Configuring push invalidation for BYO production CDN
Push invalidation automatically purges content on the customer鈥檚 production CDN (e.g. www.yourdomain.com), whenever an author publishes content changes.
Content is purged by url and by cache tag/key.
Setting up push invalidation requires 2 steps:
Configuration
Push invalidation is currently supported for CDNs of the following vendors:
Push invalidation is enabled by adding specific properties to the project鈥檚 configuration (an Excel workbook named .helix/config.xlsx in Sharepoint or a Google Sheet named .helix/config in Google Drive).
The following sections describe the vendor specific properties required to set up push invalidation.
Fastly
Configuration properties:
Create a Fastly API Token
- go to ,
- click on 鈥淐reate Token鈥,
- enter a name (e.g.
"Production Site Purge Token"), - select 鈥淎 specific service鈥 and your production service from the drop-down list,
- check the 鈥淧urge select content (purge_select) 鈥 Purge by URL or surrogate key鈥 check box,
- select 鈥淣ever expire鈥,
- click on 鈥淐reate Token鈥,
- copy the generated token value shown in the pop-up window.
You can validate the credentials with this .
Akamai
Configuration properties
Push invalidation uses the , specifically Delete by URL and Delete by cache tag.
The Fast Purge API credentials consist of
host = akaa-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.luna.akamaiapis.net
client_token = akab-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX
client_secret = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
access_token = akab-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX
They can be generated by following the instructions at .
Identity & Access Management
Create API client
Required group/role permissions:
You can validate the credentials with this .
Cloudflare
Configuration properties
Create an API Token
- go to
- click on 鈥淐reate Token鈥,
- go to 鈥淐reate Custom Token鈥 at the bottom and click on 鈥淕et started鈥
- enter a token name (e.g.
"Production Site Purge Token"), - Permissions: 鈥淶one鈥, 鈥淐ache Purge鈥, 鈥淧urge鈥
- Zone Resources: 鈥淚nclude鈥, 鈥淪pecific zone鈥, 鈥<your production zone>鈥
- click on 鈥淐ontinue to summary鈥
- click on 鈥淐reate Token鈥,
- copy the generated token value.
Note that only sites on the enterprise plan will be surgically purged by url and cache key. A Purge All will be performed instead on non-enterprise sites every time an author publishes a content change.
You can validate the credentials with this .
CloudFront
NB: CloudFront does NOT support purging by cache tag/key. Purge by cache tag/key always triggers a purge all.
Configuration properties
Create the AWS credentials
In the AWS Console, open the IAM dashboard:
Select Users -> Add users:
Enter a user name and check 鈥淎ccess key - Programmatic access鈥:
On the 鈥淪et permissions鈥 pane, click on 鈥淐reate group鈥:
Enter a group name and select the CloudFrontFullAccess policy:
Create the user:
Finally, copy the Access key ID and Secret access key values:
You can validate the credentials with this .
Opt-In Request Header
The production CDN needs to send the following opt-in header to the origin in order to enable long cache TTLs:
X-Push-Invalidation: enabled