Secure Token

Token authentication ensures that a URL is only accessible during a defined Unix time. You can define the time frame with an exact expiration time. Once a token has expired, it is not possible anymore to access the content. Several tokens with different expiration times can be created for the same file. A 403 Forbidden will be return if the token is not valid and a 410 Gone if the secure token has already expired.

Format

http://yourzone-id.kxcdn.com{path}?token={token}&expire={timestamp}

Setup Token Authentication

  1. Create a push or pull zone. If you use a pull zone for token authentication, make sure the origin URL is not public and it can’t be easily guessed.
  2. Enable Secure Token in zone settings.
  3. Define a Secure Token Key. This key will be needed to generate the token.
  4. Use one of the following code examples to generate the token (e.g. from your website).

PHP

<?php
	$secret = 'securetokenkey';
	$path = '/path/to/file1.jpg';

	// Expiration in seconds (e.g. 90 seconds)
	$expire = time() + 90; 

	// Generate token
	$md5 = md5($path.$secret.$expire, true);

	$md5 = base64_encode($md5);
	$md5 = strtr($md5, '+/', '-_');
	$md5 = str_replace('=', '', $md5);  

	// Use this URL
	$url = "http://yourzone-id.kxcdn.com{$path}?token={$md5}&expire={$expire}"; 

	echo $url;
?>

Python

import base64
from hashlib import md5
from time import time

secret = 'your_secret'
path = "/path/to/file1.jpg"

# expiration in seconds (e.g. 180 seconds)
expire = int(time()) + 180

# generate token
token = base64.encodestring(
                                md5(
                                    "%s%s%s" % (path, secret, expire)
                                ).digest()
                            ).replace("\n", "").replace("+", "-").replace("/", "_").replace("=", "")
secured_url = "http://demo-1.kxcdn.com%s?token=%s&expire=%s" % (path, token, expire)

# return secured URL
print secured_url

Ruby

require 'digest/md5'
require 'base64'

secret = 'your_secret'
path = '/path/to/your/file.jpg'

# expiry time in seconds (e.g. 3600 seconds)
expire = Time.now.to_i + 3600
token = Base64.encode64(
                            Digest::MD5.digest(
                            "#{path}#{secret}#{expire}"
                            )
                        ).gsub("\n", "").gsub("+", "-").gsub("/", "_").gsub("=", "")

# final secured URL
url = "http://demo-1.kxcdn.com#{path}?token=#{token}&expire=#{expire}"

puts url

node.JS

var crypto = require('crypto'),
    secret = 'your_secret',
    path = '/path/to/your/file.jpg';

// define expiry (e.g. 120 seconds)
var expire = Math.round(Date.now()/1000) + 120;

// generate md5 token
var md5String = crypto
  .createHash("md5")
  .update(path + secret + expire)
  .digest("binary");

// encode and format md5 token
var token = new Buffer(md5String, 'binary').toString('base64');
token = token.replace(/\+/g, '-').replace(/\//g, '_').replace(/\=/g, '');

// return secure token
console.log('http://demo-1.kxcdn.com' + path + '?token=' + token + '&expire=' + expire);

Java

import java.util.Date;
import org.apache.commons.codec.binary.Base64;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.security.MessageDigest;

public class getSecureURL {

    // generate token
    private static String getBinaryToken(String path, String secret, Long expire) throws UnsupportedEncodingException, NoSuchAlgorithmException{
        
        String urlData = path + secret + expire.toString();
        MessageDigest md = MessageDigest.getInstance("MD5");
        byte[] messageDigest = md.digest(urlData.getBytes());
        String token = Base64.encodeBase64URLSafeString(messageDigest);
        
        return token;
        
    }

    // main method
    public static void main(String[] args) throws Exception{
        
        String secret = "your_secret";
        String path = "/path/to/your/file.jpg";
        
        Date date = new Date();
        // expiry time (e.g. 300 seconds)
        Long expire = (date.getTime()/1000) + 300;
        String token = "" ;
        
        try {
            md5 = getBinaryToken(path, secret, expire);

            // final secured URL with token and expire variables
            String url = "http://demo-1.kxcdn.com" + path + "?token=" + md5 + "&expire=" + expire.toString() ;
            System.out.println("genrated url : " + url);
        } catch (Exception e){
            e.printStackTrace();
        }

    }

}

Example of how the link will look like:
http://yourzone-id.kxcdn.com/path/to/file1.jpg?token=85b9a81b78b24b4d18303c91b79e0124&expire=1384719072

Generate a Secure Token with openssl

echo -n '{path}{secret}{timestamp}' | openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d =

Example

echo -n '/path/to/file1.jpgmysecret1384719072' | openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d =