Protecting Content Access with Signed URLs

To prevent unauthorized usage of your content links on external websites or applications, you can enforce access through Signed URLs.

A Signed URL consists of a standard URL augmented with enforced query string parameters. The URL will only be accessible if the specified conditions are met and the URL has not expired.

Generating Signed URLs Using SDKs

We provide SDKs for generating Signed URLs in popular programming languages:

• NodeJS (byteark/byteark-sdk-js) (opens new window)
• PHP (byteark/byteark-sdk-php) (opens new window)
• Go (byteark/byteark-sdk-go) (opens new window)

Example Code for Creating Signed URLs

Installation

npm install --save byteark-sdk

Example Codes

import { ByteArkV2UrlSigner } from 'byteark-sdk';
const signer = new ByteArkV2UrlSigner({
  access_id: '<your-signing-key>',
  access_secret: '<your-signing-secret>',
});
// This sample will making a 1-day expired signed URL
const expireTimestamp = Math.floor(Date.now() / 1000) + 86400;
const signedUrl = signer.sign(
  'https://example.cdn.byteark.com/path/to/file.png',
  expireTimestamp,
  {
    method: 'GET'
  }
);
console.log(signedUrl)
/*
Output:
https://example.cdn.byteark.com/path/to/file.png
    ?x_ark_access_id=2Aj6Wkge4hi1ZYLp0DBG
    &x_ark_auth_type=ark-v2
    &x_ark_expires=1514764800
    &x_ark_signature=OsBgZpn9LTAJowa0UUhlYQ
*/

วิธีการติดตั้ง

composer install byteark-sdk

Example Codes

<?php
// Creating a signer instance
// TODO: Please replace signing key and secret with your own
$signer = new \ByteArk\Signer\ByteArkV2UrlSigner([
  access_id => '<your-signing-key>',
  access_secret => '<your-signing-secret>'
]);
// This sample will making a 1-day expired signed URL
$expireTimestamp = time() + 86400;
$signedUrl = $signer->sign(
  'https://example.cdn.byteark.com/path/to/file.png',
  $expireTimestamp,
  [
    'method' => 'GET',
  ]
);
echo($signedUrl);
/*
Output:
https://example.cdn.byteark.com/path/to/file.png
  ?x_ark_access_id=2Aj6Wkge4hi1ZYLp0DBG
  &x_ark_auth_type=ark-v2
  &x_ark_expires=1514764800
  &x_ark_signature=OsBgZpn9LTAJowa0UUhlYQ
*/

Enforceable Conditions for Signed URLs

x_ark_expires (requiredSets the expiration time of the link as a Unix Timestamp. If the link is accessed after this time, an error response with status 410 Gone will be returned.

x_ark_user_agent

Specifies that the request must be made with the User Agent defined when the signature was created.

x_ark_path_prefix

Allows the signature to be used with this Signed URL and other Signed URLs that have the same path prefix. This is often used to create a single Signed URL that grants access to all URLs within a specified directory.

x_ark_geo_allow

Specifies that the URL can only be accessed from the specified countries. Separate multiple countries with a comma.

x_ark_geo_block

Specifies that the URL cannot be accessed from the specified countries. Separate multiple countries with a comma.