How to install the Secure Token integration through Azion Marketplace

Azion Secure Token is a serverless integration available at Azion Marketplace.

With the help of the Azion Secure Token integration, you can make token-based, time-limited URLs. The creation and validation of signatures for cookies, authentication headers, and other security measures can be done using these tokens, which can be altered in a variety of ways. Utilizing both HLS and Progressive Download, the solution is frequently used to secure video assets, including those used for live streaming and on-demand content.

To use the Secure Token integration provided by Azion Marketplace, you have to:

  1. Access Azion Console > Marketplace.
  2. On the Marketplace homepage, select Secure Token card.
  3. Once the integration’s page opens, click the Get It Now button, at the bottom-right corner of the page.

You’ll see a message indicating that your integration was successfully installed.

In order to use this integration, you’ll have to generate a token. To do so, follow these steps:

  1. Go to the Azion’s Secure Token GitHub repository.
    • In this repository, you’ll find a brief explanation about how the Secure Token is generated and how to use it.
  2. In the repository, you’ll find two example scripts to generate the tokens, a Python and a PHP script. You can run them locally and generate the token or you can generate these tokens on your own platform with your own code.
  3. Save the generated token, whatever may be the way you generated it through.

Using the Python script as an example, you’ll have the following source code:

#!/usr/bin/env python
import base64
import hashlib
secret = 'mysecret'
uri = '/my/uri'
expire = '1470055000'
md5 = hashlib.md5()
md5.update(secret + uri + expire)
token = base64.b64encode(md5.digest()).replace('=','').replace('+','-').replace('/','_')
print '' % (uri, token, expire)


  • secret: a string of your choice that will be used to generate the token.
  • uri: the URI to use with the token.
  • expire: the expiration time of the token.

To instantiate the Secure Token integration, follow the steps:

  1. In the Products menu, select Edge Firewall in the SECURE section.
  2. Click the Add Rule Set button.
  3. Give an easy to remember name to your edge firewall.
  4. Select the domains you want to protect with the function.
  5. Turn the Edge Functions switch on.
  6. Click the Save button.

Done. Now you’ve instantiated the edge firewall for your function.

To instantiate the Secure Token integration, while still on the Edge Firewall page, select the Functions tab and follow these steps:

  1. Click the Add Function button.
  2. Give an easy-to-remember name to your instance.
  3. On the dropdown menu, select the Secure Token function.

This action will load the function, showing a form with the function code and, just above it, two tabs: Code and Args. By clicking the Code tab, you’ll be able to navigate through the code but not change it. In the same box, you have another tab: the Args tab. On the Args tab, you’ll pass the secret that you used to generate the token previously.

The Args tab will load a JSON file that looks like this:

"secure_token_secret": "thatisthesecret"

Where the secure_token_secret will be the secret string you’ve passed on the code when generating the token on the previous step.

Click the Save button and you’re done. Your Edge Firewall Secure Token integration is now instantiated.

To finish, you have to set up the Rules Engine to configure the behavior and the criteria to run the function.

Still in the Edge Firewall page, select the Rules Engine tab and follow these steps:

  1. Click the New Rule button.
  2. Give a name to the rule.
  3. Select a criteria to run and catch the domain you want to run the integration on. For example: if Hostname is equal
  4. Below, select the Run Function behavior to the criteria.
  • Select the adequate Secure Token function according to the name you gave it in the instantiate step.
  1. Click the Save button.

Done. Now the Secure Token integration is running for every request made to the domain you indicated.