Verification of Password Protection


Information below might be outdated - please visit our recently updated API Reference

After enabling Password protection, clicking on a password protected link and entering a correct password, a user will be redirected to the original URL with additional values β€” si_exp, si_sig.


  • si_exp β€” stands for expiration during which the values are valid;
  • si_sig β€” an encrypted value that detects if a user has made changes to the URL or not.

The values help you understand if a user has made changes to the url or send the link to another person to avoid

How to check if the password protection was used correctly

1. Create a file: filename.js. Use the code snippet below.


Extract the si_exp and si_sig values.
Copy your secret key here:
Add the values to the script below.

const {createHmac} = require('crypto');
const isSignatureValid = (originalURL, si_exp, si_sig, secretKey) => {
    const exp = (new Date().valueOf() / 1000 + 600).toFixed(0);
    const signature = createHmac('SHA3-512', secretKey);
    return signature.digest('base64') === si_sig;

console.log(isSignatureValid(paste your values here))

2. Launch the file.

node filename.js

You will get the response True or False

  • True β€” means that there were no changes. A user was redirected through a password-protected link.
  • False β€” means that a user has made changes to a link.