tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Cloud EdgeOne
    Documentation
    Download PDF

    Introduction to Token Authentication

    Last updated: 2024-08-14 19:04:36
    Download PDF

      Overview

      Token authentication is a simple and reliable access control policy that verifies URL access through authentication rules, effectively preventing malicious brushing of site resources. The usage of this feature requires the cooperation of the client and EdgeOne. The client is responsible for initiating an encrypted URL request, and EdgeOne is responsible for verifying the validity of the URL based on pre-set rules.

      Principle

      The implementation of Token authentication mainly consists of the following two parts:
      Client: Initiate an authentication URL request based on authentication rules (including authentication algorithm and key).
      EdgeOne node: Verify the authentication information (md5 string + timestamp) in the authentication URL. When the authentication information passes the verification, the access request will be considered as a valid request, and the node will respond normally. If the verification fails, the node will reject the access and directly return 403.

      Token Authentication URL Generation and Verification Tool

      EdgeOne provides a generation tool and verification tool for Token authentication URLs. Developers can use this tool to quickly and accurately generate and verify hotlink protection URLs that meet the requirements.

      Directions

      1. Log in to the EdgeOne console. In the left sidebar, click Site List. In the site list, click the site to be configured.
      2. On the site details page, click Site Acceleration to go to the global site configuration page, and then click the Rule Engine tab.
      3. On the rule engine management page, click Create Rule and select Add Blank Rule.
      4. On the rule editing page, set the matching conditions that trigger this rule.
      5. Click Action > Select Box, and select Token Authentication in the pop-up action list. The parameter configuration instructions are as follows:
      Parameter
      Description
      Method
      Currently, 5 authentication signature calculation methods are supported. Choose the appropriate method based on the access URL format. For details, refer to the authentication method.
      Primary key (required)
      Primary password, consisting of 6-40 uppercase and lowercase English letters or numbers.
      Secondary key (optional)
      Secondary password, consisting of 6-40 uppercase and lowercase English letters or numbers.
      Authentication encryption string
      Authentication parameter name, the value corresponding to which will be verified by the node. It should contain 1-100 characters, including uppercase and lowercase letters, numbers and underscores.
      Validity period
      The validity period of the authentication URL (1-630720000 seconds). It determines whether a client request is valid:
      If the current time is after the ''timestamp + validity period'' time, it indicates that the request has expired, and 403 will be returned directly.
      If the current time is before the ''timestamp + validity period'' time, it indicates that the request has not expired, and the md5 string will continue to be verified.

      Notes

      1. After the request passes the authentication, the node will automatically ignore the authentication-related parameters in the URL to improve the cache hit rate and reduce the amount of origin-pull.
      2. The URL cannot contain any Chinese character.
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy