Caching 1.2B+ API calls and counting
Stop paying twice for the same API call
API CACHE is a drop-in, encrypted caching layer for the metered APIs you already pay for. Swap one base URL — repeat calls are answered from our edge in single-digit milliseconds and never reach your provider's bill.
NO CODE CHANGES BEYOND ONE URL · FREE TIER · CANCEL ANYTIME
Hits served
18,402,311
Saved today
£41,209.62
p99 hit latency
9ms
0.00B
cached calls served
£0.0M+
saved off customer API bills
0.0%
average cache hit ratio
0ms
p99 in-region hit latency
How it works
Integration is a one-line diff
Register your API
Add any HTTP API as an origin — the base URL, optional vaulted credentials, and how long each route's responses stay fresh. Sensible defaults are applied instantly.
Swap one URL
Point your code at your private edge endpoint instead of the provider. Headers, auth and query strings pass straight through. Nothing else in your codebase changes.
We absorb the repeats
The first call fetches from the origin and is encrypted into your cache. Every identical call after that is a HIT — served in milliseconds, never billed by your provider.
// before — every call is billed
- const BASE = "https://api.provider.com/v2";
// after — repeats served from your cache
+ const BASE = "https://edge.apicache.co.uk
+ /acme/companies-api/v2";✓ Responses cached with AES-256-GCM under your tenant key
✓ Identical requests resolve in ≤ 10ms p99 in-region
✓ Misses pass through untouched — we only bill hits
Platform
A serious caching engine, not a lucky proxy
Everything you would have to build in-house — key design, freshness policy, invalidation, credential handling, observability — running as managed infrastructure on UK edge regions.
Smart cache keys
Method, canonical path, sorted query, selected headers and optional body hash — so POST-based query APIs cache just as well as GETs, and near-identical requests collapse into one entry.
Per-route TTL rules
Default freshness per origin, overridden per route pattern. FX rates for 60 seconds, company records for 7 days — expressed in one rule line each.
Stale-while-revalidate
Callers always get an instant answer. Entries approaching expiry are refreshed in the background, so your hit ratio stays high even on volatile data.
Instant global purge
Invalidate by key, route pattern or entire origin from the dashboard or API. Propagates to every edge node worldwide in under a second.
Encrypted key vault
Store origin credentials once, write-only, KMS-backed. Your services call the edge with scoped API CACHE tokens and never handle provider secrets again.
Savings analytics
Tell us what each origin charges per call. The dashboard turns hit counts into pounds saved — per origin, per route, per day — next to latency percentiles and bandwidth.
Security
Built like it holds your production traffic
A cache sits in the middle of your most valuable data flows. That's why isolation and encryption at API CACHE are structural properties of the architecture, not settings.
Every stored byte
AES-256-GCM
per-tenant envelope keys · automatic rotation · KMS-held root
Every connection
TLS 1.3
modern ciphers only · HSTS preloaded · mTLS on Enterprise
▪Structural tenant isolation
Your tenant ID is baked into every cache key, storage namespace and encryption key derivation. A cross-tenant cache hit is cryptographically impossible — not merely filtered out.
▪Encrypted end to end
TLS 1.3 only on the edge and to origins, HSTS preloaded. Every cached body and vaulted credential is sealed with AES-256-GCM under per-tenant data keys, envelope-encrypted and rotated automatically in a managed KMS.
▪Your payloads stay yours
We store bytes; we don't parse, mine or profile response content. Analytics are computed from metadata only — sizes, timings, status codes. Authorization, Cookie and Set-Cookie headers are never stored.
▪Caching that respects the rules
Responses marked Cache-Control: no-store or private are passed straight through by default. You explicitly opt routes in — never the other way round.
▪Scoped, revocable tokens
Per-environment tokens, scoped per origin, hashed at rest, shown once, revocable instantly — with last-used tracking and a full immutable audit log of every config change and purge.
▪UK data residency
Cached data is pinned to your chosen region — the UK by default — and never replicated outside it. Origin fetch paths honour the same boundary.
Pricing
You only pay when we save you money
Misses — the calls that go to your provider — are free. We bill only cached calls served, metered by volume and payload size band.
Developer
£0
forever
- 100,000 cached calls / month
- Payloads up to 64 KB
- 2 origins · 1 region
- Community support
Business Flat
£150 /mo + VAT
one fixed line on your P&L
- 5,000,000 cached calls / month
- Payloads up to 256 KB
- Unlimited origins · 10 seats
- 99.9% SLA · priority support
- Overage metered or hard-capped — your choice
Metered
£0.29 /10k
band-S cached calls, pay-as-you-go
- Payload bands S–XL (×1 to ×10)
- Volume breaks at 10M / 50M / 250M
- Unlimited origins
- Scales to enterprise custom terms
FAQ
Fair questions, straight answers
Does this work with any API?+
Any HTTP or HTTPS API that returns cacheable responses — JSON, XML, or arbitrary bytes. GETs cache out of the box; POST-based query APIs (search, enrichment, inference) are supported via request-body hashing. Anything the origin marks no-store is passed straight through untouched unless you explicitly opt the route in.
How do you avoid serving me stale data?+
You set freshness per route — 60 seconds for FX rates, 7 days for company records. Stale-while-revalidate refreshes entries in the background before they expire, and you can purge any key, pattern or origin globally in under a second from the dashboard or API.
What happens to my authentication headers?+
Two modes. Passthrough: your Authorization header travels to the origin and is never stored. Vaulted: you store the origin credential once in our KMS-backed vault and your services stop handling it entirely — they authenticate to us with scoped, revocable API CACHE tokens instead.
Can another customer ever see my cached responses?+
No. Your tenant ID is part of the cache key, the storage namespace and the encryption key derivation. There is no code path in which one tenant's key can address — let alone decrypt — another tenant's data.
What counts as a billable call?+
Only hits — requests we answer from cache, saving you an origin call. Misses, purges and validation requests are free. Each hit is metered by the payload size band of the stored response (S ≤16 KB ×1, M ≤64 KB ×2, L ≤256 KB ×4, XL ≤1 MB ×10).
What if my provider's terms restrict caching?+
You stay in control: caching is configured per origin and per route by you, and our default behaviour honours the origin's own Cache-Control directives. Many providers explicitly encourage client-side caching — it reduces their load too. Check your provider's terms; most usage-billed APIs permit it.
What happens if API CACHE is down?+
Our edge is multi-node per region with a 99.9% SLA on Business Flat and above. For belt-and-braces, our SDK snippet supports origin fallback: if the edge is unreachable your client calls the provider directly, exactly as before.
Get started
Your first 100,000 hits are on us
Register an origin, swap one URL, and watch the savings counter move within minutes. No card required on the Developer tier.