Language: English

Network
SoftLayer_Network_ContentDelivery_Authentication_Token

Overview

CDN's content authentication service is the technology that allows only authorized user to access your content. It performs a token based authentication before delivering content. An authentication token can be obtained from the SoftLayer customer portal or API and it needs to be appended to the CDN URL. When an end-user requests a file, CDN server will check the validity of the token passed via HTTP GET string. Then the content will be delivered if the token is validated otherwise the connection will be rejected.

There are several scenarios where this authentication capability could be useful. If a website doesn't require authentication, it runs the risk of other sites hot-linking to its images. Content owners can prevent others sites from passing HTTP links to images by requiring authentication in order to view a site's contents. Leverage the API to add this additional layer of security through our Content Authentication service.

To begin using the Content Authentication service, define secure directions using the createTokenAuthenticationDirectory method. Refer to the table below for examples of token authentication URLs.

{| cellspacing="5" style="width: 90%; border: 0px; margin-left: auto; margin-right: auto; padding: 10px;"
  Media Type
  Token Auth Directory
  CDN URL Type
  Example URL
  HTTP
  (FTP) /securehttp
  Default
  http://(CDN_NAME).http.cdn.softlayer.net/00(CDN_NAME)/securehttp/example.jpg?ramdomTokenString
  HTTP
  (Customer Origin) http://myorigin.com/securehttp
  Default
  http://(CDN_NAME).http.cdn.softlayer.net/80(CDN_NAME)/myorigin.com/securehttp/example.jpg?ramdomTokenString
  HTTP
  (FTP or Custom Origin)
  CNAME
  http://cdn.mydomain.com/example.jpg?ramdomTokenString
  Streaming Flash
  (FTP) /secureflash
  Default
  rtmp://(CDN_NAME).flash.cdn.softlayer.net/00(CDN_NAME)/secureflash/example.flv?ramdomTokenString
  Streaming Flash
  (Customer Origin) http://myorigin.com/secureflash
  Default
  rtmp://(CDN_NAME).flash.cdn.softlayer.net/80(CDN_NAME)/myorigin.com/secureflash/example.flv?ramdomTokenString
  Streaming Flash
  (FTP or Custom Origin)
  CNAME
  rtmp://flash.mydomain.com/example.flv?ramdomTokenString
  Streaming Windows Media
  (FTP) /securewm
  Default
  mms://(CDN_NAME).flash.cdn.softlayer.net/00(CDN_NAME)/securewm/example.wmv?ramdomTokenString
  }

Note. Windows Media does not support customer origin. Token authentication can be ordered as a CDN add-on item.

Authentication Token

Authentication tokens expire after the specified time (in seconds) has elapsed. Set a token's expiration time by passing the number of seconds the token should remain active to the getTimedToken method. For example, if you pass 3600 for the token life to the getTimedToken method, it will return a token that will expire after an hour of its creation. There is no way to revoke a timed token. To create a timed token, use the getTimedToken method and it takes 3 parameters:

Token Life (required)
This value is defined in seconds and outlines the amount of time a token remains valid. To create a token that expires in an hour, pass a Token Life of 3600. The minimum value for Token Life is 60 seconds and the maximum value is 604800 seconds, or one week.
Client IP (optional)
If set, the token validation process will match the client IP address. A valid IP address should be an IPv4 format or an IP block. If you want to block access from IP 211.37.0.0/16, you can enter "211.37." instead. IP blocks can be specified in the manner of "8bit times n".
Referring domain (optional)
The referrer or referring page is the URL of the previous webpage from which a link was followed. You can further restrict access to your contents by matching referrer information. Set this value only if you are certain about referrer you're expecting. You can only set a domain or an IP address without a path or a file name in it. This can be a part of your domain. If you want to grant access from any of your subdomains, set the root domain as a referring domain.

Methods

(DEPRECATED) Creates a managed authentication token
Retrieve a SoftLayer_Network_ContentDelivery_Authentication_Token record.
Returns an authentication token that expires after a certain amount of time
(DEPRECATED) Revokes all managed tokens belong to a CDN account.
Revokes all tokens belong to a CDN account.
(DEPRECATED) Revokes a managed token
(DEPRECATED) Deletes multiple managed tokens