CDN Token Authentication

Gotipath Stream provides a powerful CDN token authentication system to strictly control who, where and for how long can access your videos or live stream.

This guide contains the documentation on how to enable, configure and generate the tokens to securely access your content.

What is CDN token authentication?

First of all, what is token authentication? In short, if enabled, token authentication will block all requests to your URLs unless a valid token is passed with the request. The token is then compared on our server and we check if both values match. If the hash we generate matches the one sent by the request, then the request is accepted, otherwise, a 403 page is returned.

The token can then either be put in as a query parameter or used as part of the URL path. The path version is useful for situations such as video delivery.

How to sign an URL

This section contains instructions on generating and formatting the unique tokens and using those to sign an URL. Check out our code examples and helper functions for popular programming languages, allowing you to sign a URL with a simple function call.

Gotipath Stream provides Multi CDN by default so we need to make sure the security is maintained with all our CDN providers. Let’s dive into how we can sign an URL. Once we enable token security, all content will be inaccessible by the CDN domain, we have to follow a specific rule to access the contents.

Requirements:

1. Secret Token: You will find this in Security option inside stream dashboard.
2. Start Time: The timestamp when the request is initiated in UTC timezone.
3. End Time: Then expiry time of the url in UTC timezone.
4. The URL: The CDN resource url you want to access, i.e: https://cdn.gotipath.com/path/to/resource?clientId=12345&product=A123&other=xyz

Step 1:

1. Take the resource path from the url. You will have “/path/to/resource"

2. Generate a string using following “%s%s %s” format.

3. Transform the string into a MD5 hash.

4. Add two extra query parameter into the url “md5” and “expires”. The value of “md5” is the generated md5 hash from above process, and the value of “expires” is the end time in unix value. You will have something like “https://cdn.example.com/path/to/resource?clientId=12345&product=A123&other=xyz&md5=DMF1ucDxtHCxwYQ&expires=214
   7483647″

Step 2:

1. Remove the protocol and hostname from the url. You will have “/path/to/resource?clientId=12345&product=A123&other=xyz&md5=DMF1ucDxtHCxwYQ&expires=214
   7483647″
2. Add the start time and end time in “yyyymmddHHMMSS” format as query parameters by key “stime” and “etime”. You will have something like “https://cdn.example.com/path/to/resource?clientId=12345&product=A123&other=xyz&md5=DMF1ucDxtHCxwYQ&expires=214
   483647&stime=20081201060100&eti
   me=20081201183000″
3. Encode the url in HMACSHA1 hash using the secret token.
4. Take the first 20 characters of the hash and concatenate 0 at the beginning.
   Add the 21 character value as a query parameter named “encoded”. You will have something like “https://cdn.example.com/path/to/resource?clientId=12345&product=A123&other=xyz&md5=DMF1ucDxtHCxwYQ&expires=214
   7483647&stime=20081201060100&eti
   me=20081201183000&encoded=0n8dfUDkH5DNfdJND7uDN”above