Update Securetoken
Update Securetoken of VoD push zone
curl -X POST "https://api.5centscdn.com/v2/zones/vod/push/42/securetoken" \
-H "Content-Type: application/json" \
-H "X-API-Key: YOUR_API_KEY" \
-d '{
"enabled": "Y",
"policy": "Q",
"keyip": "N",
"list": "ab12cd34ef56gh78",
"timeout": 3600,
"session": "0",
"ips": "1.2.3.4,5.6.7.8",
"mode": "S"
}'
import requests
import json
url = "https://api.5centscdn.com/v2/zones/vod/push/42/securetoken"
headers = {
"Content-Type": "application/json",
"X-API-Key": "YOUR_API_KEY"
}
data = {
"enabled": "Y",
"policy": "Q",
"keyip": "N",
"list": "ab12cd34ef56gh78",
"timeout": 3600,
"session": "0",
"ips": "1.2.3.4,5.6.7.8",
"mode": "S"
}
response = requests.post(url, headers=headers, json=data)
print(response.json())
const response = await fetch("https://api.5centscdn.com/v2/zones/vod/push/42/securetoken", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-API-Key": "YOUR_API_KEY"
},
body: JSON.stringify({
"enabled": "Y",
"policy": "Q",
"keyip": "N",
"list": "ab12cd34ef56gh78",
"timeout": 3600,
"session": "0",
"ips": "1.2.3.4,5.6.7.8",
"mode": "S"
})
});
const data = await response.json();
console.log(data);
package main
import (
"fmt"
"net/http"
"bytes"
"encoding/json"
)
func main() {
data := []byte(`{
"enabled": "Y",
"policy": "Q",
"keyip": "N",
"list": "ab12cd34ef56gh78",
"timeout": 3600,
"session": "0",
"ips": "1.2.3.4,5.6.7.8",
"mode": "S"
}`)
req, err := http.NewRequest("POST", "https://api.5centscdn.com/v2/zones/vod/push/42/securetoken", bytes.NewBuffer(data))
if err != nil {
panic(err)
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("X-API-Key", "YOUR_API_KEY")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println("Response Status:", resp.Status)
}
require 'net/http'
require 'json'
uri = URI('https://api.5centscdn.com/v2/zones/vod/push/42/securetoken')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri)
request['Content-Type'] = 'application/json'
request['X-API-Key'] = 'YOUR_API_KEY'
request.body = '{
"enabled": "Y",
"policy": "Q",
"keyip": "N",
"list": "ab12cd34ef56gh78",
"timeout": 3600,
"session": "0",
"ips": "1.2.3.4,5.6.7.8",
"mode": "S"
}'
response = http.request(request)
puts response.body
{
"result": "success",
"message": "Zone updated successfully",
"zone": {
"type": "push",
"id": 12345,
"serviceid": 67890,
"mode": "http",
"cnames": "",
"edgeruleids": 0,
"deleted": null,
"name": "my-cdn-zone",
"hashid": "abc123def456",
"fqdn": "cdn.example.com",
"fqdnVoD": "vod.example.com",
"edgerules": {
"enabled": "N"
},
"domainlock": {
"policy": "N",
"list": "example.com,cdn.example.com",
"ips": "203.0.113.10",
"noreferer": "N",
"type": "push",
"enabled": "N",
"active": "N"
},
"geoblock": {
"policy": "N",
"list": [
"US",
"GB"
],
"ips": "203.0.113.10",
"enabled": "N",
"active": "N"
},
"securetoken": {
"policy": "F",
"keyip": "N",
"list": "ab12cd34ef56gh78",
"timeout": 3600,
"session": "0",
"ips": "",
"dirs": "",
"enabled": "N",
"active": "N"
},
"eac": {
"policy": "N",
"list": "http://example.com/auth.script",
"ips": "203.0.113.10",
"enabled": "N",
"active": "N"
},
"ssl": {
"http": "N",
"http2": "Y",
"redirect": "Y",
"mode": "S",
"certid": null,
"zerossl": null,
"enabled": "Y",
"warning": false
},
"cache": {
"smart": "0",
"cache": "4h",
"expiry": "1M",
"querystring": "N",
"cachecontrol": "Y",
"usestale": "Y",
"revalidate": "Y",
"cacheInSecs": 14400,
"cacheInMins": 240,
"expiryInSecs": 2592000,
"expiryInMins": 43200
},
"edge": {
"compression": "N",
"compressionlevel": 5,
"disposition": "N",
"stripcookie": "N",
"xff": "N",
"cors": "Y",
"webp": "N",
"pseudostreaming": "N",
"wp": "N",
"lfo": "Y",
"prefresh": "N"
},
"transcodefile": {
"profiles": [
"1",
"2"
],
"emails": [
"admin@example.com"
],
"webhooks": [
"https://hooks.example.com/webhook"
]
},
"ftpdetails": {
"username": "user_67890_push_12345",
"password": "••••••••"
},
"server": {
"code": "206",
"name": "Singapore",
"country": "SouthEast Asia",
"meta": {
"uploadPort": "21",
"uploadHost": "upload.example.com"
}
},
"ssl_enabled": "Y"
}
}
/zones/vod/push/{zoneid}/securetokenTarget server for requests. Edit to use your own host.
API key (sent in header)
Zone ID
The media type of the request body
Enable or disable secure token. Y means enabled, N means disabled.
Defines how the token is computed. Q = Query string mode (token applied per query string parameter). F = Full path mode (token covers the full URL path). D = Directory/path-embedded mode (token is embedded within the URL path).
Bind token validation to the originating client IP address. Y = token is only valid from the IP that generated it, preventing sharing or theft. N = IP binding is disabled.
16-character hexadecimal secret key used for token generation.
Token expiry time in seconds. Minimum 5, maximum 25200.
Defines the token expiry behavior. "0" = Fixed expiry (token expires at a set time). "1" = Rolling/Moving expiry (token timeout resets with each request for active sessions).
Comma-separated IPs excluded from token check.
S=shared (zone-level)
Request Preview
Response
Response will appear here after sending the request
Authentication
API Key for authentication. Provide your API key in the header.
Path Parameters
Body
Defines how the token is computed. Q = Query string mode (token applied per query string parameter). F = Full path mode (token covers the full URL path). D = Directory/path-embedded mode (token is embedded within the URL path).
QFDBind token validation to the originating client IP address. Y = token is only valid from the IP that generated it, preventing sharing or theft. N = IP binding is disabled.
YN16-character hexadecimal secret key used for token generation.
ab12cd34ef56gh78Defines the token expiry behavior. "0" = Fixed expiry (token expires at a set time). "1" = Rolling/Moving expiry (token timeout resets with each request for active sessions).
01Responses
Status of the API response.
Human-readable status message describing the outcome.
Zone type identifier, e.g. push or pull.
Unique numeric identifier for the zone.
Numeric identifier of the parent CDN service account.
Delivery protocol mode for the zone, e.g. http.
Comma-separated list of custom CNAME hostnames mapped to this zone.
Count of active edge rules assigned to this zone.
Timestamp when the zone was deleted, or null if not deleted.
Auto-generated system name for the zone.
Short alphanumeric hash identifier for the zone.
Fully qualified domain name assigned to the zone by the CDN.
Fully qualified VoD domain name assigned to the zone by the CDN.
Whether edge rules are enabled for this zone. Y means enabled, N means disabled.
Referrer filtering mode. Y = Blacklist mode (block requests with listed referring domains). N = Whitelist mode (allow only requests from listed referring domains, block all others).
Comma-separated domain names to block (Y) or allow (N).
Comma-separated IP addresses excluded from domain lock restrictions regardless of the policy.
Controls requests with no Referer header. Y = block requests that have no Referer header. N = allow requests with no Referer header.
Zone type identifier, e.g. push or pull.
Whether domain lock is enabled. Y means enabled, N means disabled.
Whether domain lock is currently active. Y means active, N means inactive.
Country filtering mode. Y = Blacklist mode (block requests from listed countries). N = Whitelist mode (allow only requests from listed countries, block all others).
Array of ISO-3166 country codes to allow or block.
Comma-separated IP addresses excluded from geo-blocking restrictions.
Whether geo-blocking is enabled. Y means enabled, N means disabled.
Whether geo-blocking is currently active. Y means active, N means inactive.
Defines how the token is computed. Q = Query string mode (token applied per query string parameter). F = Full path mode (token covers the full URL path). D = Directory/path-embedded mode (token is embedded within the URL path).
Whether client IP is bound to the token. Y = token is only valid from the originating client IP. N = IP binding is disabled.
16-character hexadecimal secret key used for token generation.
Token expiry time in seconds. Minimum 5, maximum 25200.
Token expiry behavior. "0" = Fixed expiry (token expires at a set time). "1" = Rolling/Moving expiry (token timeout resets with each request for active sessions).
Comma-separated IP addresses excluded from secure token validation.
Optional directory restriction path for secure token enforcement.
Whether secure token is enabled. Y means enabled, N means disabled.
Whether secure token is currently active. Y means active, N means inactive.
Access policy. Y means allow authenticated requests, N means deny.
Authentication URL for the external access control endpoint.
Comma-separated IP addresses excluded from external access control.
Whether external access control is enabled. Y means enabled, N means disabled.
Whether external access control is currently active. Y means active, N means inactive.
Whether HTTP delivery is enabled alongside HTTPS. Y means enabled.
Whether HTTP/2 protocol is enabled. Y means enabled, N means disabled.
Whether HTTP traffic is automatically redirected to HTTPS.
SSL mode. S = shared/SNI, L = Lets Encrypt, C = custom certificate.
Identifier of the custom SSL certificate assigned to this zone, or null if none.
ZeroSSL certificate provisioning details, or null if not provisioned.
Whether SSL is enabled for this zone. Y means enabled, N means disabled.
SSL configuration warning message, or false if no warnings exist.
Smart cache flag. 1 means enabled, 0 means disabled.
Edge cache TTL duration code, e.g. 4h or 1d.
Browser cache TTL duration code, e.g. 1M. Empty string disables it.
Whether query strings are included in cache keys. Y means included.
Whether Cache-Control headers from origin are respected.
Whether stale cached content is served when origin is unavailable.
Whether conditional revalidation is performed before serving cached content.
Edge cache TTL in seconds.
Edge cache TTL in minutes.
Browser cache TTL in seconds.
Browser cache TTL in minutes.
Whether Gzip/Brotli compression is enabled. Y means enabled.
Compression level from 1 (fastest) to 9 (best compression).
Whether Content-Disposition header is sent to force file download.
Whether cookies are stripped from requests to the CDN edge.
Whether the X-Forwarded-For header is forwarded to the origin.
Whether CORS headers are added to responses. Y means enabled.
Whether automatic WebP image conversion is enabled.
Whether pseudo-streaming for progressive media files is enabled.
Whether WordPress optimizations are enabled.
Whether large file optimization is enabled.
Whether prefresh (background cache refresh) is enabled.
Array of transcoding profile IDs to apply automatically.
Array of email addresses to notify on transcoding completion.
Array of webhook URLs to call on transcoding completion.
FTP username for authenticating to the push zone storage.
FTP password for authenticating to the push zone storage.
Numeric server location code.
Human-readable name of the server location.
Geographic region or country of the server.
Additional server metadata including upload endpoint details.
FTP port number for uploading files to this server.
Hostname of the FTP upload server for this zone.
Indicates whether SSL is enabled for this zone.