This example shows how to generate an example "X-Akamai-ACS-Auth-Data" header, known throughout this documentation as
[signature header 1].
- Using the recommended
- The epoch time for the request is
X-Akamai-ACS-Auth-Data: 5, 0.0.0.0, 0.0.0.0, 1280000000, 382644692, UploadAccountMedia
With the values set in the
X-Akamai-ACS-Auth-Data header, for the sake of example, assume the following for this example:
[key](“shared secret”) value is
- The request path from the HTTP request for an upload action is
- In addition, various optional upload action header fields are defined, and they too, must be included.
With these variables, the HMAC-SHA256 would then be as follows:
HMAC-SHA256("abcdefghij", "5, 0.0.0.0, 0.0.0.0, 1280000000, 382644692, UploadAccountMedia" + "/123456/files_baseball/sweep.m4a\n" + "x-akamai-acs-action:version=1&action=upload" + "&md5=0123456789abcdef0123456789abcdef" + "&mtime=1260000000\n")
In this particular example, there are exactly two newline and five space characters in the string that is signed using HMAC-SHA256
As a result, the
X-Akamai-ACS-Auth-Sign header would look as follows (after all of the above-values were SHA-256 hashed):
With both headers established, an example call incorporating them might look like the example that follows. (This call uses the
upload action, along with its required and optional action header fields.)
PUT /123456/files_baseball/sweep.m4a HTTP/1.1 Host: example-nsu.akamaihd.net X-Akamai-ACS-Action: version=1&action=upload&md5=0123456789abcdef0123456789abcdef&mtime=1260000000 X-Akamai-ACS-Auth-Data: 5, 0.0.0.0, 0.0.0.0, 1280000000, 382644692, UploadAccountMedia ← [signature header 1] X-Akamai-ACS-Auth-Sign:yh1MXm/rv7RKZhfKlTuSUBV69Acph5IyOWCU0/nFjms= ← [signature header 2] [PUT body]
When the NetStorage server receives a request, it can use the information in the request to verify the following:
- Ensure that both of the above-specified headers exist. (The
← [signature header #]content is just for labeling purposes, and is not included.)
- Ensure that the version given in the
X-Akamai-ACS-Auth-Dataheader is a supported version.
- Ensure that the
[Key]given corresponds to the
- Ensure that the
X-Akamai-ACS-Auth-Dataheader is within +/- 60 seconds of the current time.
- Ensure that the signature matches both the given
X-Akamai-ACS-Auth-Dataheader, and the
- The NetStorage Server may check that the given
X-Akamai-ACS-Auth-Dataheader has not been used before.
If any of the above steps fail, the recipient server should reject the request.
Your account team can provide sample code to help implement these steps.