Some types and fields can contain data that is specific to a certain user. Cached query results that contain those types (or fields) should not be returned to any other user.

In order to handle this scenario, you can define "scopes" in your service which let you scope (hence the name) cached query results to specific headers and/or cookies.

Every service has a special PUBLIC scope it uses by default. This scope returns the same cached results for all users.


You can define scopes for your service based on the header and/or cookie your users use to authenticate. For simplicity's sake, we are going to show examples using the configuration file, however, you can define scopes via the UI as well.

  AUTHORIZATION_HEADER: 'header:Authorization'
  SESSION_COOKIE: 'cookie:session'

Unless you are certain you want to cache them separately, combine all your authentication methods into a single scope with a pipe (|, which means "or") to avoid having to create excessive rules.

  AUTHENTICATED: 'header:Authorization|cookie:session'


Header names are case-insensitive, cookie names are case-sensitive.

Using scopes

To set the scope a certain query result should be cached by, create a cache rule for the types you want to cache separately per-user (see Cache Rules for more information):

  - description: 'Cache any user-specific data per-user'
      User: true

Now any query result that contains any User will be cached with the corresponding cookie and/or header of the AUTHENTICATED scope and will only be returned for the same requester. Users that aren't authenticated will still get the same cached results.

Did this page help you?