Basic Setup and Usage

Applies To:

HTTP LargeThis platform has been optimized to cache and deliver static content (e.g., HTML, CSS, JavaScript, ISO, multimedia, and software downloads, etc.) over HTTP or HTTPS.

HTTP SmallLegacy. If you are currently serving traffic over this platform, then you may continue to do so. However, we recommend that you serve your traffic over our more robust HTTP Large platform.

ADNThe Application Delivery Network platform has been optimized to deliver dynamic content (e.g., login credentials, account information, etc.) over HTTP or HTTPS. Typically, user-specific and database-driven content are served over this platform.

TBAThe Token-Based Authentication feature enforces authentication prior to content delivery. Authentication takes place via an encoded token value that must be included in the request URL. This token value is then decrypted on an edge server. The requested content will only be delivered when the user meets the requirement(s) defined in the token.

A valid Token-Based Authentication setup consists of setting up a platform-specific configuration and updating links. This type of setup will cause the CDN to require authentication prior to content delivery. This basic workflow is outlined below.

Workflow	Description
Setup	A valid Token-Based Authentication setup requires that the following steps be performed: Phase 1: Platform-specific configuration Set an encryption key. Define the set of content that will require authentication by performing one or both of the following actions: Identify one or more directories whose content will require a valid token value. Identify the type of requests that will require a token value. Phase 2: Updating links Generate tokens. Update links (href and src) to include a valid token value.
CDN Traffic	Requests for the above content: Require a valid token. Must meet the requirements defined in the token.

Workflow

Description

Setup

A valid Token-Based Authentication setup requires that the following steps be performed:

Phase 1: Platform-specific configuration

Set an encryption key.
Define the set of content that will require authentication by performing one or both of the following actions:
- Identify one or more directories whose content will require a valid token value.
- Identify the type of requests that will require a token value.

Phase 2: Updating links

Generate tokens.
Update links (href and src) to include a valid token value.

CDN Traffic

Requests for the above content:

Require a valid token.
Must meet the requirements defined in the token.

Phase 1: Platform-Specific Configuration

Perform the following steps to define the content that will require authentication:

Decide which platformIdentifies the environment through which your content will be efficiently delivered to your users.s will require authentication.
Define an encryption key for each desired platform.
Define the set of content that will require authentication. This may be defined by either:
- Directory: Define a directory whose contents will require authentication. Token-Based Authentication will be applied to all requests for content in that directory or a sub-folder of that location.
- Rules Engine: Rules Engine, which must be purchased separately, can be configured to enable or disable Token-Based Authentication when a request meets predefined criteria.
  
  Learn more.
  
  Example:
  
  The following sample configuration indicates how Token-Based Authentication can be applied to all requests for PDFs:

Phase 2: Content Linking

The next phase involves the following steps:

Generating encrypted tokens that define the minimum access requirements.
Updating CDN/edge CNAME URLs defined in href and src attributes to include the above encrypted token value as a query string parameter.

Only the content defined in phase 1 will require authentication. All other content may be accessed using a standard CDN or edge CNAME URL.

Sample request:

http://cdn.mydomain.com/secure/product.pdf?1234567890abcdefgh

The above request's query string, which is marked in bold, blue font, represents a token value.

Request Handling

A request for content defined in phase 1 must meet the following criteria:

It must contain a valid token.
It must satisfy the requirements defined in the token.

More Information:

An authorized request must contain a valid token that is appended to the file name in the CDN or edge CNAME URL.

Sample request:

http://data.server.com/asset.txt?c1019f8a6942b46a1ce679e168d5797670f3ee7e39068054ee4534d8a5a859d
Our edge servers will decrypt the token using either the current primary or backup encryption key for the platform associated with the request. The decrypted value will reveal the requirements for the requested content.
The user must satisfy all of the requirements defined for the requested content.
- Content will be delivered when the requester meets all of the requirements defined in the decrypted token value.
- The request will be denied when the requester cannot satisfy one or more requirements. Denied requests may be redirected to a different web page.