Protecting content from improper access with Azion Secure Token

Edit on GitHub

Preventing the indiscriminate sharing of content restricted to customers, such as video lessons, photos and books, from their platforms, is a challenge that distance learning institutions and other companies that offer online content face. Although access to this content is done through interfaces that require user authentication, it is possible to directly access a file via its URL, which makes it easy to share.

An efficient way of protecting URLs is to use a secure token generated by the source application, which is required whenever content is accessed. That way, even if a link to a file is shared, someone can only have access if they have a valid secure token.

Direct Access Control in Edge

Protect your content from unauthorized access and sharing with Secure Token from Azion. By running directly at the edge of the network, Edge Function Secure Token is a simple, fast and effective solution to control permissions for restricted or personalized access to content, such as videos, lessons or images among others.

By running within Azion’s Edge Nodes, closer to the users, Edge Function Secure Token can validate the authenticity of requests even before they reach your infrastructure, which speeds up the process and provides extra security for your business.

How does Azion’s Secure Token work?

Before you begin, check that the Edge Functions service, is active in your Azion account and that you already have the function Secure Token in your Edge Functions Libraries. If not, please get in contact with our commercial team to access the service.

It is very simple to use: The source application must have a Secure Token generator implemented for the URLs it wants to protect. Each protected URL will only be accessible through Azion, if a valid Token is present. The Token is a hash of the URL, whose content is being requested. It includes an expiry period for the token itself and a secret key (Secret). If the Token has expired, the Secret is not correct or the Token is not valid for the relevant URL, access to the content will be denied.

See examples of Secure Token generation codes on Github for more information:

To configure your Secure Token Function, edit the Edge Firewall to which you want to assign this service, making sure that the Edge Function option is enabled in the Main Settings tab. Next, go to the Functions tab and add a new function Secure Token. Make sure you give it an appropriate identifiable name (for example MySecureToken), as you will need to be able to identify it later when configuring it in the Rule Engine. Note that the function code appearing in the Code field, is just for information. In the Json Args tab, enter the secret key for generating the hash, as in the example below, and save your function.

   "secure_token_secret": "mysecretkey"

Example of the configuration of the secret with JSON Args parameters

Once set up, just link your Function with a Rule Engine within your Edge Firewall. On the Rules Engine tab, use the Default Rule or create a new rule with the validation criteria (criteria) to activate your function. In the Behavior section, select Run Function and choose the Secure Token Function that you created.

Didn’t find what you were looking for? Open a support ticket.