Token-Based Authentication Quick Reference

You should upgrade to Token-Based Authentication 3.0.
Learn more.

Quick reference information is provided on:

Primary and Backup Key
Directory to Authenticate Configuration
Parameters
Link Formatting

Primary and Backup Key

Take the following precautions to secure the primary and backup key:

Ensure that these keys are never shared outside of your organization.
Periodically rotate the primary key.
Remove the backup key as soon as you have transitioned to a new primary key.

Directory to Authenticate Configuration

The relative path must start with a forward slash (/).
Specifying the root folder (/) to require authentication for all requests on the current platform.
The comparison of an authentication directory to a request starts after the base URL.

View comparison information

Type	Base URL
Customer Origin	Base CDN/Edge CNAMEComparison occurs after our edge servers rewrite the edge CNAME URL to a CDN URL. URL http://can.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the TCC..transactcdn.com/80Indicates that content from a customer origin server is being requested.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the TCC. Sample URL: http://can.0001.transactcdn.com/800001/myorigin/marketing/index.html?123456780a
CDN Storage	Base CDN URL http://can.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the TCC..transactcdn.com/00Indicates that content from our CDN storage solution is being requested.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the TCC. Sample URL: http://can.0001.transactcdn.com/000001/marketing/index.html?123456780a
CDN Storage	Base Edge CNAME URL http://Edge_CNAME Sample URL: http://cdn.mydomain.com/marketing/index.html?123456780a

Type

Base URL

Customer Origin

Base CDN/Edge CNAMEComparison occurs after our edge servers rewrite the edge CNAME URL to a CDN URL. URL

http://can..transactcdn.com/

Sample URL:

http://can.0001.transactcdn.com/800001/myorigin/marketing/index.html?123456780a

CDN Storage

Base CDN URL

http://can..transactcdn.com/

Sample URL:

http://can.0001.transactcdn.com/000001/marketing/index.html?123456780a

CDN Storage

Base Edge CNAME URL

http://Edge_CNAME

Sample URL:

http://cdn.mydomain.com/marketing/index.html?123456780a

Parameters

This section provides a brief description for each available parameter.

Parameter	Description	Example
ec_clientip	Restricts content delivery to requests that originate from a specific IP address. Usage: This parameter supports standard IPv4/IPv6 and CIDR notation.	Value: 111.11.111.11 Result: Restricts content delivery to a client with an IP address of 111.11.111.11.
ec_country_allow	Restricts content delivery to the specified countries. Usage: Use a comma to delimit multiple country codes. Use ISO 3166 country codes to specify countries. View country code listing.	Value: US Result: Restricts content delivery to requests that originate from the United States.
ec_country_deny	Blocks requests from one or more countries. Usage: Use a comma to delimit multiple country codes. Use ISO 3166 country codes to specify countries. View country code listing.	Value: US,CA Result: Blocks all requests that originate from the United States and Canada.
ec_expire	Defines an expiration date and time (GMT) for the token value. Usage: Specify the number of seconds that will pass from Unix time to the expiration date.	Value: 1451563200 Result: Expires the token on 12/31/2015 at 12:00:00 GMT.
ec_host_allow	Restricts content delivery to the specified set of hosts. Usage: Do not include the protocol portion of the desired URL (e.g., http://). A comparison will be made against the value specified in the Host request header. Content delivery is restricted to requests whose hostname matches a specified value. Use a comma to delimit multiple hosts.	Value: server1.com,*.server2.com Result: Blocks all requests whose host does not match either server1.com or the server2.com domain root (e.g., secure.server2.com or cdn.server2.com).
ec_host_deny	Defines the set of hosts for which content delivery will be denied. Usage: Do not include the protocol portion of the desired URL (e.g., http://). A comparison will be made against the value specified in the Host request header. Content delivery is restricted to requests whose hostname do not match a specified value. Use a comma to delimit multiple hosts.	Value: server1.com,*.server2.com Result: Blocks all requests whose host matches either server1.com or the server2.com domain root (e.g., secure.server2.com or cdn.server2.com).
ec_proto_allow	Restrict content delivery to the specified protocol(s). Usage: Acceptable values for this parameter are "http" and "https."	Value: https Result: Restricts content delivery to requests that leverage the HTTPS protocol.
ec_proto_deny	Denies requests that leverage the specified protocol. Usage: Acceptable values for this parameter are "http" and "https."	Value: http Result: Blocks requests that leverage the HTTP protocol.
ec_ref_allow	Restricts content delivery to the specified set of referrers. Usage: Do not include the protocol portion of the desired URL (e.g., http://). The specified value will be compared against the request's Referer header. This header value must start with a value defined by this parameter. Use a comma to delimit multiple referrers.	Value: server1.com/obj1,*.server2.com Result: Allows requests whose referrers start with "server1.com/obj1" or whose host contains the server2.com domain root.
ec_ref_deny	Defines the set of referrers for which content delivery will be denied. Usage: Do not include the protocol portion of the desired URL (e.g., http://). The specified value will be compared against the request's Referer header. This header value must not start with a value defined by this parameter. Use a comma to delimit multiple referrers.	Value: server1.com/obj1,*.server2.com Result: Blocks requests whose referrers start with "server1.com/obj1" or whose host contains the server2.com domain root.
ec_url_allow	Links a URL path to a token. Usage: Only requests that start with the specified URL path will be allowed access. Do not include the protocol and hostname of the desired URL (e.g., http://www.domain.com).	Value: /000001/dir1/movie1,/000001/dir2 Result: Allows requests to CDN storage that meet one of the following criteria: The name of the requested content starts with "movie1" and is stored in a folder called "dir1." All content stored in the directory tree that starts with "dir1/movie1." All content stored in the directory tree that starts with "dir2." View sample "allowed" requests. http://can.0001Represents your customer account number..transactcdn.com/000001Represents your customer account number./dir1/movie10.php http://can.0001Represents your customer account number..transactcdn.com/000001Represents your customer account number./dir1/movie1/ad.aspx http://can.0001Represents your customer account number..transactcdn.com/000001Represents your customer account number./dir20/sales/brochure.php

Parameter

Description

Example

ec_clientip

Restricts content delivery to requests that originate from a specific IP address.

Usage:

This parameter supports standard IPv4/IPv6 and CIDR notation.

Value:

111.11.111.11

Result:

Restricts content delivery to a client with an IP address of 111.11.111.11.

ec_country_allow

Restricts content delivery to the specified countries.

Usage:

Use a comma to delimit multiple country codes.
Use ISO 3166 country codes to specify countries.

View country code listing.

Value:

Result:

Restricts content delivery to requests that originate from the United States.

ec_country_deny

Blocks requests from one or more countries.

Usage:

Use a comma to delimit multiple country codes.
Use ISO 3166 country codes to specify countries.

View country code listing.

Value:

US,CA

Result:

Blocks all requests that originate from the United States and Canada.

ec_expire

Defines an expiration date and time (GMT) for the token value.

Usage:

Specify the number of seconds that will pass from Unix time to the expiration date.

Value:

1451563200

Result:

Expires the token on 12/31/2015 at 12:00:00 GMT.

ec_host_allow

Restricts content delivery to the specified set of hosts.

Usage:

Do not include the protocol portion of the desired URL (e.g., http://).
A comparison will be made against the value specified in the Host request header. Content delivery is restricted to requests whose hostname matches a specified value.
Use a comma to delimit multiple hosts.

Value:

server1.com,*.server2.com

Result:

Blocks all requests whose host does not match either server1.com or the server2.com domain root (e.g., secure.server2.com or cdn.server2.com).

ec_host_deny

Defines the set of hosts for which content delivery will be denied.

Usage:

Do not include the protocol portion of the desired URL (e.g., http://).
A comparison will be made against the value specified in the Host request header. Content delivery is restricted to requests whose hostname do not match a specified value.
Use a comma to delimit multiple hosts.

Value:

server1.com,*.server2.com

Result:

Blocks all requests whose host matches either server1.com or the server2.com domain root (e.g., secure.server2.com or cdn.server2.com).

ec_proto_allow

Restrict content delivery to the specified protocol(s).

Usage:

Acceptable values for this parameter are "http" and "https."

Value:

https

Result:

Restricts content delivery to requests that leverage the HTTPS protocol.

ec_proto_deny

Denies requests that leverage the specified protocol.

Usage:

Acceptable values for this parameter are "http" and "https."

Value:

http

Result:

Blocks requests that leverage the HTTP protocol.

ec_ref_allow

Restricts content delivery to the specified set of referrers.

Usage:

Do not include the protocol portion of the desired URL (e.g., http://).
The specified value will be compared against the request's Referer header. This header value must start with a value defined by this parameter.
Use a comma to delimit multiple referrers.

Value:

server1.com/obj1,*.server2.com

Result:

Allows requests whose referrers start with "server1.com/obj1" or whose host contains the server2.com domain root.

ec_ref_deny

Defines the set of referrers for which content delivery will be denied.

Usage:

Do not include the protocol portion of the desired URL (e.g., http://).
The specified value will be compared against the request's Referer header. This header value must not start with a value defined by this parameter.
Use a comma to delimit multiple referrers.

Value:

server1.com/obj1,*.server2.com

Result:

Blocks requests whose referrers start with "server1.com/obj1" or whose host contains the server2.com domain root.

ec_url_allow

Links a URL path to a token.

Usage:

Only requests that start with the specified URL path will be allowed access.
Do not include the protocol and hostname of the desired URL (e.g., http://www.domain.com).

Value:

/000001/dir1/movie1,/000001/dir2

Result:

Allows requests to CDN storage that meet one of the following criteria:

The name of the requested content starts with "movie1" and is stored in a folder called "dir1."
All content stored in the directory tree that starts with "dir1/movie1."
All content stored in the directory tree that starts with "dir2."

Link Formatting

All requests for content requiring authentication must contain a query string set to a valid token.

http://hostname/path/Filename.ext?