Basic Setup and Usage

A valid Token-Based Authentication setup consists of setting up a configuration and updating links. This type of setup will cause the CDN to require authentication prior to content delivery. This basic workflow is outlined below.

Workflow	Description
Setup	A valid Token-Based Authentication setup requires that the following steps be performed: Phase 1: Configuration Set an encryption key. Define the set of content that will require authentication by performing one or both of the following actions: Identify one or more directories whose content will require a valid token value. Identify the type of requests that will require a token value. Phase 2: Updating links Generate tokens. Update links (href and src) to include a valid token value.
CDN Traffic	Requests for the above content: Require a valid token. Must meet the requirements defined in the token.

Workflow

Description

Setup

A valid Token-Based Authentication setup requires that the following steps be performed:

Phase 1: Configuration

Set an encryption key.
Define the set of content that will require authentication by performing one or both of the following actions:
- Identify one or more directories whose content will require a valid token value.
- Identify the type of requests that will require a token value.

Phase 2: Updating links

Generate tokens.
Update links (href and src) to include a valid token value.

CDN Traffic

Requests for the above content:

Require a valid token.
Must meet the requirements defined in the token.

Phase 1: Configuration

Perform the following steps to define the content that will require authentication:

Define an encryption key.
Define the set of content that will require authentication. This may be defined by either:
- Directory: Define a directory whose contents will require authentication. Token-Based Authentication will be applied to all requests for content in that directory or a sub-folder of that location.
- Rules Engine: Rules Engine, which must be purchased separately, can be configured to enable or disable Token-Based Authentication when a request meets predefined criteria.
  
  Learn more.
  
  Example:
  
  The following sample configuration indicates how Token-Based Authentication can be applied to all requests for PDFs:

Phase 2: Content Linking

The next phase involves the following steps:

Generating encrypted tokens that define the minimum access requirements.
Updating CDN/edge CNAME URLs defined in href and src attributes to include the above encrypted token value as a query string parameter.

Only the content defined in phase 1 will require authentication. All other content may be accessed using a standard CDN or edge CNAME URL.

Sample request:

http://cdn.mydomain.com/secure/product.pdf?1234567890abcdefgh

The above request's query string, which is marked in bold, blue font, represents a token value.

Request Handling

A request for content defined in phase 1 must meet the following criteria:

It must contain a valid token.
It must satisfy the requirements defined in the token.

More Information:

An authorized request must contain a valid token that is appended to the file name in the CDN or edge CNAME URL.

Sample request:

http://data.server.com/asset.txt?c1019f8a6942b46a1ce679e168d5797670f3ee7e39068054ee4534d8a5a859d
Our edge servers will decrypt the token using either the current primary or backup encryption key. The decrypted value will reveal the requirements for the requested content.
The user must satisfy all of the requirements defined for the requested content.
- Content will be delivered when the requester meets all of the requirements defined in the decrypted token value.
- The request will be denied when the requester cannot satisfy one or more requirements. Denied requests may be redirected to a different web page.