Token-Based Authentication Frequently Asked Questions

The Token-Based Authentication feature requires authentication before the delivery of content via the CDN. If Token-Based Authentication has been applied to the requested content, then the following two requirements must be met before it will be delivered:

• The URL must contain a token.
• The requester must satisfy the requirements defined in the encrypted token.

Yes. By default, Token-Based Authentication may be applied recursively to a directory. However, Rules Engine allows Token-Based Authentication to be enabled/disabled by request type. Leverage this capability to tailor the set of requests that will require authentication.

Both keys provide the same set of functionality.

A backup key provides the means through which you can ensure uninterrupted access to your content when updating an encryption key.

Learn more.

Use the OpenSSL tool to generate a hexadecimal encoded encryption key.

Syntax:

Learn more.

No. It can only be decrypted by the key used to encrypt it. Use the Token Generation executable to decrypt tokens generated with an old encryption key.

Learn more.

The total length of a token cannot exceed 512 characters.

No. However, the resulting token cannot exceed 512 characters.

Yes, unless both of the following conditions are true:

• The ec_url_allow parameter was used to generate the token.
• The requested file does not meet the requirements defined in the ec_url_allow parameter.

A token can be used across platforms when the same encryption key has been defined for each platform.

Make sure to always include both of the following parameters:

• ec_url_allow: This parameter can tie a token to a folder or even a specific file.
• ec_expire: This parameter expires your token after a given date/time.

• Content Delivery

  • CAN
  • IPv6
  • Cache Management
  • Rules Engine

• Security

  • CDN Security
  • TCC Security
  • Token-Based Authentication
  • Web Application Firewall (WAF)
• Raw Logs
• Storage