LOG IN SIGN UP
Documentation

Authenticating URL purge requests via API

Fastly's URL purge feature allows you to purge individual URLs on your website. By default, authentication is not required to purge a URL with the Fastly API, but you can enable API key authentication in the Fastly application by adding a header or by using custom VCL.

Enabling authentication in the Fastly Application

You can enable API key authentication for URL purge requests by adding a header and optionally attaching a condition in the Fastly application.

Adding the header

  1. Log in to the Fastly application.
  2. Click configure (the wrench icon at the top of the window).
  3. From the Services menu, select the appropriate service.
  4. Click the blue Configure button.
  5. Click the Content pane from the list on the left.

    the Content pane

  6. In the Headers area, click New. The New Header window appears.

    New Header window

  7. Fill out the New Header window as follows:

    • In the Name field, type the name of your header rule (for example, Fastly Purge).
    • From the Type menu, select Request, and from the Action menu, select Set.
    • In the Destination field, type http.Fastly-Purge-Requires-Auth.
    • In the Source field, type "1".
    • From the Ignore If Set menu, select No.
    • In the Priority field, type 10.
  8. Click Create.

Attaching a condition

Attaching the following condition is optional. Without the condition, the header you just created will be added to all requests. With the condition, the header will be added to purge requests only.

  1. In the Headers area, click the gear icon next to the new header you just created, and select Request Conditions.
  2. Click the New button to create a new condition. The New Condition window appears.

    New Condition window

  3. Fill out the New Condition window as follows:

    • In the Name field, type a descriptive name for the new condition (for example, Purge).
    • In the Apply If field, type req.request == "FASTLYPURGE".
    • In the Priority field, type 10.
  4. Click Create.

  5. Activate the new version of your service.

Enabling authentication with custom VCL

If you'd rather enable API key authentication for URL purge requests using custom VCL, add the following to your VCL file:

if (req.request == "FASTLYPURGE") {
  set req.http.Fastly-Purge-Requires-Auth = "1";
}

Purging URLs with an API key

After you've enabled API key authentication for URL purge requests, you'll need to provide your API key in the URL purge API request:

curl -X PURGE -H Fastly-Key:$FASTLY_KEY https://www.example.com/

which would return this response:

{"status": "ok", "id": "1234567890"}