Stay organized with collections
Save and categorize content based on your preferences.
Use the update-cache request to update and remove content from the Google AMP Cache.
Currently, update-cache only ensures that the content is updated within its
max-age, which means the maximum amount of time a resource will be considered fresh.
The update-cache request requires the domain owner to
sign the requests with an RSA key and to serve the matching public key from a standard URL on the origin domain.
You can flush any currently cached version of a document by issuing a signed
request to the AMP Cache. The update-cache request is called at this address:
This parameter represents a UNIX-epoch timestamp, which is
used to prevent replay
attacks. The value should be the current time in seconds, which must be within 1 minute before or
after the current time.
amp_url_signature=<sig_val>
Required
This parameter represents the RSA signature of
the entire request path (see Generate the RSA key),
including amp_action and amp_ts, but excluding the signature
itself.
Guidelines
You must follow the update-cache guidelines:
The AMP Cache hostname (cdn.ampproject.org) is excluded from the signature
to allow submitting the same signed request to multiple AMP Cache operators.
For signature verification, you must serve the public RSA key at a fixed
location on the AMP document's domain (to generate the key, see
Generate the RSA key). For example:
The domain must be the exact domain that you want to update, not a sub or
super domain.
You must publish the key in PEM format and serve the key with the
content-type "text/plain".
The AMP Cache always fetches the public key from the same domain of the
request, regardless of the domain specified by the document via any rel=canonical
tag. If the origin domain serves an HTTP redirect at the location to be
flushed, only the requested path is flushed from cache, and not the target of
the redirect.
Update or remove content
You can use update-cache to update or permanently remove content from the Google AMP Cache
after the content has been removed from its origin. To update or remove content, follow the steps below:
Fetch the following file:
https://cdn.ampproject.org/caches.json
Iterate through the entries in the caches entries in the JSON file.
Select the caches that you want to support.
Call theupdate-cache request using the updateCacheApiDomainSuffix from each cache entry.
The OpenSSL project provides
command-line tools to generate and manage asymmetric RSA keys. You can also
generate RSA keys and manage them programmatically through the OpenSSL library, or an
equivalent crypto API (node-crypto, NSS, or GnuTLS).
Generate a pair of RSA keys in the textual PEM format like
this:
If you want to update your RSA key, you can access the RSA key through the AMP Cache
link and Google may crawl your new RSA key within several hours. Here is the AMP Cache link:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2023-08-30 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eupdate-cache\u003c/code\u003e request enables you to update or remove content from the Google AMP Cache by issuing a signed request to the AMP Cache, ensuring content is refreshed within its \u003ccode\u003emax-age\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eTo utilize the \u003ccode\u003eupdate-cache\u003c/code\u003e request, domain owners must sign requests with an RSA key and make the corresponding public key accessible from a specific URL on their origin domain.\u003c/p\u003e\n"],["\u003cp\u003eThe request URL structure includes parameters like timestamp, signature, and domain details, allowing for targeted cache updates or removals based on specific AMP content.\u003c/p\u003e\n"],["\u003cp\u003eGenerating and managing RSA keys for signing and verifying \u003ccode\u003eupdate-cache\u003c/code\u003e requests can be achieved using OpenSSL tools or similar cryptographic APIs, ensuring secure communication.\u003c/p\u003e\n"],["\u003cp\u003eFor key updates, accessing the RSA key via the provided AMP Cache link facilitates Google's crawling and recognition of the new key within a few hours.\u003c/p\u003e\n"]]],["To update or remove content from the Google AMP Cache, use the `update-cache` request. This requires domain owners to sign requests with an RSA key and serve the public key at `https://example.com/.well-known/amphtml/apikey.pub`. Requests, directed to an AMP Cache domain, must include parameters such as the domain, `amp_ts` (timestamp), and a signature (`amp_url_signature`). The key generation involves using OpenSSL to create and sign with the private key, verify with the public key, and format with web-safe Base64.\n"],null,["Use the `update-cache` request to update and remove content from the Google AMP Cache.\nCurrently, `update-cache` only ensures that the content is updated within its\n[max-age](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control), which means the maximum amount of time a resource will be considered fresh.\n\nThe `update-cache` request requires the domain owner to\nsign the requests with an RSA key and to serve the matching public key from a standard URL on the origin domain.\n\n\nYou can flush any currently cached version of a document by issuing a signed\nrequest to the AMP Cache. The `update-cache` request is called at this address: \n\n```\nhttps://example-com.\u003ccache.updateCacheApiDomainSuffix\u003e/update-cache/c/s/example.com/article?amp_action=flush&_ts=\u003cts_val\u003e&_url_signature=\u003csig_val\u003e\n```\n| A previous API called `update-ping` has been deprecated.\n\nParameters\n\n\nThe `update-cache` request requires the following parameters and values:\n\n| Parameters ||\n|--------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `example-com` and `example.com` | **Required** The domain name specified according to the formats used in the [AMP cache URL format](/amp/cache/overview#amp-cache-url-format). |\n| `\u003ccache.updateCacheApiDomainSuffix\u003e` | **Required** The domain name of the AMP Cache. See [Call the `update-cache` request](#call-the-update-cache) for more information. |\n| `amp_ts=\u003cts_val\u003e` | **Required** This parameter represents a UNIX-epoch timestamp, which is used to prevent [replay attacks](https://en.wikipedia.org/wiki/Replay_attack). The value should be the current time in seconds, which must be within 1 minute before or after the current time. |\n| `amp_url_signature=\u003csig_val\u003e` | **Required** This parameter represents the RSA signature of the entire request path (see [Generate the RSA key](#rsa-keys)), including `amp_action` and `amp_ts`, but excluding the signature itself. |\n\nGuidelines\n\nYou must follow the `update-cache` guidelines:\n\n- The AMP Cache hostname (cdn.ampproject.org) is excluded from the signature to allow submitting the same signed request to multiple AMP Cache operators.\n- For signature verification, you must serve the public RSA key at a fixed location on the AMP document's domain (to generate the key, see [Generate the RSA key](#rsa-keys)). For example: \n\n ```\n https://example.com/.well-known/amphtml/apikey.pub\n ```\n- The public key must not be [roboted](https://en.wikipedia.org/wiki/Robots_exclusion_standard).\n- The URL must be HTTPS.\n- The domain must be the exact domain that you want to update, not a sub or super domain.\n- You must publish the key in PEM format and serve the key with the content-type \"text/plain\".\n- The AMP Cache always fetches the public key from the same domain of the request, regardless of the domain specified by the document via [any rel=canonical\n tag](https://amp.dev/documentation/guides-and-tutorials/optimize-and-measure/discovery). If the origin domain serves an HTTP redirect at the location to be flushed, only the requested path is flushed from cache, and not the target of the redirect.\n\nUpdate or remove content\n\n\u003cbr /\u003e\n\nYou can use `update-cache` to update or permanently remove content from the Google AMP Cache\nafter the content has been removed from its origin. To update or remove content, follow the steps below:\n\n\n1. Fetch the following file: \n\n ```\n https://cdn.ampproject.org/caches.json\n ```\n2. Iterate through the entries in the `caches` entries in the JSON file.\n3. Select the `caches` that you want to support. **Note**: You can support all caches, only Google caches, or a set of your choice.\n4. Call the `update-cache` request using the `updateCacheApiDomainSuffix` from each `cache` entry.\n5. Construct the URLs using the following format: \n\n ```\n https://example-com.\u003ccache.updateCacheApiDomainSuffix\u003e/update-cache/c/s/example.com/article?amp_action=flush&_ts=\u003cts_val\u003e&_url_signature=\u003csig_val\u003e\n ```\n\nGenerate the RSA key\n\nThe [OpenSSL](https://www.openssl.org/) project provides\ncommand-line tools to generate and manage asymmetric RSA keys. You can also\ngenerate RSA keys and manage them programmatically through the OpenSSL library, or an\nequivalent crypto API (node-crypto, NSS, or GnuTLS).\n\n1. Generate a pair of RSA keys in the textual PEM format like this: \n\n ```\n openssl genrsa 2048 \u003e private-key.pem\n openssl rsa -in private-key.pem -pubout \u003epublic-key.pem\n ```\n2. Post the public key on the domain to be refreshed at the following location: \n\n ```\n https://example.com/.well-known/amphtml/apikey.pub\n ```\n\n The URL must be HTTPS. The key must be publicly accessible by an anonymous\n user.\n3. Use the private key to sign the `update-cache` request. For example: \n\n ```\n echo -n \u003e url.txt \"/update-cache/c/s/example.com/article?amp_action=flush&_ts=$(date +%s)\" && cat url.txt | openssl dgst -sha256 -sign private-key.pem \u003e signature.bin\n ```\n\n The output to signature.bin is a binary RSA signature.\n4. Use the public key to verify the signature: \n\n ```\n openssl dgst -sha256 -signature signature.bin -verify public-key.pem url.txt\n ```\n5. Encode the binary RSA signature using the [web-safe variant of\n base64](https://en.wikipedia.org/wiki/Base64#URL_applications): \n\n ```\n cat signature.bin | base64 -w0 | tr '/+' '_-' | tr -d '=' \u003e base64.txt\n ```\n6. Append the base64-encoded RSA signature to the URL using the `amp_url_signature` query parameter. \n\n ```\n echo \"$(cat url.txt)&_url_signature=$(cat base64.txt)\"\n ```\n\nUpdate the RSA key\n\nIf you want to update your RSA key, you can access the RSA key through the AMP Cache\nlink and Google may crawl your new RSA key within several hours. Here is the AMP Cache link: \n\n```\nhttps://example-com.\u003ccache.updateCacheApiDomainSuffix\u003e/r/s/example.com/.well-known/amphtml/apikey.pub\n```\n\n\u003cbr /\u003e"]]