
Explanation:

Box 1: Inbound.
A set-variable policy to store the detected user identity.
Example:
< policies >
< inbound >
< !-- How you determine user identity is application dependent -- >
< set-variable
name= " enduserid "
value= " @(context.Request.Headers.GetValueOrDefault( " Authorization " , " " ).Split( ' ' )[1].AsJwt()?.
Subject) " / >
Box 2: Inbound
A cache-lookup-value policy
Example:
< inbound >
< base / >
< cache-lookup vary-by-developer= " true | false " vary-by-developer-groups= " true | false " downstream- caching-type= " none | private | public " must-revalidate= " true | false " >
< vary-by-query-parameter > parameter name < /vary-by-query-parameter > < !-- optional, can repeated several times -- >
< /cache-lookup >
< /inbound >
Box 3: Outbound
A cache-store-value policy.
Example:
< outbound >
< base / >
< cache-store duration= " 3600 " / >
< /outbound >
Box 4: Outbound
A find-and-replace policy to update the response body with the user profile information.
Example:
< outbound >
< !-- Update response body with user profile-- >
< find-and-replace
from= ' " $userprofile$ " '
to= " @((string)context.Variables[ " userprofile " ]) " / >
< base / >
< /outbound >
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-caching-policies
https://docs.microsoft.com/en-us/azure/api-management/api-management-sample-cache-by-key