Akamai CCU V3 Fast Purge
Concept
Akamai是著名的CDN内容提供商。它提供了一套purge的API用于清空Edge Server上的缓存,使客户可以拿到最新的内容。目前在用的是CCU OPEN V2 API,主要是基于XML或JASON的一套REST API。通过调用它,会将相应的purge请求加入一个队列中,同时它也提供了query status的API用于查询purge请求的状态。一般情况下,从提交请求到请求执行完成需要4-7min。
这里想要介绍的是Akamai那边提供的V3版本的API,目前处于Beta阶段。最大的卖点就是Fast Purge - Featuring 5-second purge。
- Purge utility is Fast Purge, if enabled on the account (estimated time is approximately five seconds). If Fast Purge is not properly enabled on the account, the purge is processed using the legacy (v2) CCU version (estimated time is approximately 4–7 minutes).*
- Purges are processed instantaneously - there is no longer a notion of a queue, neither “default” nor “emergency”.*
- You can add objects to a total of 50K per request.*
- You can choose to “invalidate” or “delete”.*
- “production” and “staging” can be purged as separate commands. This is detailed further down in this post.*
- The V3 code will work even before the fast purge is turned on for your properties, so you can implement the code and turn on the functionality as soon as it’s ready. These calls will be redirected to the V2 OPEN API on the back end.*
Usage
Authorize client
OPEN API clients interact with the Akamai Intelligent Platform™ by signing each API request with credentials that are created specifically for each OPEN API client. The scope of the authorization is managed by you. These credentials are analogous to other types of system private data, such as ssh keys, and should be treated with the same care.
The authorization to call an API is managed in the Akamai Luna Control Center; however, not every Luna Control Center user will have permissions to create API authorizations. In order to manage API credentials, a user must have the Admin role in the context (account level or group level) the credentials will be tied to. Different organizations choose to grant this privilege to different classes of users. If you don’t see the Manage APIs menu item in the instructions below, then you may not have permission to manage API authorizations. If you find this to be the case, please consult your local administrator. They can either create the authorization you will need for this exercise, or they may grant you the permission to create API authorizations as appropriate to your organization.
steps
- Create an API client
- Grant that client permission to call the API we are working with
- Save our work to the Akamai Intelligent Platform
- Download the authentication tokens so the local API client can use them to sign the API requests (client-api-kickstart.txt: contains Base URL, Access Tokens, Client token, and Secret)
CCU request
Purge methods (Invalidate or Delete by URL) currently available with this API by task type, as well as an estimated completion time, are as follows:
| Action | Operation | API EndPoint |
|---|---|---|
| Invalidate by URL | POST | /ccu/v3/invalidate/url/{network} |
| Delete by URL | POST | /ccu/v3/delete/url/{network} |
Invalidate by URL
Request:
Response:
Delete by URL
Request:
Response:
Signing API request
The signature is the base64-encoding of the SHA–256 HMAC of the data to sign with the signing key.
You can get an EdgeGrid Request Signature Module.
Signing Key
The signing key is derived from the client secret. The signing key is computed as the base64 encoding of the SHA–256 HMAC of the timestamp string (the field value included in the HTTP authorization header described above) with the client secret as the key.
Example Data to Sign
Raw CCU v3 request:
the data to sign looks like this (\t represents a tab, line breaks added for readability):
More information
https://developer.akamai.com/api/purge/ccu/overview.html
https://developer.akamai.com/introduction/Client_Auth.html