When the API returns an error (especially "Unauthorized"), it should be cached. There's no point in hitting the API with the same request that returned such error again.