Token-Based Authentication is a security measure that authenticates a requester before granting access to secured content. Access to secured content will only be granted when both of the following conditions are met:
Setup involves the following steps:
The first step towards setting up Token-Based Authentication involves defining an encryption key. An encryption key plays an integral part in the encryption/decryption of token values. This encryption key must be set on each desired platform.
Navigate to the Token Auth page corresponding to the desired platform.
Set the desired alphanumeric value in the Primary Key option (as shown below).
Click Update.
The next step involves defining a location that will be secured recursively by Token-Based Authentication. The specified relative path will be compared against the request URL. The starting point for this comparison occurs directly after the content access pointThis URL segment of a CDN URL identifies where the request should be directed. This relative path starts directly after the CDN hostname. The proper syntax for a content access point is "/yyAN," where "yy" stands for the origin identifier and "AN" stands for a customer account number. A content access point for a customer origin also includes a directory that identifies it. (e.g., wpc.0001.{Base Domain}/800001). Learn more.
In the New option, which can be found under the Directories to Authenticate section, type the relative path to the directory that will be secured.
Click Add.
Note: It may take up to an hour for changes to your Token-Based Authentication setup to take effect.
The final step is to add a token to all href and src links that point to content stored in the folder specified above or any of its children. Typically, a script is created to dynamically generate tokens using the Token Generator executable. However, in this tutorial, we will generate a token through the Token Auth page.
Generate a token that will grant access to requests that originate from within the United States. Requests from other countries that include this token will be denied.
In the ec_country_allow option, which can be found in the Encrypt Tool section, type "US."
Click Encrypt.
The corresponding token will be displayed in the Generated Token option (as shown below).
Tip: The Token Generator Call field displays the call through which the same token may be generated using the Token Generator executable.
Append the above token value to each href and src link that points to content stored in the directory specified above.
If the href or src link does not contain a query string, append a question mark followed by the above token value.
Basic Example
Notice that the updated link contains a query string set to a token value.
Original link:
Updated link:
Query String Parameter Example
A token must be the first parameter specified in the query string. Make sure to specify additional query string parameters after the token value. This is illustrated in the following example.
Original link:
Updated link: