Varnish Logo
SignupLogin
Varnish Logo

Purge Tokens

Authenticate your purge requests using workspace-wide JWT or Basic Auth tokens. Securely authorize external systems to invalidate cached content across all your services.

Purge Tokens are used to authenticate purge requests to Varnish CDN. They provide a secure way to allow authorized users or systems to invalidate cached content on the CDN.

Purge Tokens can be created as either only a JWT token used as a bearer token in the Authorization header. It is also possible to add a token with support for basic authentication with user and password.

Purge tokens are global for your workspace and can be used with all services. The purge limits are however restricted per service.

When purging via the dashboard (see Invalidating Cache) there is no need for a purge token and the dashboard will handle the authentication automatically.

Further information for cache invalidation can be seen in the getting-started section.

Creating Purge Tokens

Weather or not you need basic authentication in addition to the JWT token depends on your use case and security requirements. Some systems only support basic authentication, while others can work with bearer tokens.

To create a Purge Token, follow these steps:

  1. Log in to the Varnish CDN dashboard.
  2. Navigate to the "Settings" for your workspace.
  3. Go to the "Purge Tokens" section.
  4. Click "Create Purge Token".
  5. Provide a name for the token.
  6. Choose expiration time for the token.
  7. Select "Enable basic auth" if that is required. 7a. If basic auth is enabled, provide a username and password.
  8. Click "Save"
  9. Take note of the JWT token. It's a long string that will only be visible once.

Note that once a token is expired, it cannot be extended or reactivated. You will need to create a new token if you require continued access.

Using Purge Tokens

Examples using curl (replace <your-jwt-token> with the actual token and <your-domain> and <path-to-purge> with the appropriate values).

Using JWT Token

terminal
export PURGER_URL="https://purger.varnish-cdn.com/api/v1/invalidations/basic" \
curl -X PURGE "$PURGER_URL/<your-domain>/<path-to-purge>" \
  -H "Authorization: Bearer <your-jwt-token>" \
  -H "X-Vcdn-Keys: path:/content/my-image.png" \

Using user/password (Basic Auth)

terminal
export PURGER_URL="https://purger.varnish-cdn.com/api/v1/invalidations/basic" \
curl -X PURGE "$PURGER_URL/<your-domain>" \
  -u "<your-username>:<your-password>" \
  -H "X-Vcdn-Keys: path:/content/my-image.png" \

Managing TLS Certificates

Secure your traffic with Managed TLS via Let’s Encrypt or by uploading your own custom certificates. Ensure encrypted communication for your users with automated issuance and renewal.