All Products
Document Center

URL authentication

Last Updated: Dec 05, 2018


This function protects user site resources against unauthorized downloading and leeching. By applying the Referrer blacklist or whitelist, you can only resolve some leeching issues because the Referrer content can be forged. Therefore, URL authentication is required to protect origin site resources in a more secure and effective manner.

How it works

URL authentication uses Alibaba Cloud CDN nodes and client resource sites to provide more secure and reliable anti-leech protection for origin site resources.

Authentication process:

  1. The CDN client site provides you with an encrypted URL (including permission verification information).
  2. Use the encrypted URL to initiate a request to the CDN node.
  3. The CDN node verifies the permission information in the encrypted URL to validate the request. Then, the node responds to the request if it is valid or rejects it if it is invalid.

Authentication method

Currently, VOD only supports authentication method A. Based on your business needs, you can select a suitable authentication method to effectively protect the resources on your origin site.


  1. Go to the Domain Names page, select the target domain name, and click Configure.

  2. Choose Access Control > URL Authentication and Click Modify.

  3. Enable URL Authentication, select the authentication type, and enter the primary and backup keys.

  4. After URL authentication is enabled, the URLs of the videos, audio, album arts, and screenshots in VOD are all authenticated. The VOD playback service automatically generates a playback URL with a validity period. The Player SDK and Obtain the stream playback address operation also automatically use or return a playback URL with a validity period. For information about how to manually generate a dynamic authentication URL, see the Developer Guide - URL authentication.

    URL authentication


    • The primary and backup keys are both 6 to 32 characters in length and can contain case-sensitive letters and numbers.
    • The primary and backup keys are equally effective. The backup key is mainly used to ensure a smooth switchover. If the primary key is changed, all the playback addresses created with the original primary key immediately become invalid. When you switch the primary key to the backup key, the playback addresses created with the original primary key remain valid for a period of time. This ensures a smooth switchover.