Multi CDN tasks

Review the sections here to properly set up multi-CDN for use in your Cloud Wrapper configuration.


Third-Party CDN Traffic Limits and Cloud Wrapper

​Akamai​ enforces a limit across all third-party content delivery networks for your MultiCDN configuration. The default is 20 Gbps. If you need this limit increased, reach out to your ​Akamai​ account team.

Authentication for Multi CDN

Cloud Wrapper uses Simple Header Authentication for secure connections. The default header name is Akamai-CDN-Origin-Auth. You can change this name when adding a CDN configuration depending on your chosen CDN provider.

Here's the default ​Akamai​ format that's used:

Akamai-CDN-Origin-Auth: amos=exp={date} ~acl=%2F%2A ~hmac={signature}

You can generate a token from your CDN provider to obtain these values:

  • amos. This is the token name.

  • exp. This is the epoch time of token creation. The expiration is based on this time.

  • acl. This is a URL-encoded Access List of URLs that gives access to: /*. Use this URL-encoded value: %2F%2A.

  • signature. This is an HMAC-SHA256 hash of the two token fields, expand acl.


You can use a token auth SDK to generate a token.

Example signature generation

Starting from ​Control Center​, create a shared-secret for each CDN you include in a multi-CDN configuration. The signature generation uses HMAC-SHA256.

  1. Generate a HEX-format shared_secret for the CDN, 77704f5541417a7a73666236

  2. Share the token's data field and shared_secret with the CDN provider:

    • Token name: amos

    • Secret: 77704f5541417a7a73666236

    • acl: %2F%2A

    • algorithm: hmac-sha256

At the CDN provider

In this example, assume the current epoch time is: 1591841414. The HMAC-SHA256 calculation over the token's fields as follows:

  • String-to-sign: exp= 1591841414~acl= %2F%2A
  • Signature: HMAC-SHA256(String-to-sign, Hex:Secret ): ea20f092942d08829ecb30e330ba1c78d768515df5efc383ee9ad335149d1a7d

Final example ​Akamai​ header

Akamai-CDN-Origin-Auth: amos=exp=1591841414~ acl=%2F%2A~ hmac=ea20f092942d08829ecb30e330ba1c78d768515df5efc383ee9ad335149d1a7d

Token Auth SDKs

Token auth software development kits (SDK) are available to generate tokens. They are available for multiple programming languages, and they account for all required and optional fields.

See the README section of these pages for details on how to use each SDK.

View individual CDN configurations

You can view and edit existing configurations, temporarily disable individual CDN access, or view origin hostnames.

  • CDN Name. The name of your added CDN.

  • Auth Key1 Expiry. The date your first auth key expires.

  • Auth Key2 Expiry. The date your second auth key expires.

  • HTTPs Only. Indicates if this CDN connects using HTTPS.

  • CP Code. Displays the associated ​Akamai​ content provider (CP) code, if applicable. (CP codes are used for tracking, billing, and reporting purposes.)

  • Enabled. Indicates if this CDN is enabled. You can change this from the Actions menu.

  • Actions. You can Edit, Disable CDN, View Origin Hostnames, or Remove CDN.

View Multi CDN origin hostnames

Use these hostnames as the origin for your third-party CDNs.

You can view the hostnames assigned to each CDN during the configuration process, or from the Cloud Wrapper configuration screen. Do this by accessing the Actions menu and selecting View Multi CDN Origin Hostnames.

The Origin Hostnames list

The Origin Hostnames list displays each CDN in the selected configuration, with the delivery type, location, and origin hostname. Click Download to store a plain-text file locally.


Ensure that your CDN targets the appropriate delivery hostname if you have multiple delivery properties assigned to your Cloud Wrapper configuration.

Enable DataStream logging

You can capture near real-time performance and security information for your Cloud Wrapper configuration by using DataStream.

To enable DataStream logging:

  1. Create a DataStream configuration using the DataStream application.

  2. Associate your DataStream configuration with this Cloud Wrapper configuration using the DataStream application.

  3. Use the Cloud Wrapper application to toggle the Enable DataStream Logging option.

See the DataStream User Guide for more details.