Last updated: 2020-03-19 17:57:01


Algorithm description

Access URL format

Algorithm description

  • Timestamp: decimal (UNIX timestamp).
  • Rand: random string, 0-100 bit random string, consisting of uppercase and lowercase letters and numbers.
  • Uid:0
  • Md5hash:MD5 (file path-timestamp-rand-uid- custom key).

Request Sample

When calculating MD5, if the request path is http://cloud.tencent.com/test.jpg The path when calculating MD5 is /test.jpg .

Configuration Guid

Parameter description

The required configurations for TypeA are as follows:
Custom authentication key It is composed of 6-32 bits uppercase and lowercase letters and numbers. The key needs to be kept secret and is known only to the client and the server.
Custom authentication parameter name Replace the sign in the example with a parameter name consisting of any 1-100 uppercase and lowercase letters, numbers or underscores. After receiving the request, CDN takes out the corresponding value according to the specified signature parameters and performs MD5 calculation. If the passed md5hash value is matched, the signature verification is passed. If the verification fails, 403 is returned directly.
Custom effective time Use the timestamp, carried in the request plus the configured valid time to compare it with the current time to determine whether the request is Expire. If Expire, it will directly return 403.

Effective object

After configuring the key, parameter name and Expire time, you can specify the authentication object as needed, and the following three modes are supported:

  • Authentication verification is required for all files under the specified domain name.
  • It is supported that files of the specified type are not authenticated. Other files need to be authenticated.
  • Specified type files are supported for authentication verification.


Cache hit rate
For a domain name with TypeA authentication mode enabled, Access URL will carry authentication parameters. When caching resources on CDN nodes, the corresponding parameters will be automatically ignored and cached, which will not affect the hit rate of domain name cache.
Origin-Pull Policy
The domain name with TypeA authentication mode enabled. The format of Access is:

After the authentication is passed, if the CDN node is missed, the node will initiate Origin-pull request. The format is consistent with Access's request, and the sign parameter will be retained. Real server can ignore or re-check as needed.