Security token intro
Publisher: Psychz Networks, January 25,2021About Security Tokens
Security tokens or URL tokens are a way to give users access permission for various Web resources. It is a technique involving Stealth Redirection or URL Hiding to ensure that your visitors see the original domain name and not the destination URL. Secure URLs indicate that hackers or other unwanted prying eyes cannot intercept the information transmitted from the browser to the server. For additional protection against access by unauthorized clients, you can use directives from the Secure Link module to require that clients include a specific hashed string in the URL of the asset they are requesting.
URLs are secured by a special character set — it is added to every link. This set is a code that stores a directive on how long a link can be available and what IP address may access the content. The code is known as a secure token. When a user follows the link our CDN processes this request and decrypts a secure token. It doesn’t send content if a link is expired, or an IP address is not whitelisted.
How it works
The Security Token module verifies a requested resource's validity by comparing an encoded string in the URL of the HTTP request with the string it computes for that request. If a link has a limited lifetime and the time has expired, the link is considered outdated.
The following diagram explains how a security token works in a real-time environment.
Using our dashboard system, you can generate a Secret Key(MD5 based encryption), which you can incorporate and create your own Security Token using a PHP or Python script.
A sample security token looks like
Token Parameters
You can restrict the access to your content based on an IP address, but it is optional. If you like, you can make the content accessible from all IP addresses. You can provide the path at the start of the link followed by MD5 which produces a 128-bit hash value and expiration me to ensure that the token is active for a desired time period only.
The following is a sample code in PHP which you create at your end by incorporating the secret key that you can generate using the dashboard.
// Generate the URL
$url = "https://$base_url{$locationpath}?md5={$token}";
}
return $url;
}Secure tokens are created and added to links by your site. To configure the site is easy — you just need to add a necessary script. For your convenience, we have ready templates available in PHP and Python which you can use to generate Secure tokens. Please refer to the following articles
For PHP: https://www.psychz.net/client/kb/en/secure-token-integration-for-php.html
For Python: https://www.psychz.net/client/kb/en/secure-token-integration-for-python.html
To know on how to add security token, please visit the following article Add Security Token.