When sending requests for transcoding, it’s essential to include a token string in the Authorization header. This Token is a security mechanism to ensure that only requests with a valid token get processed.

Note: The token includes your AccessKey and is encrypted with your AccessKey Secret. Be sure to obtain your own pair of AccessKey and AccessKey Secret before proceeding.

How to Create

This token is a combination of your AccessKey and EncodeSign, presented in this format:

Token = [AccessKey]:[EncodeSign]

Here’s the detailed process of generating these tokens:

Step 1: Generate EncodeSign

The EncodeSign can be computed using this pseudocode:

EncodeSign = Urlsafe_base64_encode(HMAC_SHA1(StringToSign,AccessKey Secret))

This computation involves several steps:

Formulate StringToSign

StringToSign is a specific string used to compute the signature. For media processing requests, it’s formed in this way:

StringToSign = '/fops' + '\n' + [Request Body]

For instance, if your Request Body is ‘bucket=bXA*&key=c3d*&fops=YXZ*’, your StringToSign will look like this:

/fops\nbucket=bXA0LWhscy1oaw==key=c3dhbl9vcmlnaW5hbC5tb3Y=fops=YXZ0aHVtYi9tcDQvbmJoZC8xfHNhdmVhcy9iWEEwTFdoc2N5MW9henB6ZDJGdVgyeGlhR1F1Ylc5Mg==

Compute the Signature

Use your AccessKey Secret and the StringToSign to calculate the Signature, represented as:

Signature = HMAC_SHA1(StringToSign, AccessKey Secret)

For HMAC implementation, you can refer to either:

• HMAC WIKI
• CDNetworks Example Code

Base64 Encode the Signature

Next, encode the signature by applying a URL-safe Base64 encoding to produce the encodeSign:

EncodeSign = Urlsafe_base64_encode(Signature)

Step 2: Obtain your AccessKey

Your AccessKey and AccessKey Secret can be retrieved by going to: Account Management > API Information Management > AccessKey Management in your account.

Step 3: Create the Token

Lastly, combine the EncodeSign and AccessKey to create your personalized token necessary for request authentication:

Token = [AccessKey]:[encodeSign]

For a practical application of this process, we offer several exmaples that generate a token upon execution. These examples are readily available for your use.