Use a token-authentication definition you will refer to in a token-authentication match rule.
When the client presents the URL to the CDN, the CDN creates its own version of the token using a shared secret and predefined token generation algorithm (sha1). If the client’s token matches the CDN calculated token, the client’s request is allowed to proceed and the requested content is returned to the client. If the client’s token doesn't match, the CDN returns either an HTTP 403 response or 302 temporary redirect.
To add a token-authentication definition to a configuration: