Jump to content
Sign in to follow this  

Secure URL alternative using static encrypted URL

Recommended Posts

Using Secure URLs

If you want to published a calendar for use by a limited group of people, such those who have access to your company's intranet, you can use secure URLs. To create secure URLs, you use the calendar publishing settings and sample code that is provided by Trumba Development. You can learn about this process and download the sample code from the Trumba Help: Use secure URLs to grant limited access to a calendar


This code generates a new encrypted URL for each user session, and it expires one day from the time it was generated (or when the user closes the browser window). The URL allows users inside of your secure environment to view your calendar without entering a password. Each URL works only in the browser in which it was created, only for the time specified. Therefore, no one can copy an URL from your source code and try to use it outside of your secure environment.


Using a less secure encrypted URL

If you want a less-complex option, you can create an URL to your calendar that contains the required parameters (including an expiration date), but does not change until you change the URL manually or the URL expires.


NOTE This option does not expose your calendar password directly, but because the URL stays the same until you change it, anyone who knows the URL can view the calendar inside or outside of your secure environment, as well as share the URL with others, whether intentionally or not.


Create the static, encrypted URL

First, because you still need to encrypt the URL for your calendar, you'll need an online MD5 encryption tool. Two examples that we used are: iWebTools and B-Con, which we found with a basic web search. Both worked fine during our tests. However, Trumba Corp. is not associated with either of these companies, and the owners of these tools could change or remove the tools at any time.


Spud code that you enter in your page to display a calendar that is protected through secure URLs must carry two parameters:

  • expires The expires parameter is a UTC date in yyyyMMddHHmm format. It tells Trumba how long access to the calendar should be granted with this URL. If you want to create a static URL, which you would update manually when it expires (by repeating this procedure), use a date that occurs a few weeks or months into the future.
  • hash The hash parameter is a hexadecimal string that contains the MD5 hash (encryption) of a query string that you build using your calendar name and two other required parameters.

Build the URL

  1. Create the query string that you will encrypt. It looks like this:
    Where you replace the blue placeholder text with the appropriate values. The expires parameter requires the same date format described in the list above, and you get your secure key from the Publishing Settings page. (More info: Get a secure key for your published calendar)
  2. Navigate to the MD5 encryption tool that you're using, enter the query string, and encrypt it.
  3. Select the copy the encrypted string and paste it where you can have access to it when you want to put spud code into your page.

Use the hashed string in your spud code

Once you have the MD5 hash of your query string, you provide the hash and your expires value to the $Trumba.addSpud() call. These values must appear in string fields on the url parameter.


Here's an example of a secure request for the KEXP calendar.

 webName: "kexp",
 spudType: "main",
 url : {
expires: "200702021400",
hash: "A4C93424343243AE89B3D"

Share this post

Link to post
Share on other sites
Sign in to follow this