Verification of Password Protection
Information below might be outdated - please visit our recently updated API Reference
After enabling Password protection, clicking on a password protected link and entering a correct password, a user will be redirected to the original URL with additional values β si_exp, si_sig.
Example:
- si_exp β stands for expiration during which the values are valid;
- si_sig β an encrypted value that detects if a user has made changes to the URL or not.
The values help you understand if a user has made changes to the url or send the link to another person to avoid
How to check if the password protection was used correctly
1. Create a file: filename.js. Use the code snippet below.
Extract the si_exp and si_sig values.
Copy your Short.io secret key here: https://app.short.io/settings/integrations/api-key.
Add the values to the script below.
const {createHmac} = require('crypto');
const isSignatureValid = (originalURL, si_exp, si_sig, secretKey) => {
const exp = (new Date().valueOf() / 1000 + 600).toFixed(0);
const signature = createHmac('SHA3-512', secretKey);
signature.update(originalURL);
signature.update(si_exp);
return signature.digest('base64') === si_sig;
};
console.log(isSignatureValid(paste your values here))
2. Launch the file.
node filename.js
You will get the response True or False
- True β means that there were no changes. A user was redirected through a password-protected link.
- False β means that a user has made changes to a link.
Updated 6 months ago