Lumen help
This section explains how to set up geographic location blocking (geo-blocking) and token authentication.
Once a geo-blocking rule is configured, it causes an edge server to use the client IP address to determine a geo location and evaluate against the defined allow or deny list. The configuration of a geoblocking object includes the following:
geoid—array of geo IDs as defined in GeoDefs
Type allow or deny.
Token authentication allows customers to protect content from URL tampering or unauthorized re-use or re-publication via email forwarding or deep linking to content. Using shared secrets defined in the tokens, a URL signature appended to the query string of the resource URL can be validated by the CDN before serving content without contacting the customer environment for authentication.
The configuration of the tokenauth object applies to all tokens defined in the Tokens section and includes the following:
action Currently limited to "fail"
Because token authentication requires the addition of query string parameters to the URL, content manipulation qshmode for assets to be protected using token authentication should typically be set to action: "ignore".
Description
Creates a new AccessControl group of a service component or a property. An AccessControl group can include a geo-blocking and a tokenauth object. A geo-blocking setting includes an array of geo ids and a type specifying an allow or deny filter. The tokenauth setting includes token ID and the action attribute, which is currently limited to "fail".
Method
POST
Base URI
https://ws.lumen.com
Body syntax
{
"AccessControl":
{"geoblocking":
{# optional "geoid": [" <geoid>", … ] # required
"action": ("deny" | "allow" ) # required},
"tokenauth":
{ # optional "action": "fail" # required
}
}
}
URI syntax
/serviceConfiguration/(version)/(scope)/ResourceGroups/(rgid)/ConfGroups/AccessControl
| version [CDATA[ ]] | Values: "v1.0" (required) |
| scope [CDATA[ ]] | (AG)/(SCID)[/(ALIAS)] AG = Access Group SCID = Service Component Identifier ALIAS = Optional Alias identifies Property |
Example
https://ws.lumen.com/serviceConfiguration/v1.0/1234/BBBN5678/test1.caching.cdn.lumen.net/ResourceGroups/videos/ConfGroups/AccessControl
https://ws.lumen.com/serviceConfiguration/v1.0/1234/BBBN5678/ResourceGroups/videos/ConfGroups/AccessControl
{
"AccessControl": {
"geoblocking": {
"geoid": [ "NorthAmerica" ],
"type": "allow"
}
}
}
{
"AccessControl": {
"geoblocking": {
"geoid": [ "NorthAmerica" ],
"type": "allow"
}
}
}
Possible status and error messages returned to client
201: Created
Description
Retrieves the access control configuration group of a given resource group for service component or property.
Method
GET
Base URI
https://ws.lumen.com
URI syntax
/serviceConfiguration/(version)/(scope)/ResourceGroups/(rgid)/ConfGroups/AccessControl
| version [CDATA[ ]] | Values: "v1.0" (required) |
| scope [CDATA[ ]] | (AG)/(SCID)[/(ALIAS)] AG = Access Group SCID = Service Component Identifier ALIAS = Optional Alias identifies Property |
Example
https://ws.lumen.com/serviceConfiguration/v1.0/1234/BBBN5678/test1.caching.cdn.lumen.net/ResourceGroups/videos/ConfGroups/AccessControl
https://ws.lumen.com/serviceConfiguration/v1.0/1234/BBBN5678/ResourceGroups/videos/ConfGroups/AccessControl
{
"AccessControl": {
"tokenauth": {
"action": "fail"
},
"geoblocking": {
"geoid": [ "NorthAmerica", "Asia" ],
"type": "deny"
}
}
}
Possible status and error messages returned to client
200: Request Successful.
Description
Updates an AccessControl group of a service component or a property. An AccessControl group can include a geo-blocking and a tokenauth object. A geo-blocking setting includes an array of geo IDs and a type specifying an allow or deny filter.
The tokenauth setting comprises an array of token IDs and an action attribute. Action is currently limited to "fail". The update applies to adding or removing the geo-blocking or tokenauth objects or changes to such objects themselves.
Method
PUT
Base URI
https://ws.lumen.com
Body syntax
{
"AccessControl": {
"geoblocking": { # optional
"geoid": [ "<geoid>", … ] # required
"action": ("deny" | "allow" ) # required
},
"tokenauth": { # optional
"type": "fail" # required
}
}
}
URI syntax
/serviceConfiguration/(version)/(scope)/ResourceGroups/(rgid)/ConfGroups/AccessControl
| version [CDATA[ ]] | Values: "v1.0" (required) |
| scope [CDATA[ ]] | (AG)/(SCID)[/(ALIAS)] AG = Access Group SCID = Service Component Identifier ALIAS = Optional Alias identifies Property |
Example
https://ws.lumen.com/serviceConfiguration/v1.0/1234/BBBN5678/test1.caching.cdn.lumen.net/ResourceGroups/videos/ConfGroups/AccessControl
https://ws.lumen.com/serviceConfiguration/v1.0/1234/BBBN5678/ResourceGroups/videos/ConfGroups/AccessControl
{
"AccessControl": {
"geoblocking": {
"geoid": [ "NorthAmerica", "Asia" ],
"type": "allow"
},
"tokenauth": {
"action": "fail"
}
}
}
[Empty]
Possible status and error messages returned to client
204: Success no Content.
Explore Media portal
API articles
- Access group hierarchy
- Caching configuration management 1.0 (deprecated)
- Caching configuration management 2.0 (deprecated)
- Content invalidation
- Key
- Origin Storage (deprecated)
- Real time monitoring (RTM) (Caching)
- Services hierarchy (partially deprecated)
- Usage reporting
- Vyvx reservations
- Error responses
- Sample API code
- Topics covered on this page:
