The library providing the access must credential each library patron being sent to Books24x7. These credentials are provided in the form of authentication tokens; each user is assigned a single, unique and constant token by the library.
http://library.books24x7.com/library.asp
site=YOURCODE
oken=THETOKENVALUE
http://library.books24x7.com/library.asp?site=GG3K1&token=394FAD2940C
In order for patrons arriving from your site to be successfully authenticated, they must arrive at Book24x7 from a link found on the library’s own website. Furthermore, the access to this URL must be restricted - it must not be an openly accessible location from the internet. In order to view the page which links to Books24x7, the patron must first authenticate themselves into the library’s website.
It is important that the correct Referring URL as seen by Books24x7 be provided. If you are unsure of the final form of the URL that patrons will be presenting to Books24x7, you can follow this procedure:
http://library.books24x7.com/library.asp?site=YOURCODE
)http://library.books24x7.com/diagnostics.asp
Note: because of how most web browsers operate, it is important that users display the web page corresponding to the referring URL in their browser. If a user were only redirected to the referring URL from the welcome page at the library, and then immediately redirected to Books24x7, then they would not have the correct referring URL. A redirection response from a web server will not produce a Referring URL HTTP header; it will simply forward any Referring URL header that it sees.
It is recommended that the library calculate a token for each user based on the whatever credentials the library as used to grant them access to their own restricted website. This could be a networkID, or a studentID, or a library card number. In order to protect the privacy of the library patron, the library can use a calculation to obscure the actual value of the credentials. We recommend that standard encryption be used to obscure the value presented to Books24x7.
We do not recommend calculating authentication tokens using a one-way hashing or checksum algorithm such as MD5. Though this will technically meet the requirements of uniqueness and constancy, it may prove to be impractical. Should issues arise with particular patrons, Books24x7 will provide to the library the token used by that patron. If a non-reversible encryption has been used the library would be unable to decrypt to token in order to identify the actual patron.