Caching
Separate public catalog caching from private and entitlement-sensitive responses.
A
JPublic jobs, companies, blog posts, and context can use framework caching. Authenticated me, checkout, applicant, and access responses must remain user-specific.
Classify the response first
| Response | Shared cache? | Reason |
|---|---|---|
board.context() | Usually | Public identity, theme, and feature configuration |
| Public jobs, companies, blog, salaries | Usually | Same response for every anonymous visitor |
| Search results | Short-lived or uncached | Query-specific and more volatile |
board.me.* | Never | Belongs to the authenticated board user |
| Applications, conversations, employer ATS | Never | Private user or company data |
| Billing, checkout, plans with entitlements | Never | Viewer- and state-sensitive |
| Password-gated reads | Never in a public cache | Depend on the X-Board-Access grant |
The trailing SDK argument is a FetchOptions object. Standard fetch controls such as cache, signal, and headers pass through to the runtime.
1234567891011// Public catalog readconst jobs = await board.jobs.list({ limit: 20, sort: 'newest' },{ cache: 'force-cache' },);// Private account readconst me = await board.me.retrieve(undefined, {cache: 'no-store',headers: { authorization: `Bearer ${accessToken}` },});
Framework-specific extensions such as Next.js cache tags or Cloudflare cf options also pass through. Use only options supported by the runtime and its TypeScript declarations.
Choose invalidation around product behavior
Jobs should become visible within the delay promised by your publishing workflow. A short time-to-live may be enough for catalog pages; a webhook, route revalidation, or tagged invalidation is better when operators expect an immediate publish. Keep sitemap invalidation separate so rebuilding a large catalog does not block page delivery.
Do not cache a 404 longer than the delay between creating a record and publishing its route. Never turn an authorization failure into a shared cached response.
Verify isolation
- Request the same private route as two different users through the production CDN or reverse proxy.
- Confirm the second response cannot contain the first user’s identity, application, billing, or saved-job state.
- Inspect response headers for
private,no-store, or an equivalent cache bypass. - Publish a job and measure how long listing, detail, and sitemap surfaces take to converge.
Production notes
- The SDK does not choose cache policy for you.
- Any request carrying
AuthorizationorX-Board-Accessmust bypass shared caches unless the cache key safely incorporates the credential—which is rarely desirable. - Abort superseded interactive searches with an
AbortSignal; cancellation is also passed to the underlying fetch.
Continue with Security to review credential and redirect boundaries.