TokenSecret Authentication

TokenSecret Authentication scheme is based on Level3.

Level 3 provide with simple Perl, PHP and CGI scripts to generate tokens Tokens are time limited with two parameters:

    stime = start time (not valid before this time)
    etime = end time (not valid after this time)

The format of these dates are: yyyymmddHHMMSS (eg: 20120424115300) and in UTC (date -u +%Y%m%d%H%M%S) They may be tied to an IP address by adding &ip= as an additional parameter (this is not supported by L3 though).

  • Use with Website Acceleration

Enabling Token based authentication for a Website Acceleration Domain by Access Control on the portal or API Create Access Control.

NOTE Authentication will not work on a Website Acceleration Domain that also has a redirection policy. As redirection policy will execute first.

  • Signature Algorithm Example
Basic URL:

1. Remove protocol and hostname from the hash input leaving:


2. Add the time validity fields (these are required, not optional):


3. Calculate the result to an HMAC-SHA1 hash using the result of step 2 and the secret (generated and displayed in the Portal):

4. Build new URL:
  • Example Python

This file should be saved as "" and usage as per comment in file:

This was tested with:
    export RESOURCE=/bentest0/benlfd/1cq9tu.jpg?clientId=12345&product=A123&other=xyz&stime=20170101000000&etime=20180101000000
    export SECRET=ibRgcWlEHWgrHfUBrmVTkJylfmFDifsDnvrmFnGZfJAiYSKMnEOhGNQYufhgnFID
    export HTTP_STUBB=

Then the following command was run:
    curl -v "`python`" >/dev/null

 For VODs, like /bentest/benvod/big_buck_bunny_480p_H264_AAC_25fps_1800K_short.MP4
 You need to use a RESOURCE something like: 

    export RESOURCE=/vod/bentest0/mp4:benvod/big_buck_bunny_480p_H264_AAC_25fps_1800K_short.MP4/playlist.m3u8?stime=20170101000000&etime=20180101000000


import hashlib
import hmac
import os

def generate_token(resource,secret_key):
    hmac_builder =, resource, hashlib.sha1)
    return "0%s" % (hmac_builder.hexdigest()[:20])

encoded = generate_token(os.environ['RESOURCE'], os.environ['SECRET'])
print os.environ['HTTP_STUB'] + os.environ['RESOURCE'] + "&encoded=" + encoded
  • Token encoded string generator

and can also use Swiftfederation portal(Access Control Section) to generate the signature by token secret.

           Updated 2023-09-27 02:27:53

results matching ""

    No results matching ""