Verification of Password Protection

📘

Information below might be outdated - please visit our recently updated API Reference

After enabling Password protection, clicking on a password protected link and entering a correct password, a user will be redirected to the original URL with additional values — si_exp, si_sig.

Example:

https://short.io/pricing?si_exp=160258758&si_sig=rD7RXsMsdRK1gZNSs%2FhQbqDCTmVsARNhAKoR31KNQVSOFT6stT0NcsdN7wka%2Bqf7PzzG7SB%2BZbB9pZcMI0%2FjA%3D%3D&si_alg=SHA3-52

  • si_exp — stands for expiration during which the values are valid;
  • si_sig — an encrypted value that detects if a user has made changes to the URL or not.

The values help you understand if a user has made changes to the url or send the link to another person to avoid

How to check if the password protection was used correctly

1. Create a file: filename.js. Use the code snippet below.

🚧

Extract the si_exp and si_sig values.
Copy your Short.io secret key here: https://app.short.io/settings/integrations/api-key.
Add the values to the script below.

const {createHmac} = require('crypto');
const isSignatureValid = (originalURL, si_exp, si_sig, secretKey) => {
    
    const exp = (new Date().valueOf() / 1000 + 600).toFixed(0);
    const signature = createHmac('SHA3-512', secretKey);
    signature.update(originalURL);
    signature.update(si_exp);
    return signature.digest('base64') === si_sig;
};

console.log(isSignatureValid(paste your values here))

2. Launch the file.

node filename.js

You will get the response True or False

  • True — means that there were no changes. A user was redirected through a password-protected link.
  • False — means that a user has made changes to a link.