PingOne

Authorization service caching

Caching improves decision evaluation performance by storing data retrieved from services for faster retrieval on subsequent service requests.

By reducing the number of service calls the decision service makes to satisfy decision requests, caching improves latency and throughput. Services whose responses change infrequently are good candidates for caching.

If you’re using an Authorize gateway for decision evaluations, refer to Service caching and timeouts for Authorize gateway instances.

How service caching works

When the decision service makes a service request, it generates a unique cache key from service settings and interpolated attribute values. It then checks the cache for a key match:

  • If a match is found, the corresponding cached response is returned.

  • If no match is found, the backend service is called and the response is stored under the new key.

The decision service invokes the service and caches the response under a new key when a value in the service request changes. This can occur, for example, when the request body includes a new parameter or when a header value changes.

PingOne Authorize caches service responses for the period of time defined in the service’s Time to live setting. New cache keys are generated when you change any service setting and publish a new version. Reverting to previous settings could restore an older cache key and its cached response. If the restored cache key is still within its time-to-live (TTL), the service could return an outdated response until the cached entry expires or is refreshed.

Cache values are stored in memory and don’t persist during a restart or outage.

You can’t clear the cache manually.

The service response size limit is 1 MB. Learn more about service limits in Service configuration constraints.

Configuring service caching

You can configure cache settings for individual services when you add or edit a service.

To prevent unnecessary cache misses, you can exclude certain HTTP headers from the cache key. This is useful for headers that are unique to each request, vary occasionally, or have no effect on the service response. Learn more in Connecting a service.

Service cache settings in PingOne Authorize override any Cache-Control headers in the HTTP response. This can result in:

  • Caching service responses even when headers specify the no-cache or no-store directives

  • A delay in retrieving updated service responses because the cache isn’t updated until it expires