diff --git a/docs/Map-API.md b/docs/Map-API.md
index 99de9ad2..95cd1a47 100644
--- a/docs/Map-API.md
+++ b/docs/Map-API.md
@@ -646,6 +646,32 @@ curl -X GET 'https://documentation.cartodb.com/api/v1/map/named/:template_name?a
 }
 ```
 
+### Use with CartoDB.js
+Named maps can be used with CartoDB.js by specifying a named map in a layer source as follows. Named maps are treated almost the same as other layer source types in most other ways.
+
+```js
+var layerSource = {
+  user_name: '{your_user_name}', 
+  type: 'namedmap', 
+  named_map: { 
+    name: '{template_name}', 
+	layers: [{ 
+	  layer_name: "layer1", 
+      interactivity: "column1, column2, ..." 
+	}] 
+  } 
+}
+
+cartodb.createLayer('map_dom_id',layerSource)
+  .addTo(map_object);
+
+```
+
+[CartoDB.js](http://docs.cartodb.com/cartodb-platform/cartodb-js.html) has methods for accessing your named maps.
+
+1. [layer.setParams()](http://docs.cartodb.com/cartodb-platform/cartodb-js.html#layersetparamskey-value) allows you to change the template variables (in the placeholders object) via JavaScript 
+2. [layer.setAuthToken()](http://docs.cartodb.com/cartodb-platform/cartodb-js.html#layersetauthtokenauthtoken) allows you to set the auth tokens to create the layer
+
 ##Static Maps API
 
 The Static Maps API can be initiated using both named and anonymous maps using the 'layergroupid' token. The API can be used to create static images of parts of maps and thumbnails for use in web design, graphic design, print, field work, and many other applications that require standard image formats.
diff --git a/lib/cartodb/api/query_tables_api.js b/lib/cartodb/api/query_tables_api.js
index c6eb2e48..bdcf488e 100644
--- a/lib/cartodb/api/query_tables_api.js
+++ b/lib/cartodb/api/query_tables_api.js
@@ -13,27 +13,6 @@ var affectedTableRegexCache = {
 
 module.exports = QueryTablesApi;
 
-QueryTablesApi.prototype.getLastUpdatedTime = function (username, api_key, tableNames, callback) {
-    var sql = 'SELECT EXTRACT(EPOCH FROM max(updated_at)) as max FROM CDB_TableMetadata m WHERE m.tabname = any (ARRAY['+
-        tableNames.map(function(t) { return "'" + t + "'::regclass"; }).join(',') +
-        '])';
-
-    // call sql api
-    sqlApi.query(username, api_key, sql, function(err, rows){
-        if (err){
-            var msg = err.message ? err.message : err;
-            callback(new Error('could not find last updated timestamp: ' + msg));
-            return;
-        }
-        // when the table has not updated_at means it hasn't been changed so a default last_updated is set
-        var last_updated = 0;
-        if(rows.length !== 0) {
-            last_updated = rows[0].max || 0;
-        }
-
-        callback(null, last_updated*1000);
-    });
-};
 
 QueryTablesApi.prototype.getAffectedTablesInQuery = function (username, options, sql, callback) {
 
diff --git a/lib/cartodb/cartodb_windshaft.js b/lib/cartodb/cartodb_windshaft.js
index a1dbe824..7fd0edcc 100644
--- a/lib/cartodb/cartodb_windshaft.js
+++ b/lib/cartodb/cartodb_windshaft.js
@@ -203,26 +203,11 @@ var CartodbWindshaft = function(serverOptions) {
 
     /**
      * Helper API to allow per table tile cache (and sql cache) to be invalidated remotely.
-     * TODO: Move?
+     * Keep endpoint for backwards compatibility
      */
     ws.del(serverOptions.base_url + '/flush_cache', function(req, res){
-        if ( req.profiler && req.profiler.statsd_client ) {
-          req.profiler.start('windshaft-cartodb.flush_cache');
-        }
         ws.doCORS(res);
-        Step(
-            function flushCache(){
-                serverOptions.flushCache(req, serverOptions.cache_enabled ? Cache : null, this);
-            },
-            function sendResponse(err, data){
-                if (err){
-                    ws.sendError(res, {error: err.message}, 500, 'DELETE CACHE', err);
-                    //ws.sendResponse(res, [500]);
-                } else {
-                    ws.sendResponse(res, [{status: 'ok'}, 200]);
-                }
-            }
-        );
+        ws.sendResponse(res, [{status: 'ok'}, 200]);
     });
 
     var healthCheck = new HealthCheck(cartoData, Windshaft.tilelive);
diff --git a/lib/cartodb/server_options.js b/lib/cartodb/server_options.js
index 43f33bba..dd40ef3e 100644
--- a/lib/cartodb/server_options.js
+++ b/lib/cartodb/server_options.js
@@ -1,6 +1,5 @@
 var _ = require('underscore');
 var Step = require('step');
-var Cache = require('./cache_validator');
 var QueryTablesApi = require('./api/query_tables_api');
 var crypto = require('crypto');
 var LZMA = require('lzma').LZMA;
@@ -853,34 +852,6 @@ module.exports = function(redisPool) {
         );
     };
 
-    /**
-     * Helper to clear out tile cache on request
-     * @param req
-     * @param callback
-     */
-    me.flushCache = function(req, Cache, callback){
-        var that = this;
-
-        Step(
-            function getParams(){
-                // this is mostly to compute req.params.dbname
-                that.req2params(req, this);
-            },
-            function flushInternalCache(err){
-                // TODO: implement this, see
-                // http://github.com/Vizzuality/Windshaft-cartodb/issues/73
-                return true;
-            },
-            function flushVarnishCache(err){
-                if (err) { callback(err); return; }
-                if(Cache) {
-                  Cache.invalidate_db(req.params.dbname, req.params.table);
-                }
-                callback(null, true);
-            }
-        );
-    };
-
     /*******************************************************************************************************************
      * Private methods
      ******************************************************************************************************************/
diff --git a/lib/cartodb/template_maps.js b/lib/cartodb/template_maps.js
index f103e59a..164161a8 100644
--- a/lib/cartodb/template_maps.js
+++ b/lib/cartodb/template_maps.js
@@ -44,11 +44,6 @@ function TemplateMaps(redis_pool, opts) {
 
   // User templates (HASH:tpl_id->tpl_val)
   this.key_usr_tpl = dot.template("map_tpl|{{=it.owner}}");
-
-  // User template locks (HASH:tpl_id->ctime)
-  this.key_usr_tpl_lck = dot.template("map_tpl|{{=it.owner}}|locks");
-
-  this.lock_ttl = this.opts['lock_ttl'] || 5000;
 }
 
 util.inherits(TemplateMaps, EventEmitter);
diff --git a/test/acceptance/multilayer.js b/test/acceptance/multilayer.js
index 64066a39..aff420d4 100644
--- a/test/acceptance/multilayer.js
+++ b/test/acceptance/multilayer.js
@@ -1368,6 +1368,50 @@ suite('multilayer:postgres=' + cdbQueryTablesFromPostgresEnabledValue, function(
     });
 
 
+    test("it's not possible to override authorization with a crafted layergroup", function(done) {
+
+        var layergroup =  {
+            version: '1.0.0',
+            layers: [
+                {
+                    options: {
+                        sql: 'select * from test_table_private_1',
+                        cartocss: '#layer { marker-fill:red; }',
+                        cartocss_version: '2.3.0',
+                        interactivity: 'cartodb_id'
+                    }
+                }
+            ],
+            template: {
+                auth: {
+                    method: "open"
+                },
+                name: "open"
+            }
+        };
+
+        assert.response(
+            server,
+            {
+                url: '/api/v1/map?signer=localhost',
+                method: 'POST',
+                headers: {
+                    host: 'localhost',
+                    'Content-Type': 'application/json'
+                },
+                data: JSON.stringify(layergroup)
+            },
+            {
+                status: 403
+            },
+            function(res, err) {
+                assert.ok(res.body.match(/permission denied for relation test_table_private_1/));
+                done();
+            }
+        );
+    });
+
+
     suiteTeardown(function(done) {
 
         // This test will add map_style records, like