Basic token authentication uses MD5 hashing to create signed URLs with expiration times and optional IP validation.
URL structure
https://myzone.b-cdn.net/video.mp4?token=m0EMEkV3pNAKFB33gZuv_Q&expires=1456761770
| Parameter | Description |
|---|
token | Base64-encoded MD5 hash of the security key, path, and expiration |
expires | UNIX timestamp in seconds when the URL becomes invalid (milliseconds and nanoseconds are not supported) |
Generate the token
token = Base64(MD5(security_key + path + expiration))
token = Base64(MD5(security_key + path + expiration + ip_address))
+ with -, / with _, and remove = characters.
Code examples
$securityKey = 'your_security_key';
$path = '/path/to/file.mp4';
$expires = time() + 3600;
$hashableBase = $securityKey . $path . $expires;
// Optional: $hashableBase .= '192.168.1.1';
$token = md5($hashableBase, true);
$token = base64_encode($token);
$token = strtr($token, '+/', '-_');
$token = str_replace('=', '', $token);
$url = "https://myzone.b-cdn.net{$path}?token={$token}&expires={$expires}";
IP validation
IP validation binds the token to a specific IP address. Append the user’s IP to the hash before generating the token. The IP is not included in the URL.
IP validation can cause issues for users behind proxies or with changing IP
addresses.
