TokenSecret Authentication scheme is based on Level3.
Level 3 provide with simple Perl, PHP and CGI scripts to generate tokens Tokens are time limited with two parameters:
stime = start time (not valid before this time) etime = end time (not valid after this time)
The format of these dates are: yyyymmddHHMMSS (eg: 20120424115300) and in UTC (
date -u +%Y%m%d%H%M%S)
They may be tied to an IP address by adding &ip=22.214.171.124 as an additional parameter (this is not supported by L3 though).
- Use with Website Acceleration
Enabling Token based authentication for a Website Acceleration Domain by Access Control on the portal or API Create Access Control.
NOTE Authentication will not work on a Website Acceleration Domain that also has a redirection policy. As redirection policy will execute first.
- Signature Algorithm Example
Basic URL: http://www.sample.com/path/to/resource?clientId=12345&product=A123&otherstuff=xyz 1. Remove protocol and hostname from the hash input leaving: /path/to/resource?clientId=12345&product=A123&otherstuff=xyz 2. Add the time validity fields (these are required, not optional): /path/to/resource?clientId=12345&product=A123&otherstuff=xyz&stime=20081201060100&etime=20081201183000 3. Calculate the result to an HMAC-SHA1 hash using the result of step 2 and the secret (generated and displayed in the Portal): 4. Build new URL: http://www.sample.com/path/to/resource?clientId=12345&product=A123&otherstuff=xyz&stime=200812010601006&etime=20081201100100&encoded=0first20chars-of-hash
- Example Python
This file should be saved as "get_url_with_auth.py" and usage as per comment in file:
""" This was tested with: export RESOURCE=/bentest0/benlfd/1cq9tu.jpg?clientId=12345&product=A123&other=xyz&stime=20170101000000&etime=20180101000000 export SECRET=ibRgcWlEHWgrHfUBrmVTkJylfmFDifsDnvrmFnGZfJAiYSKMnEOhGNQYufhgnFID export HTTP_STUBB=http://edge.qa.swiftserve.com Then the following command was run: curl -v "`python get_url_with_auth.py`" >/dev/null NOTE: For VODs, like /bentest/benvod/big_buck_bunny_480p_H264_AAC_25fps_1800K_short.MP4 You need to use a RESOURCE something like: export RESOURCE=/vod/bentest0/mp4:benvod/big_buck_bunny_480p_H264_AAC_25fps_1800K_short.MP4/playlist.m3u8?stime=20170101000000&etime=20180101000000 """ import hashlib import hmac import os def generate_token(resource,secret_key): hmac_builder = hmac.new(secret_key, resource, hashlib.sha1) return "0%s" % (hmac_builder.hexdigest()[:20]) encoded = generate_token(os.environ['RESOURCE'], os.environ['SECRET']) print os.environ['HTTP_STUB'] + os.environ['RESOURCE'] + "&encoded=" + encoded
- Token encoded string generator
and can also use Swiftfederation portal(Access Control Section) to generate the signature by token secret.