Pull zone secured token

Secure Token is one of the enhanced security feature add-on provided by 5centsCDN. Secure Token offers a way to secure your HTTP URLs’ so only users who are sending a valid hashed string in the request will have access to that specific resource. Once a token has expired, it is not possible anymore to access the content with it. The Secure Token link is generated through a script on your origin server with the secret, path and the expiration time as parameters. In the 5centsCDN control panel, you only need to specify the Secure Token secret (Referred to as the Secure Key) which is used to decrypt the key in order to validate the Secure Token link.

In order to implement the Secure Token :

  • Log into your 5centsCDN Dashboard.
  • On the left side, under Zones, click on HTTP drop down menu and select PULL.
  • Click on the Manage button available right next to your created pull zone
  • In the redirected page Select Secure Token under security.
  • To enable this feature, select Enable mode
  • Click Generate and the Secure Token will be created.
  • The Token can be set with an expiration by adding Token Expiration (in secs)
  • Click on Save

The above steps will create a PHP script under Playback URLs / Embed Code which can be used on your origin server. This code will generate URLs with the included token.

Usually, secure tokens are created with the following parameters:

  • A secret (Secure Key), that can be any alphanumeric combination of characters (limit of 32 characters). (Example: ju23dff8sf3)
  • The relative path to the file (/file.png)
  • Expiration date of the of the Secure Token link (The link becomes invalid after the specified amount of time, giving the 300 – Gone status response code)

A sample php code for the Pull zone pull-297.5centscdn.com and secret key as secrete123 is given below. <?php
$key = ‘secret123’;
$path = ‘/path/to/filename.ext’;
$expire = time() + 300; // current time + token timeout
$md5 = base64encode(md5($key . $path . $expire , true));
$md5 = strtr($md5, ‘+/’, ‘-
$md5 = str_replace(‘=’, ”, $md5);
$token = “st={$md5}&e={$expire}”; //use “$url” to load the file
$url = “http://pull-297.5centscdn.com{$path}?{$token}”; ?> Secure Token link example :- /file.png?st=fKrncCCC2VFLSRmXnIEU0Q&e=1379119860

Was this article helpful?

Related Articles