Python PeakMar 4

Python vs JS Signed URLs: Hotlink Pirates Blocked

Short-lived links that die before they go viral.

#python #javascript #signedurls #expiry #hotlinking #hmac #viralcoding #codecomparison #media #security

https://www.youtube.com/watch?v=sr5LSgTfZbE

Python vs JS Signed URLs: Hotlink Pirates Blocked #JavaScript

YouTube
Python PeakJan 14

Signed URL Expiry That Stops Hotlink Pirates

Short-lived links that die before they go viral.

#python #php #signedurls #expiry #hotlinking #hmac #viralcoding #codecomparison #media #security

https://www.youtube.com/watch?v=XWW_q6HVGMQ

Signed URL Expiry That Stops Hotlink Pirates #Python

YouTube
Turbo Learn PHPJan 11

Signed URL with Hard Expiry

Stop hotlinking with nonce, expiry, and tamper-proof signatures.

#php #python #signedurls #cdnsecurity #hmac #expiry #antihotlink #backendsafety #security #viralcoding

https://www.youtube.com/watch?v=WMVblvsCiG0

Signed URL with Hard Expiry #PHP

YouTube
TamásMar 12, 2025

What is the ExpiredToken error with S3 signed URLs and how to avoid it

S3 signed URLs allow implementing file downloads in a serverless environment. In a nutshell, it works by:

* the user wants to download a file
* the backend signs a URL
* the user then uses the URL to download the file directly from S3

A common misconception is that the URL is a simple link to a file. But it's a bit more complicated than that.

A signed URL is "X is doing Y", where:

* X is an identity, usually a Lambda execution role, but can be an IAM user or other roles
* Y is an action, in this case "get this object from this S3 bucket"

The signature has an expiration time and it gives a "Signature expired" error when used after that.

```
https://terraform-....s3.eu-central-1.amazonaws.com/file1?
x-id=GetObject&
X-Amz-Date=20230808T074548Z&
X-Amz-Expires=900&
...
```

But the identity itself can also expire. IAM roles give temporary credentials that can only be used up until they expire.

```json
{
"Credentials": {
"SecretAccessKey": "...",
"SessionToken": "...",
"Expiration": "2016-03-15T00:05:07Z",
"AccessKeyId": "..."
}
}
```

So, what happens when the signature is still valid but the credentials that signed it are expired? That's the `ExpiredToken` error.

How to avoid it?

Make sure that when you sign a URL then the signature expires before the credentials. In the common case of a Lambda signer that means using 15 minutes or less for the expiration.

#aws #s3 #signedurls #expiredtoken

Originally published [on my blog](https://advancedweb.hu/shorts/what-is-the-expiredtoken-error-with-s3-signed-urls-and-how-to-avoid-it/)

What is the ExpiredToken error with S3 signed URLs and how to avoid it