Update Secure Token
Update SecureToken of HTTP push zone
curl -X POST "https://api.5centscdn.com/v2/zones/http/push/42/securetoken" \
-H "Content-Type: application/json" \
-H "X-API-Key: YOUR_API_KEY" \
-d '{
"enabled": "Y",
"policy": "Q",
"keyip": "N",
"list": "ab12cd34ef56gh78",
"timeout": 3600,
"session": "0",
"ips": ""
}'
import requests
import json
url = "https://api.5centscdn.com/v2/zones/http/push/42/securetoken"
headers = {
"Content-Type": "application/json",
"X-API-Key": "YOUR_API_KEY"
}
data = {
"enabled": "Y",
"policy": "Q",
"keyip": "N",
"list": "ab12cd34ef56gh78",
"timeout": 3600,
"session": "0",
"ips": ""
}
response = requests.post(url, headers=headers, json=data)
print(response.json())
const response = await fetch("https://api.5centscdn.com/v2/zones/http/push/42/securetoken", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-API-Key": "YOUR_API_KEY"
},
body: JSON.stringify({
"enabled": "Y",
"policy": "Q",
"keyip": "N",
"list": "ab12cd34ef56gh78",
"timeout": 3600,
"session": "0",
"ips": ""
})
});
const data = await response.json();
console.log(data);
package main
import (
"fmt"
"net/http"
"bytes"
"encoding/json"
)
func main() {
data := []byte(`{
"enabled": "Y",
"policy": "Q",
"keyip": "N",
"list": "ab12cd34ef56gh78",
"timeout": 3600,
"session": "0",
"ips": ""
}`)
req, err := http.NewRequest("POST", "https://api.5centscdn.com/v2/zones/http/push/42/securetoken", bytes.NewBuffer(data))
if err != nil {
panic(err)
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("X-API-Key", "YOUR_API_KEY")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println("Response Status:", resp.Status)
}
require 'net/http'
require 'json'
uri = URI('https://api.5centscdn.com/v2/zones/http/push/42/securetoken')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri)
request['Content-Type'] = 'application/json'
request['X-API-Key'] = 'YOUR_API_KEY'
request.body = '{
"enabled": "Y",
"policy": "Q",
"keyip": "N",
"list": "ab12cd34ef56gh78",
"timeout": 3600,
"session": "0",
"ips": ""
}'
response = http.request(request)
puts response.body
{
"result": "success",
"message": "Zone Updated",
"zone": {
"type": "push",
"id": 12345,
"serviceid": 67890,
"alias": "my-cdn-zone",
"hashid": "abc123def456",
"mode": "http",
"optimizer": "0",
"cnames": "",
"edgeruleids": 0,
"rclone": 0,
"disabled": "0",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-06-01T08:00:00Z",
"deleted": null,
"router": "mycdn",
"remaining": 0,
"status": "active",
"name": "my-cdn-zone",
"fqdn": "cdn.example.com",
"ssl": {
"http": "N",
"http2": "Y",
"redirect": "Y",
"mode": "S",
"certid": null,
"zerossl": null,
"enabled": "Y",
"warning": false
},
"cnamesArr": [
"cdn.example.com"
],
"cnamesArrFqdn": [
"cdn.example.com"
],
"waf": {
"enabled": "N"
},
"defaultBehaviors": {},
"edgeRules": [],
"cache": {
"smart": "0",
"cache": "4h",
"expiry": "1M",
"querystring": "N",
"cachecontrol": "Y",
"usestale": "Y",
"revalidate": "Y",
"cacheInSecs": 14400,
"cacheInMins": 240,
"expiryInSecs": 2592000,
"expiryInMins": 43200
},
"edge": {
"compression": "N",
"compressionlevel": 5,
"disposition": "N",
"stripcookie": "N",
"xff": "N",
"cors": "Y",
"webp": "N",
"pseudostreaming": "N",
"wp": "N",
"lfo": "Y",
"prefresh": "N"
},
"domainlock": {
"policy": "N",
"list": "example.com,cdn.example.com",
"ips": "203.0.113.10",
"noreferer": "N",
"type": "push",
"enabled": "N",
"active": "N"
},
"geoblock": {
"policy": "N",
"list": [
"US",
"GB"
],
"ips": "203.0.113.10",
"enabled": "N",
"active": "N"
},
"ipaccess": {
"enabled": "Y",
"policy": "N",
"list": "203.0.113.10,10.0.0.0/8",
"ips": "",
"active": "N"
},
"useragent": {
"enabled": "Y",
"policy": "N",
"list": "*Chrome*;;;*Firefox*",
"casesensitive": "N",
"ips": "",
"active": "N",
"listArr": [
"*Chrome*",
"*Firefox*"
]
},
"securetoken": {
"policy": "F",
"keyip": "N",
"list": "ab12cd34ef56gh78",
"timeout": 3600,
"session": "0",
"ips": "",
"dirs": "",
"enabled": "N",
"active": "N"
},
"bwlimit": {
"enabled": "Y",
"policy": 0,
"rate": 0,
"rateafter": 0
},
"eac": {
"policy": "N",
"list": "http://example.com/auth.script",
"ips": "203.0.113.10",
"enabled": "N",
"active": "N"
},
"behaviorId": 11111,
"linkedVideoManager": null,
"hostHeader": "cdn.example.com",
"storageHost": "storage.example.com",
"storageHostBackup": "storage-eu.example.com",
"osAuthUrl": "https://storage.example.com/v3/",
"horizonUrl": "https://storage.example.com/horizon/",
"cdnservice": {
"purgeurls": [
"/dashboard/67890/zones/http/push/12345/purge"
],
"purgeurl": "["\\/dashboard\\/67890\\/zones\\/http\\/push\\/12345\\/purge"]",
"authtoken": "c2FtcGxlLWF1dGh0b2tlbi1oZXJl",
"infourl": "https://cdn-service.example.com/service.php/info/5/push/12345",
"listurl": "https://cdn-service.example.com/service.php/list/5/push/12345",
"rawlisturl": "https://cdn-service.example.com/service.php/raw/list/5/push/12345",
"transcodelisturl": "https://cdn-service.example.com/service.php/transcode/list/5/push/12345",
"addurl": "https://cdn-service.example.com/service.php/add/5/push/12345",
"editurl": "https://cdn-service.example.com/service.php/edit/5/push/12345",
"deleteurl": "https://cdn-service.example.com/service.php/delete/5/push/12345",
"uploadurl": "https://cdn-service.example.com/upload.php",
"playlisturl": "https://cdn-service.example.com/service.php/playlist"
},
"ftpdetails": {
"username": "user_67890_push_12345",
"password": "••••••••"
},
"playbackurls": {},
"s3details": {
"relid": 12345,
"type": "push",
"projectid": "abc123def456789012345678abcdef12",
"token": "sample-access-token",
"projectid2": "def456abc789012345678901abcdef34",
"token2": "sample-access-token",
"active": "1",
"updated_at": "2024-06-01T08:00:00Z",
"last_modified": ""
},
"transcodefile": {
"profiles": [
"1",
"2"
],
"emails": [
"admin@example.com"
],
"webhooks": [
"https://hooks.example.com/webhook"
]
},
"server": {
"code": "206",
"name": "Singapore",
"country": "SouthEast Asia",
"meta": {
"uploadPort": "21",
"uploadHost": "upload.example.com"
}
},
"hasEdgeRules": false
}
}
/zones/http/push/{zoneid}/securetokenTarget server for requests. Edit to use your own host.
API key (sent in header)
Zone ID
The media type of the request body
Enable or disable secure token.
Defines how the token is computed. Q = Query string mode (token applied per query string parameter). F = Full path mode (token covers the full URL path). D = Directory/path-embedded mode (token is embedded within the URL path).
Bind token validation to the originating client IP address. Y = token is only valid from the IP that generated it, preventing sharing or theft. N = IP binding is disabled.
Secret token key - 16-character hexadecimal string.
Token expiry time in seconds. Minimum 5, maximum 25200.
Defines the token expiry behavior. "0" = Fixed expiry (token expires at a set time). "1" = Rolling/Moving expiry (token timeout resets with each request for active sessions).
Comma-separated IPs excluded from the secure token check.
Request Preview
Response
Response will appear here after sending the request
Authentication
API Key for authentication. Provide your API key in the header.
Path Parameters
Body
Defines how the token is computed. Q = Query string mode (token applied per query string parameter). F = Full path mode (token covers the full URL path). D = Directory/path-embedded mode (token is embedded within the URL path).
QFDBind token validation to the originating client IP address. Y = token is only valid from the IP that generated it, preventing sharing or theft. N = IP binding is disabled.
YNDefines the token expiry behavior. "0" = Fixed expiry (token expires at a set time). "1" = Rolling/Moving expiry (token timeout resets with each request for active sessions).
01Responses
Status of the API response.
Human-readable status or result message
Zone type identifier, e.g. push or pull.
Unique numeric identifier for the zone.
Numeric identifier of the parent CDN service account.
User-defined label or alias for the zone.
Short alphanumeric hash identifier for the zone.
Delivery protocol mode for the zone, e.g. http.
Optimizer flag. 1 means enabled, 0 means disabled.
Comma-separated list of custom CNAME hostnames mapped to this zone.
Count of active edge rules assigned to this zone.
Indicates whether rclone sync is enabled. 1 means enabled, 0 means disabled.
Indicates whether the zone is disabled. 1 means disabled, 0 means active.
Timestamp when the zone was created (UTC).
Timestamp of the most recent zone update (UTC).
Timestamp when the zone was deleted, or null if not deleted.
Internal routing identifier for the zone edge network.
Remaining quota or resource balance for the zone.
Human-readable zone status, e.g. Enabled or Disabled.
Auto-generated system name for the zone.
Fully qualified domain name assigned to the zone by the CDN.
Whether HTTP delivery is enabled alongside HTTPS. Y means enabled.
Whether HTTP/2 protocol is enabled. Y means enabled, N means disabled.
Whether HTTP traffic is automatically redirected to HTTPS.
SSL mode. S = shared/SNI, L = Lets Encrypt, C = custom certificate.
Identifier of the custom SSL certificate assigned to this zone, or null if none.
ZeroSSL certificate provisioning details, or null if not provisioned.
Whether SSL is enabled for this zone. Y means enabled, N means disabled.
SSL configuration warning message, or false if no warnings exist.
Array of custom CNAME hostnames for this zone.
Array of fully qualified domain names including zone FQDN and any CNAMEs.
Whether WAF is enabled for this zone. Y means enabled, N means disabled.
Map of default traffic behaviors keyed by network name.
Array of edge rule objects configured for this zone.
Smart cache flag. 1 means enabled, 0 means disabled.
Edge cache TTL duration code, e.g. 4h or 1d.
Browser cache TTL duration code, e.g. 1M. Empty string disables it.
Whether query strings are included in cache keys. Y means included.
Whether Cache-Control headers from origin are respected.
Whether stale cached content is served when origin is unavailable.
Whether conditional revalidation is performed before serving cached content.
Edge cache TTL in seconds.
Edge cache TTL in minutes.
Browser cache TTL in seconds.
Browser cache TTL in minutes.
Whether Gzip/Brotli compression is enabled. Y means enabled.
Compression level from 1 (fastest) to 9 (best compression).
Whether Content-Disposition header is sent to force file download.
Whether cookies are stripped from requests to the CDN edge.
Whether the X-Forwarded-For header is forwarded to the origin.
Whether CORS headers are added to responses. Y means enabled.
Whether automatic WebP image conversion is enabled.
Whether pseudo-streaming for progressive media files is enabled.
Whether WordPress optimizations are enabled.
Whether large file optimization is enabled.
Whether prefresh (background cache refresh) is enabled.
Referrer filtering mode. Y = Blacklist mode (block requests with listed referring domains). N = Whitelist mode (allow only requests from listed referring domains, block all others).
Comma-separated domain names to block (Y) or allow (N).
Comma-separated IP addresses excluded from domain lock restrictions regardless of the policy.
Controls requests with no Referer header. Y = block requests that have no Referer header. N = allow requests with no Referer header.
Zone type identifier, e.g. push or pull.
Whether domain lock is enabled. Y means enabled, N means disabled.
Whether domain lock is currently active. Y means active, N means inactive.
Country filtering mode. Y = Blacklist mode (block requests from listed countries). N = Whitelist mode (allow only requests from listed countries, block all others).
Array of ISO-3166 country codes to allow or block.
Comma-separated IP addresses excluded from geo-blocking restrictions.
Whether geo-blocking is enabled. Y means enabled, N means disabled.
Whether geo-blocking is currently active. Y means active, N means inactive.
IP address access control settings
Enable IP access control (omit to disable)
YY = Block listed IPs, N = Allow only listed IPs
YNComma-separated IP addresses or CIDR ranges to block or allow
Comma-separated IPs excluded from IP access restrictions
Whether IP access control is currently active. Y means active, N means inactive.
User-Agent string access control settings
Enable user agent control (omit to disable)
YY = Block listed user agents, N = Allow only listed user agents
YNSemicolon-separated (;;;) user agent strings. Use wildcard pattern for partial matching. Example: Chrome
Enable case-sensitive matching
YComma-separated IPs excluded from user agent restrictions
Whether user agent control is currently active. Y means active, N means inactive.
Array form of the user agent list entries.
Defines how the token is computed. Q = Query string mode (token applied per query string parameter). F = Full path mode (token covers the full URL path). D = Directory/path-embedded mode (token is embedded within the URL path).
Whether client IP is bound to the token. Y = token is only valid from the originating client IP. N = IP binding is disabled.
16-character hexadecimal secret key used for token generation.
Token expiry time in seconds. Minimum 5, maximum 25200.
Token expiry behavior. "0" = Fixed expiry (token expires at a set time). "1" = Rolling/Moving expiry (token timeout resets with each request for active sessions).
Comma-separated IP addresses excluded from secure token validation.
Optional directory restriction path for secure token enforcement.
Whether secure token is enabled. Y means enabled, N means disabled.
Whether secure token is currently active. Y means active, N means inactive.
Enable bandwidth limiter (omit to disable).
YRate limiting mode. 0 = Static mode (fixed rate applied from the start of the transfer). 1 = Dynamic mode (rate limiting activates only after rateafter bytes have been served).
01Throttle rate in KB/s applied after rateafter threshold is reached.
Amount of data in KB served before the throttle rate kicks in.
Access policy. Y means allow authenticated requests, N means deny.
Authentication URL for the external access control endpoint.
Comma-separated IP addresses excluded from external access control.
Whether external access control is enabled. Y means enabled, N means disabled.
Whether external access control is currently active. Y means active, N means inactive.
Identifier of the active default behavior configuration for this zone.
ID of the linked Video Manager instance, or null if none linked.
Host header value sent to the origin server for push zones.
Primary storage backend hostname for push zone file uploads.
Backup storage backend hostname used when primary is unavailable.
OpenStack authentication endpoint URL for the storage backend.
OpenStack Horizon dashboard URL for the storage backend.
Array of relative API paths for purging zone cache.
JSON-encoded array of purge URL paths.
Base64-encoded authentication token for CDN service API calls.
Endpoint URL to retrieve zone service metadata.
Endpoint URL to list files in the zone.
Endpoint URL to retrieve raw file listing.
Endpoint URL to list transcoded files.
Endpoint URL to add files to the zone.
Endpoint URL to edit file metadata.
Endpoint URL to delete files from the zone.
Endpoint URL for direct file uploads.
Endpoint URL to retrieve video playlists.
FTP username for authenticating to the push zone storage.
FTP password for authenticating to the push zone storage.
Playback URL set for the zone including HTTP, HLS, and player URLs.
Numeric zone ID this S3 credential set belongs to.
Zone type identifier, e.g. push or pull.
Primary S3 project identifier.
Primary S3 authentication token.
Secondary S3 project identifier for backup storage.
Secondary S3 authentication token for backup storage.
Whether S3 integration is active. 1 means active, 0 means inactive.
Timestamp of the most recent zone update (UTC).
Timestamp of the last file modification in the S3 bucket.
Array of transcoding profile IDs to apply automatically.
Array of email addresses to notify on transcoding completion.
Array of webhook URLs to call on transcoding completion.
Numeric server location code.
Human-readable name of the server location.
Geographic region or country of the server.
Additional server metadata including upload endpoint details.
FTP port number for uploading files to this server.
Hostname of the FTP upload server for this zone.
Indicates whether any edge rules are configured for this zone.