Show search and navigation.
Token-Based Authentication authenticates a requester before granting access to content. Access to content will only be granted when both of the following conditions are met:
Set up involves the following steps:
An encryption key plays an integral part in the encryption/decryption of token values. An encryption key must be set on each desired platform.
It is highly recommended to use a random encryption key of reasonable length. A sample call to generate a random string via the OpenSSL tool is provided below.
Navigate to the Token Auth page
Set the desired alphanumeric value in the Primary Key option (as shown below).
Make sure that the primary key's Minimum Encryption Version option is set to "V3."
The next step involves defining a location to which Token-Based Authentication will be applied recursively. The specified relative path will be compared against the request URL. The starting point for this comparison varies by URL type. Learn more.
The highlighted text illustrate the URL segments that may be compared against the specified relative path.
CDN & Edge CNAME URL (Customer Origin):
CDN URL (CDN Storage):
Edge CNAME URL (CDN Storage):
In the New option, which can be found under the Directories to Authenticate section, type the relative path to the desired directory.
It may take up to an hour for changes to your Token-Based Authentication setup to take effect.
The final step is to add a token to all href and src links that point to content stored in the folder specified above or any of its children.
Typically, a script is created to dynamically generate tokens using the Token Generator executable. However, in this tutorial, we will generate a token through the Token Auth page.
Generate a token that will grant access to requests that originate from within the United States. Requests from other countries that include this token will be denied.
In the ec_country_allow option, which can be found in the Encrypt Tool section, type "US."
The corresponding token will be displayed in the Generated Token option (as shown below).
The Token Generator Call field displays the call through which the same token may be generated using the Token Generator executable.
For each href and src link that points to content stored in the directory specified in the Directories to Authenticate section, update it to include the above token value as a query string.
If the desired href or src link does not already contain a query string, make sure to first append a question mark to the end of the URL. Append the desired token value directly after the question mark.
Basic URL Example
Notice that the updated link contains a query string set to a token value.
URL with Query String Example
A token must be the first parameter specified in the query string. Make sure to specify additional query string parameters after the token value. This is illustrated in the following example.