EdgeAuth-Token-Python is Akamai Edge Authorization Token in the HTTP Cookie, Query String, and Header for a client. You can configure it in the Property Manager at https://control.akamai.com. It's a behavior which is Auth Token 2.0 Verification.
EdgeAuth-Token-Python supports Python 2.6–2.7 & 3.3–3.6 and runs great on PyPy.
To install Akamai Edge Authorization Token for Python:
$ pip install akamai-edgeauth
from akamai.edgeauth import EdgeAuth, EdgeAuthError
import requests # just for this example
ET_HOSTNAME = 'edgeauth.akamaized.net'
ET_ENCRYPTION_KEY = 'YourEncryptionKey'
DEFAULT_WINDOW_SECONDS = 500 # seconds
- ET_ENCRYPTION_KEY must be hexadecimal digit string with even-length.
- Don't expose ET_ENCRYPTION_KEY on the public repository.
URL parameter option
# 1) Cookie
et = EdgeAuth(**{'key': ET_ENCRYPTION_KEY,
'window_seconds': DEFAULT_WINDOW_SECONDS})
token = et.generate_url_token("/akamai/edgeauth")
url = "http://{0}{1}".format(ET_HOSTNAME, "/akamai/edgeauth")
response = requests.get(url, cookies={et.token_name: token})
print(response) # Maybe not 403
# 2) Query string
token = et.generate_url_token("/akamai/edgeauth")
url = "http://{0}{1}?{2}={3}".format(ET_HOSTNAME, "/akamai/edgeauth", et.token_name, token)
response = requests.get(url)
print(response)
- 'Escape token input' option in the Property Manager corresponds to 'escape_early' in the code.
- Escape token input (on) == escape_early (True)
Escape token input (off) == escape_early (False)
- In [Example 2] for Query String, it's only okay for 'Ignore query string' option (on).
- If you want to 'Ignore query string' option (off) using query string as your token, Please contact your Akamai representative.
ACL(Access Control List) parameter option
# 1) Header using *
et = EdgeAuth(**{'key': ET_ENCRYPTION_KEY,
'window_seconds': DEFAULT_WINDOW_SECONDS})
token = et.generate_acl_token("/akamai/edgeauth/list/*")
url = "http://{0}{1}".format(ET_HOSTNAME, "/akamai/edgeauth/list/something")
response = requests.get(url, headers={et.token_name: token})
print(response)
# 2) Cookie Delimited by '!'
acl_path = ["/akamai/edgeauth", "/akamai/edgeauth/list/*"]
token = et.generate_acl_token(acl_path)
# url = "http://{0}{1}".format(ET_HOSTNAME, "/akamai/edgeauth")
url = "http://{0}{1}".format(ET_HOSTNAME, "/akamai/edgeauth/list/something2")
response = requests.get(url, cookies={et.token_name: token})
print(response)
- ACL can use the wildcard(*, ?) in the path.
- Don't use '!' in your path because it's ACL Delimiter.
- Use 'escape_early=False' as default setting but it doesn't matter turning on/off 'Escape token input' option in the Property Manager
EdgeAuth Class
class EdgeAuth(token_type=None, token_name='__token__', key=None, algorithm='sha256',
salt=None, ip=None, payload=None, session_id=None,
start_time=None, end_time=None, window_seconds=None,
field_delimiter='~', acl_delimiter='!', escape_early=False, verbose=False)
Parameter | Description |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EdgeAuth's Method
def generate_url_token(url)
def generate_acl_token(acl)
# Returns the authorization token string.
Parameter | Description |
---|---|
url | Single URL path (String) |
acl | Access Control List can use the wildcard(*, ?). It can be String (single path) or Array (multi paths) |
"/test" directory is only for the internal test.
If you use the Segmented Media Protection behavior in AMD(Adaptive Media Delivery) Product, token_name should be 'hdnts'.
$ python cms_edgeauth.py -k YourEncryptionKey -w 5000 -u /hello/world -x
Use -h or --help option for the detail.