SetRequestAuthConfig

Description

You can call this operation to configure hotlinking prevention based on the timestamp and shared key for a domain name.

Note:

• Hotlinking prevention based on the timestamp and shared key is disabled by default after a domain name is added.

Request syntax

The API request contains the specified directory /2016-09-01/domain/SetRequestAuthConfig, common request headers, and operation-specific request parameters. For more information, see the sample request.

Request headers

Header	Required	Type	Description
X-Version	Yes	String	The version number. Set the value to 2016-09-01.
X-Action	Yes	String	The operation that you want to perform. Set the value to SetRequestAuthConfig.

Request parameters

Parameter	Required	Type	Description
DomainId	Yes	String	The ID of the domain name.
Enable	Yes	String	Specifies whether to enable hotlinking prevention based on the timestamp and shared key. Valid values: on and off. Default value: off. If the Enable parameter is set to on, the AuthType, Key1 and ExpirationTime parameters are required. If the Enable parameter is set to off, the following parameters are ignored.
AuthType	Yes	String	The hotlinking prevention type. Valid values: typeA and typeB. Default value: typeA. This parameter is required if the Enable parameter is set to on. For more information, see the description below.
Key1	Yes	String	The primary shared key, which must be 6 to 128 characters in length and can contain uppercase or lowercase letters (A to Z or a to z) and digits (0 to 9).
Key2	No	String	The secondary shared key, which must be 6 to 128 characters in length and can contain uppercase or lowercase letters (A to Z or a to z) and digits (0 to 9).
ExpirationTime	Yes	Long	The expiration time. Unit: seconds. Valid values: 0 to 31536000.

Hotlinking prevention types

1. typeA: Both the encryption string md5hash and the timestamp are included in the URL parameters.
   http://DomainName/FileName?t=timestamp&k=md5hash
2. typeB: Both the encryption string md5hash and the timestamp are included in the URL path, and the md5hash value is placed before the timestamp.
   http://DomainName/md5hash/timestamp/FileName

Standard configurations

• The timestamp is a decimal UNIX timestamp in seconds, for example, 1566299655. The md5hash value is calculated by using the MD5 algorithm based on the key, URI, and timestamp.
• Sample configuration for http://selftest.com/main2.css:
  Assume that typeA hotlinking prevention is to be configured, the key is aaaaaaaaaaa, the timestamp is 1566299655, and the URI is /main2.css.
  In this case, md5hash = md5(aaaaaaaaaaa/main2.css1566299655) = 2f24a0858b44959f095c7c7eb41c114d.
• In this example, the URL accessed after authentication is http://selftest.com/main2.css?t=1566299655&k=2f24a0858b44959f095c7c7eb41c114d.

Examples

Sample request

GET method:

GET /2016-09-01/domain/SetRequestAuthConfig?DomainId=2D09XC0&Enable=on& AuthType=typeA& Key1=qwerqyt& ExpirationTime=3600
Host: cdn.api.ksyun.com
X-Amz-Date: date
Authorization:authorization string
x-action: SetRequestAuthConfig
x-version: 2016-09-01

POST method:

POST /2016-09-01/domain/SetRequestAuthConfig
Host: cdn.api.ksyun.com
X-Amz-Date: date
Authorization:authorization string
x-action: SetRequestAuthConfig
x-version: 2016-09-01
Content-Type: application/json

{
  "DomainId":"2D08M8V",
  "Enable":"on",
  "AuthType":"typeA",
  "Key1":"qwerqyt",
  "ExpirationTime":"3600"
}

Sample response

• Note: If this operation is successfully called, the HTTP status code 200 is returned, without a return value. If this operation fails to be called, the HTTP status code 403 or 400 is returned. For more information about the error codes for the HTTP status code 400, see Usage notes.