User Tools

Site Tools


en:api_authentification

Authentication and authorization

vCDN supports different levels of access:

  • - full access: the customer name is used as login
  • - limited access: login has the form “customername-sublogin” (e.g. megatube-file), access to API is configured for each sublogin individually.

For example, you can create a separate account to work with files only or with access to statistics only.

The API has a tree-like structure: /class/action (or /class/action/specific in some cases) - for limited logins you can deny/allow access to the branch as a whole or to its single element.
A more specific rule has priority - you can deny access to /file/delete, even if access to the /file/ branch is allowed.

Currently, two authentication methods are supported:

  • - login/password
  • - otp (one time password)

Login/password

Regular plain HTTP authentication. You can request the API directly in browser (for example, read the documentation for a specific call).

In scripts, you can use URLs like http://login:password@cp.ahcdn.com/ (if traffic interception is a cause of concern, it is recommended to use https, but you can use http to decrease the delay).
Or, you can use special options or environment variables to specify the login/password for the appropriate utilities (wget, curl, ..)
Or you can generate Authentication HTTP-header and transmit it while executing an API- request:

# LOGIN=customer-role
# PASS=qwerty
# AUTH=`echo -n "$LOGIN:$PASS" | base64 -e`
# wget -O - --header='Accept-Encoding: *,gzip' --header="Authorization: Basic $AUTH" 'https://cp.ahcdn.com/api2/file/list'

OTP (one time password)

The token is sent as a GET or POST request parameter to the API query.

After verification, it is stored (saved to the cache) and next queries using it will be rejected.

OTP has the following form:

LOGIN:EXPIRE:SALT:AUTH
  • LOGIN - login, with full access or restricted one. It is important to have a PASSWORD corresponding to this login. It will used too.
  • EXPIRE - GMT timestamp of expiration time of OTP.
  • SALT - salt, any set of string characters.
  • AUTH - MD5 hash value of the string “EXPIRE:SALT:PASSWORD”

Example of API query with OTP

http://cp.ahcdn.com/api2/file/list?otp=login:1234567890:saltsalt:4e75803b98d555c986f2752fcb11d317&format=text&fields=id,status&filter_full_name=1/2/345.flv

Example of OTP generation

<?php
  function api_otp() {
  $LOGIN = 'login';
  $PASSWORD = 'password';
  $EXPIRE = time() + 300;
  $rnd_str = '';
  for ($i=1; $i&lt;=6; $i++) {
    $rnd_str = $rnd_str . chr(rand(0,255));
  }
  $SALT = strtr(base64_encode($rnd_str), '/', ',');
  $AUTH = md5("$EXPIRE:$SALT:$PASSWORD");
  return "$LOGIN:$EXPIRE:$SALT:$AUTH";
}
?&gt;
en/api_authentification.txt · Last modified: 2018/11/07 16:52 by zuborg