- Print
- PDF
Signed URL
- Print
- PDF
Available in Classic and VPC
The following describes how to restrict access to content with a secure URL based on secure token. When an access token for one-time use is created and used to request content, the secure token responds, with content, only to requests that have passed authentication. Secure token supports query string and the cookie header in the header within the URL.
Secure Token SDK
SDKs to generate secure tokens are available for each programming language. The followings are the path to check the SDK for generating secure tokens for each programming language.
- Python: https://github.com/akamai/EdgeAuth-Token-Python
- Java: https://github.com/akamai/EdgeAuth-Token-Java
- Ruby: https://github.com/akamai/EdgeAuth-Token-Ruby
- NodeJS: https://github.com/akamai/EdgeAuth-Token-Node
- Golang : https://github.com/mobilerider/EdgeAuth-Token-Golang
- C# : https://github.com/BookBeat/EdgeAuth-Token-CSharp
Secure token examples
Describe examples of configuring to generate an authentication token using the start time (st) and expiration time (exp) of the token validity period, and the ACL (URL path condition), and passing the generated token through query string or the cookie header. The parameter information for token generation in the example is as follows:
- Token name: created as the "token" value
- Start (st)/End (exp) times: the start and end times for when the authentication token is valid
- Key: created as the key value issued when setting a security token
- Access Control List (ACL): URI allowed for one-time access by token (can be set by specific path unit using the special character *)
Generating an authentication token with JAVA
To generate an authentication token using JAVA, follow these steps:
- Write code that utilizes the Java SDK to generate a token.
package com.akamai.edgeauth; public class ExampleEdgeAuth { public static void main(String[] args) { String hostname = "example.cdn.ntruss.com"; // service domain name String ET_ENCRYPTION_KEY = "b2b1"; // key to generate token String tokenName = "token"; // specified token name long duration = 3600L; // 3600 seconds = 1 hour try { EdgeAuth ea = new EdgeAuthBuilder() .key(ET_ENCRYPTION_KEY) .startTime(EdgeAuth.NOW) .windowSeconds(duration) .tokenName(tokenName) .escapeEarly(false) .build(); String acl = "/sample.pdf*"; //*/ String file_url = "/sample.pdf"; String token = ea.generateACLToken(acl); String url = String.format("http://%s%s?%s=%s", hostname, file_url, tokenName, token); System.out.println(url); } catch (EdgeAuthException e) { e.printStackTrace(); } } }
- Create a request URL including the generated token.
http://example.cdn.ntruss.com/sample.pdf?token=st=1592202370~exp=1592205970~acl=/sample.pdf*~hmac=d422a548ae769bbaddc1d27f03fe6e096a4ba492928f3eb9c09824f93d78f507
- Include the generated token in the cookie header.
- URL: http://example.cdn.ntruss.com/sample.pdf - Header information to include on request Cookie: token=st=1628596072~exp=1628682472~acl=/sample.pdf*~hmac=8094467ff875e72e8fccc2e579a0cfd002f680cda7acd10b820c193f671952d8
Generating an authentication token with Python
To generate an authentication token using Python, follow these steps:
- Generate a token using the file provided by Git.
$ python cms_edgeauth.py -k b2b1 -n token -s now -w 3600 -a /sample.pdf* enter the input command as shown in the example - Output result: token=st=1592204787~exp=1592208387~acl=/sample.pdf*~hmac=79872098f16596c8c40ebab649ae2aac8cce3e3bece204b641c99b6cfac42779
- Create a request URL including the generated token.
http://example.cdn.ntruss.com/sample.pdf?token=st=1592204787~exp=1592208387~acl=/sample.pdf*~hmac=79872098f16596c8c40ebab649ae2aac8cce3e3bece204b641c99b6cfac42779
- Include the generated token in the cookie header.
- URL: http://example.cdn.ntruss.com/sample.pdf - Header information to include on request Cookie: token=st=1628596072~exp=1628682472~acl=/sample.pdf*~hmac=8094467ff875e72e8fccc2e579a0cfd002f680cda7acd10b820c193f671952d8
Generating an authentication token with C#
To generate an authentication token using C#, follow these steps:
- Write the code to generate a token from the file provided by Git.
using BookBeat.Akamai.EdgeAuthToken; namespace MyNameSpace { public class MyTokenGenerator { public string GenerateMyToken(long window, string acl, string key) { var tokenConfig = new AkamaiTokenConfig { Window = window, // Time to live (in seconds) Acl = /sample.pdf*, // Access control list containing token permissions Key = b2b1, // Encryption key StartTime = DateTimeOffset.Now.ToUnixTimeSeconds() // Time to Start Timing(From Now) }; var tokenGenerator = new AkamaiTokenGenerator(); var token = tokenGenerator.GenerateToken(tokenConfig); return token; } } }
- Create a request URL including the generated token.
http://example.cdn.ntruss.com/sample.pdf? token=st=1628596072~exp=1628682472~acl=/sample.pdf*~hmac=8094467ff875e72e8fccc2e579a0cfd002f680cda7acd10b820c193f671952d8
- Include the generated token in the cookie header.
- URL : http://example.cdn.ntruss.com/sample.pdf - Header information to include on request Cookie: token=st=1628596072~exp=1628682472~acl=/sample.pdf*~hmac=8094467ff875e72e8fccc2e579a0cfd002f680cda7acd10b820c193f671952d8
If the user's token generation server time is 2-4 seconds ahead of the Global Edge server time, the Edge server may fail to authenticate the token because it recognizes the token's start time (st value) as "too early." Therefore, it is recommended to set the start_time value to 10 seconds earlier than the current time and increase the end_time value by 10 seconds when calling the token generation method. Most importantly, it is crucial to synchronize the time of the web server that generates the token accurately with NTP.