This section provides instructions for sending alerts to Google for testing purposes. This is an iterative process. No alerts will be published in this step of the implementation.
Secure your data
To ensure the authenticity of your critical alerting information, maintain the credibility of our system, and deliver the right data to the public, we require that you secure your data. Your security design and maintenance plan should be in place before you send any data.
You may use HTTP provided that you use digital signatures to sign your alerts; or you may use HTTPS, in which case you do not need to sign the alerts.
We prefer that you use HTTPS.
HTTPS with Transport Layer Security (TLS)
HTTPS avoids the need to exchange new digital certificates when the previous ones expire.
You must obtain an SSL certificate issued by a Google Chrome-trusted certificate authority. See these example authorities.
We recommend you use HTTP/TLS ("https://...") over the traditional SSL channel.
HTTP with digital signatures
If you use HTTP with digital signatures, you can generate the key for signing yourself. Google Public Alerts requires that you:
- provide your public key, and subsequent updates to your public key, at least 30 days before the old key expires. This will prevent unexpected disruptions to your data updates.
- expire and create a new key at least every two years.
- sign your alerts with your signature according to these CAP security recommendations.
Setup your feed
To host and deliver your CAP messages, please provide them in a publicly-accessible feed, such as one of the following:
- Atom Syndication Format (preferred)
- RSS
- EDXL-DE 1.0
See CAP example practices: CAP feeds for guidance on delivering CAP alerts in a feed. For guidance on setting up Atom or RSS feeds to CAP alerts, see CAP example practices: CAP feeds. Include a link in your web feed to your full CAP alert as shown here.
Validate the feed
Use our CAP Validator tool to validate the feed.
Updating alerts and feeds
When an alert changes, issue a new alert that refers to the previous alert, instead of changing or removing the existing alert from your feed. After an appropriate amount of time (e.g. 24-48 hours), remove cancelled, updated, or expired alerts from your feed.
<msgType> UPDATE or CANCEL must include at least one <references> element.
As specified in the CAP standard, any alert message that updates a previous alert should use <msgType>Update</msgType> and set <references>code</references> to all previous related messages that haven't reached their <expires> date. The UPDATE or CANCEL must apply to a non-expired alert.
There are three ways to CANCEL events, in order of preference:
- Set an
<expires>datetime for each event, with the message description setting the expectation that this alert will end on its own. - Issue a new
<alert>with<msgType>UPDATE,<responseType>"All Clear", and<expires>a short time in the future. - Issue a new
<alert>with<msgType>CANCEL.
Please see our Sample Alerts for updates and cancellations for examples.