Skip to main content

Overview

OWASP Nest uses django-redis to cache REST API responses in Redis. Caching reduces database load and speeds up responses for high-traffic list and detail endpoints.

Cache configuration

The cache backend is configured in settings/base.py: 
CACHES = {
    "default": {
        "BACKEND": "django_redis.cache.RedisCache",
        "LOCATION": "redis://<REDIS_HOST>:6379",
        "OPTIONS": {
            "CLIENT_CLASS": "django_redis.client.DefaultClient",
        },
        "TIMEOUT": 300,  # 5 minutes (default)
    }
}
The global default timeout is 5 minutes. API response caching uses a longer TTL defined by API_CACHE_TIME_SECONDS: 
API_CACHE_PREFIX = "api-response"
API_CACHE_TIME_SECONDS = 86400  # 24 hours
All cached API keys are namespaced under the api-response prefix.

What gets cached

REST API responses

Every REST v0 endpoint is wrapped with the @cache_response() decorator from apps/api/decorators/cache.py. Responses are cached for 24 hours and keyed by the full request URL including query parameters. This means the following are all cached independently:
  • GET /api/v0/projects/ — first page
  • GET /api/v0/projects/?page=2 — second page
  • GET /api/v0/projects/Nest — project detail
  • GET /api/v0/chapters/?country=US — filtered list

GraphQL responses

GraphQL queries are not cached at the transport layer. The DjangoOptimizerExtension from strawberry-graphql-django optimizes SQL queries to reduce database round-trips, but response-level caching is handled by the Next.js frontend (Apollo Client).

Cache invalidation

The cache is not automatically invalidated when data changes. To clear the cache manually: 
make clear-cache
This runs python manage.py clear_cache inside the nest-backend container.
Because API responses are cached for 24 hours, newly synced data may not be visible to REST API consumers until the cache expires or is cleared manually.

Redis configuration

Redis is shared between the cache layer and the Django RQ task queue (on a separate Redis database index). Configure the Redis connection using these environment variables:
VariableDescription
DJANGO_REDIS_HOSTHostname of the Redis server
DJANGO_REDIS_PASSWORDRedis authentication password
DJANGO_REDIS_AUTH_ENABLEDWhether Redis requires authentication (True/False)
See Environment variables for the full reference.

Build docs developers (and LLMs) love

Get started for freeTalk to us