Python Code Example
create_autograph.py
#!/usr/bin/env python from __future__ import print_function # Ensures print is a function in Python 2.7 import sys, os, errno import time import base64 import hmac import hashlib from datetime import datetime ### Configuration ### # Client Id and Client Secret of Subscribers Application CLIENT_ID = "XXXXXX" # <- Enter your app credentials here! CLIENT_SECRET = "XXXXXX" # <- Enter your app credentials here! # API Endpoint BASE_URL = 'https://api.xvid.com' API_VERSION = '/v1' API_URL = BASE_URL + API_VERSION ### End of Configuration ### ### Main Class ### class MCAutographCopy(object): def sign_download_url(self, url, validity_in_sec): expires = int(time.time()) + int(validity_in_sec) # Strip the host url = API_VERSION + url.split(API_VERSION, 1)[1] # Append URL parameters url = url + "&redirect=true&multi_use=true" url = url + "&client_id=" + str(CLIENT_ID) + "&expiry_time=" + str(expires) # Sign the URL key = base64.b64decode(CLIENT_SECRET) if isinstance(url, str): # In Python 3, hmac.new expects bytes url = url.encode('utf-8') hashed = hmac.new(key, url, hashlib.sha256) # Prepare the signed URL by adding signature at the end url = BASE_URL + url.decode('utf-8') + "&signature=" + hashed.hexdigest() return url ## Main Entry point ### if __name__ == '__main__': if len(sys.argv) < 4: print("Usage: create_autograph.py File_ID Tag Validity") print("Parameters:") print(" File_ID (hex) - ID of AutoGraph Master Video File") print(" Tag (string) - Message to embed") print(" Validity (s) - Number of seconds until the link expires") print("") print("Example: ./create_autograph.py 6bf3456ed18f734ab4c01f25 1234567890 3600") sys.exit(1) download_api_uri = API_VERSION + "/files/downloads/?file_id=" + sys.argv[1] + "&autograph_tag=" + sys.argv[2] download_link = MCAutographCopy().sign_download_url(download_api_uri, sys.argv[3]) # shortcut link print("Download Link: " + API_URL + "/files/downloads/" + download_link.split("downloads/", 1)[1])
PHP Code Example
create_autograph.php
<?php // Configuration // $client_id = "XXXXXX"; // <-- Enter your app credentials here! $client_secret = "XXXXXX"; // <-- Enter your app credentials here! $api_url = "/v1/files"; $base_url = "https://api.xvid.com"; // End of Configuration // // Signing function function get_signed_download_link($link, $client_id, $client_secret) { global $api_url; global $base_url; // Strip client_id query param in case it's already in link string $pos = strpos($link, "&client_id="); if ($pos) { $link = substr($link, 0, $pos) . strstr(substr($link, $pos+1), "&"); } // Strip signature query param in case it's already in link string $pos = strpos($link, "&signature="); if ($pos) { $link = substr($link, 0, $pos) . strstr(substr($link, $pos+1), "&"); } // We sign without the host name... $link = $api_url . strstr($link, "/downloads/"); // Add client_id param according to function params $link = $link . "&client_id=" . $client_id; // Sign, concatenate the host name again and return... return $base_url . $api_url . strstr($link, "/downloads/") . "&signature=" . hash_hmac('sha256', $link, base64_decode($client_secret)); } // Test call with args from CLI // Invoke with: php -f ./create_autograph.php FILE_ID TAG VALIDITY // Check we're invoked with all params... if ($argc < 4) { echo "Usage: php -f ./create_autograph.php File_ID Tag Validity\n\n"; echo "Parameters:\n"; echo " File_ID (hex) - ID of AutoGraph Master Video File\n"; echo " Tag (string) - Message/Tag to embed\n"; echo " Validity (s) - Number of seconds until the link expires\n"; echo "\n"; echo "Example: ./create_autograph.php 6bf3456ed18f734ab4c01f25 1234567890 3600\n"; exit(1); } // Caclulate expiry timestamp from validity param $expiry = (floor(time() / $argv[3]) * $argv[3]) + 2*$argv[3]; // Compute expiry time in a way that the parameter remains constant for a while so that // we're not producing links with new signatures with every invocation. This helps browser-side caching. // Prepare /downloads API call: File ID, Tag to embed and expiry time are simply query params // Additionally, there's also "multi_use" and "redirect" query params. // If you set "multi_use" to 'false', the download link will be one-time and throw and error if anyone tries to download a second time // If "redirect" is set to 'false', browsing the download link will not start the download but rather just return a json containing the link URL // So usually, you'll want both "multi_use" and "redirect" to be 'true' like we do in the below... $download_api_uri = $api_url . "/downloads/?file_id=" . $argv[1] . "&autograph_tag=" . $argv[2] . "&multi_use=true&redirect=true&expiry_time=" . $expiry; // Now we need to HMAC-sign the link. This proves that you (and not someone else) created the link with the given Tag // For security reasons, you'll always need to keep your client_secret safe and, well, secret... echo "Download Link: " . get_signed_download_link($download_api_uri, $client_id, $client_secret) . "\n"; ?>
Note: The fact that these examples can be invoked from the command line is just for example purposes and to ease up testing. If you look into integrating the code into your own web app, make a function call directly (e.g. get_signed_download_link()) and don't invoke the script via the shell.
Overview
Content Tools