read through the article series on caching APIs, but one thing that seems rather conspicuously left out is strategies for showing data from APIs where different users are allowed to see different things.
Does anyone have some guidance on how to do this securely? In my case, the API calls are cookie authenticated, or else I could probably cache on a per-API-key basis. I’m not sure how to vary on this sanely.
Please sign in to leave a comment.