# Token Creation This token is created using an HMAC MD5 hash of your API secret, the IP address of the client requesting the token, and a timestamp: 1\) Concatenating the API *secret* with the *timestamp* as follows: ***secret:ip\_address\_string:timestamp*** Where: * The ***timestamp*** value is the number of **milliseconds** since the Unix epoch, i.e. number of milliseconds since midnight January 1st 1970, UTC. * The ip\_address\_string is the human-readable string representation of an IPv4 address. * The separator between the secret and the timestamp is the character “:” (UTF char code 3A). 2\) Generating an HMAC MD5 value from the string created in step 1), and converting this value to a string in hexadecimal format. ## Example Java code to generate an IMG Arena API Token would be as follows: ```java import java.io.UnsupportedEncodingException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Hex; public class TokenGenerator { private static final String SAMPLE_TOKEN = "testtoken"; private static final String UTF_8 = "UTF-8"; private static final String HMAC_MD5 = "HmacMD5"; public static String getToken(String secret, String ip, long timestamp) throws NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException { String keyString = secret + ":" + ip + ":" + timestamp; SecretKey key = new SecretKeySpec(secret.getBytes(UTF_8), HMAC_MD5); Mac mac = Mac.getInstance(HMAC_MD5); mac.init(key); return Hex.encodeHexString(mac.doFinal(keyString.getBytes(UTF_8))); } public static void main(String[] args) throws Exception { long time = System.currentTimeMillis(); String a = getToken(SAMPLE_TOKEN, "1.2.3.4", time); System.out.println(a + ":" + time); } } ``` Running the code in the main method with a sample secret of “testtoken”, the IP address “1.2.3.4” and the timestamp “1385554442935” provides the following token: **51cc11786ddac11c7af450ec5b42aee4** ## Token validity Every API token is valid for a period of 30 seconds after being generated. An Invalid token will cause the API to return an HTTP 401 (**Unauthorized**) response. ## Stream URL validity All stream URLs are secured and authenticated, and require the client to initiate the stream within 30 seconds of the URL being issued. The stream URLs are valid for the full duration of the live streaming session after the initial request. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sportradar.com/streaming-integration/authentication/token-creation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.