Part 2: The "X-Akamai-ACS-Auth-Sign" header

With the values set in the X-Akamai-ACS-Auth-Data header, for the sake of example, assume the following for this example:
  • The [key] (“shared secret”) value is abcdefghij
  • The request path from the HTTP request for an upload action is [/123456/files_baseball/sweep.m4a]
  • In addition, various optional upload action header fields are defined, and they too, must be included.

With these variables, the HMAC-SHA256 would then be as follows:

HMAC-SHA256("abcdefghij",
    "5, 0.0.0.0, 0.0.0.0, 1280000000, 382644692, UploadAccountMedia" +
    "/123456/files_baseball/sweep.m4a\n" +
    "x-akamai-acs-action:version=1&action=upload" +
    "&md5=0123456789abcdef0123456789abcdef" +
    "&mtime=1260000000\n")
Note: In this particular example, there are exactly two newline and five space characters in the string that is signed using HMAC-SHA256

As a result, the X-Akamai-ACS-Auth-Sign header would look as follows (after all of the above-values were SHA-256 hashed):

X-Akamai-ACS-Auth-Sign: yh1MXm/rv7RKZhfKlTuSUBV69Acph5IyOWCU0/nFjms=