Token-Based Authentication Quick Reference

You should upgrade to Token-Based Authentication 3.0.
Learn more.

Quick reference information is provided on:

Token-Based Authentication Support

The platforms and features that support Token-Based Authentication are listed below.

Platform/Feature Support

ADN

HTTP Large

HTTP Small

Primary and Backup Key

Take the following precautions to secure the primary and backup key:

Directory to Authenticate Configuration

Parameters

This section provides a brief description for each available parameter.

Parameter Description Example

ec_clientip

Restricts content delivery to requests that originate from a specific IP address.

Usage:

  • This parameter supports standard IPv4/IPv6 and CIDR notation.

Value:

111.11.111.11

Result:

Restricts content delivery to a client with an IP address of 111.11.111.11.

ec_country_allow

Restricts content delivery to the specified countries.

Usage:

  • Use a comma to delimit multiple country codes.
  • Use ISO 3166 country codes to specify countries.

View country code listing.

Value:

US

Result:

Restricts content delivery to requests that originate from the United States.

ec_country_deny

Blocks requests from one or more countries.

Usage:

  • Use a comma to delimit multiple country codes.
  • Use ISO 3166 country codes to specify countries.

View country code listing.

Value:

US,CA

Result:

Blocks all requests that originate from the United States and Canada.

ec_expire

Defines an expiration date and time (GMT) for the token value.

Usage:

  • Specify the number of seconds that will pass from Unix time to the expiration date.

Value:

1451563200

Result:

Expires the token on 12/31/2015 at 12:00:00 GMT.

ec_host_allow

Restricts content delivery to the specified set of hosts.

Usage:

  • Do not include the protocol portion of the desired URL (e.g., http://).
  • A comparison will be made against the value specified in the Host request header. Content delivery is restricted to requests whose hostname matches a specified value.
  • Use a comma to delimit multiple hosts.

Value:

server1.com,*.server2.com

Result:

Blocks all requests whose host does not match either server1.com or the server2.com domain root (e.g., secure.server2.com or cdn.server2.com).

ec_host_deny

Defines the set of hosts for which content delivery will be denied.

Usage:

  • Do not include the protocol portion of the desired URL (e.g., http://).
  • A comparison will be made against the value specified in the Host request header. Content delivery is restricted to requests whose hostname do not match a specified value.
  • Use a comma to delimit multiple hosts.

Value:

server1.com,*.server2.com

Result:

Blocks all requests whose host matches either server1.com or the server2.com domain root (e.g., secure.server2.com or cdn.server2.com).

ec_proto_allow

Restrict content delivery to the specified protocol(s).

Usage:

  • Acceptable values for this parameter are "http" and "https."

Value:

https

Result:

Restricts content delivery to requests that leverage the HTTPS protocol.

ec_proto_deny

Denies requests that leverage the specified protocol.

Usage:

  • Acceptable values for this parameter are "http" and "https."

Value:

http

Result:

Blocks requests that leverage the HTTP protocol.

ec_ref_allow

Restricts content delivery to the specified set of referrers.

Usage:

  • Do not include the protocol portion of the desired URL (e.g., http://).
  • The specified value will be compared against the request's Referer header. This header value must start with a value defined by this parameter.
  • Use a comma to delimit multiple referrers.

Value:

server1.com/obj1,*.server2.com

Result:

Allows requests whose referrers start with "server1.com/obj1" or whose host contains the server2.com domain root.

ec_ref_deny

Defines the set of referrers for which content delivery will be denied.

Usage:

  • Do not include the protocol portion of the desired URL (e.g., http://).
  • The specified value will be compared against the request's Referer header. This header value must not start with a value defined by this parameter.
  • Use a comma to delimit multiple referrers.

Value:

server1.com/obj1,*.server2.com

Result:

Blocks requests whose referrers start with "server1.com/obj1" or whose host contains the server2.com domain root.

ec_url_allow

Links a URL path to a token.

Usage:

  • Only requests that start with the specified URL path will be allowed access.
  • Do not include the protocol and hostname of the desired URL (e.g., http://www.domain.com).

Value:

/000001/dir1/movie1,/000001/dir2

Result:

Allows requests to CDN storage that meet one of the following criteria:

  • The name of the requested content starts with "movie1" and is stored in a folder called "dir1."
  • All content stored in the directory tree that starts with "dir1/movie1."
  • All content stored in the directory tree that starts with "dir2."

Link Formatting

All requests for content requiring authentication must contain a query string set to a valid token.

http://hostname/path/Filename.ext?TokenReplace this term with a token value.