The Fast Purge API

The Fast Purge API (formerly known as the Content Control Utility, or CCU, v3) provides a programmatic interface for you to purge edge content. In this version, you can purge by one or more URLs, Content Provider (CP) codes, or cache tags.

For users of the legacy Content Control Utility REST API, this API leverages the Fast Purge Utility via Luna authentication. The Luna Control Center provides a graphical interface to the Fast Purge Utility for content administrators.

For more information about Fast Purge, see CCU API Concepts.

Who Should Use This API

The Fast Purge API is a simple API that enables purging content at the edge. It allows developers and architects to purge individual URLs or grouped content via CP code or Cache Tag within approximately five seconds.

The API also comes with a CLI version that you can set up as a task within automation tools such as CircleCI or Jenkins.

For more information on content control using TTL (Time to Live) methods, refer to Time to Live (TTL) in Cache: Methods and Considerations.

Getting Started

To get started with this API:

  • Review the API Introduction section on available tools.

  • Review API Provisioning to create your API access credentials and authorizations. When creating, adding, and naming clients for API access, do so under CCU APIs, not Luna APIs. Note that you can select all CP codes when configuring your API credentials. This means all current and future CP codes on the current contract, not all CP codes on the account.

  • Get help from our developer community or Technical Support, and provide feedback. You can also contact your account representative for support. We want to hear from you!

Fast Purge API Concepts

This section describes the conceptual objects you deal with when interacting with this API, and provides pointers to where you can learn more.

  • Fast Purge: The Fast Purge utility completes purge requests within approximately five seconds. Fast Purge supports requests to invalidate or delete URLs and CP codes on Akamai Staging and Production networks. You should typically Invalidate, as it will cause the edge server to treat content as though its TTL has expired. You should use Delete for compliance- or copyright-related purge requests, as it completely removes all content from servers.

    • Invalidation: Content invalidation, or refresh request, is the default purge action in most cases. An invalidation purge action causes Akamai edge servers to send an If-Modified-Since (IMS) request to the origin on subsequent requests for invalidated content. If the timestamp of the object at the origin is more recent than the one in cache, the latter is replaced by the new object from the origin. Otherwise, it is re-validated for the duration of the TTL. If an object does not have a Last-Modified header, a regular GET request is sent to origin.

    NOTE: To avoid serving stale content, ensure the Last-Modified-Timestamp (LMT) value on the origin server is updated to a newer timestamp than the LMT value of the current object.

    • Deletion: The purge action that removes the object from cache so that it is no longer available to be served to clients.Deletion operations result in an expensive GET request to the origin server, and prevents Akamai from serving this content stale if the origin server is down.
  • Content Provider (CP) Code: A CP code identifies a set, typically a subset, of content on your origin server. CP codes also provide additional granularity in reports and to track billing. Each contract has at least one CP code associated with it. You cannot apply the same CP code to content under more than one contract. If you are using Property Manager, see the Property Manager API (PAPI) to retrieve a list of CP codes available for a selected contract and group. PAPI also allows you to generate new CP codes, assign them to properties, and apply them within property rules.

  • Cache Key: The cache key is an index entry for an object in cache. By default, Akamai uses the entire uniform resource identifier (URI) and query string to identify cached objects. You can specify a custom cache key to cache different versions of an object based on differences in query parameters and other differences such as variations in device characteristics..

  • Cache Tag: An opaque label applied to content from the origin by way of the Edge-Cache-Tag header. Once a set of objects have been cached with a tag, they can be purged together with a single Fast Purge API call. You can apply many tags to any object, allowing you to purge by any overlapping set of classifications you define, such as black-friday, flash-sale, electronics, laptops, tablets. If an object matches any one of the tags in a purge request, then its cache will be refreshed. Note that cache tags are case-sensitive.

Cache tag constraints:

  • If there are multiple Edge-Cache-Tag headers in the origin response, only the first is considered.

  • Tags in headers are derived from the ABNF token format. (see RFC 7230). Prohibited tag characters are whitespace characters or any of the following: *"(),:;<=>?@\[]{}

  • Tag names cannot exceed 128 bytes.

  • Use commas to delimit more than one value in the Edge-Cache-Tag header.

  • End users do not receive the Edge-Cache-Tag header.

Sample Code and Use Cases

For sample code related to this API, see the api-kickstart repository.

For sample use cases, see the examples folder in the api-kickstart repository. It is continually being updated with new examples for Akamai APIs.

Rate Limiting

This API uses rate controls to limit the number of API requests a single client can make per second.

Purge Type API Calls Purge Type Specific
Purge by URL 50 requests/sec 10K URLs/min
Purge by CP Code 50 requests/sec 1K CP codes purged per hour
Purge by Cache Tag 50 requests/sec 5K unique tags purged per hour

To purge more objects while remaining within defined limits, you should combine multiple objects into a single API call. A single API call may contain many objects of the same type, as long as the request body is smaller than 50,000 bytes.

When a client exceeds its allotted limit, the API responds with a 429 error, with various rateLimit* JSON members in the response body and X-Ratelimit* headers providing details.

HTTP/1.1 429 Too Many Requests
Date: Thu, 01 Mar 2018 19:26:25 GMT
Content-Length: 171
X-Ratelimit-Remaining: 0
X-Ratelimit-Limit-Per-Second: 30
X-Ratelimit-Limit: 100
Content-Type: text/html

    "status": 429,
    "rateLimitRemaining": 0,
    "supportId": "17RY1519390080947214-211628496",
    "rateLimit": 100,
    "title": "Rate Limit exceeded",
    "rateLimitCurrentRequestSize": 1

In addition, the API uses firewall rules to guard against DoS level traffic flows. These rules take effect when a single client attempts to submit hundreds of requests per second. The API responds with a 400 error for WAF rate-controlled clients.

HTTP/1.1 400 Bad Request
Content-Length: 427
Date: Thu, 01 Mar 2018 18:46:03 GMT
Connection: close
Content-Type: application/problem+json

    "type": "",
    "title": "Bad request",
    "status": 400,
    "detail": "WAF deny rule IPBLOCK-BURST4-27754",
    "instance": "",
    "method": "POST",
    "serverIp": "",
    "clientIp": "",
    "requestId": "1dd8d22",
    "requestTime": "2018-03-01T18:46:03Z"

Last modified: 6/14/2018