Your new Debug Key has been generated.

GUARD IT WELL! This key will be used for both encryption and decryption purposes. As such, it is the "key to the castle", and should not be exposed outside your organization, except to Akamai personnel.

Once you have enabled GRN Encryption in your Akamai configuration using this Debug Key, you should save this key so you can use it to decrypt your GRNs.

Encryption

To implement encryption, follow these steps:

1. Create a new version of your delivery configuration
2. Add a new variable called PMUSER_DEBUG_KEY and give it the above value. Make it Hidden
3. Add a new variable called PMUSER_GRN with no default value. Make it Hidden
4. Add a new variable called PMUSER_ENCRYPTED_GRN with no default value. Make it Hidden
5. Create a new rule called Add GRN response header
6. In the Add GRN response header rule, add the Advanced behavior and add the following code:

<match:request.type value="CLIENT_REQ"> <assign:variable> <name>PMUSER_GRN</name> <value>%(AK_REFERENCE_ID)</value> </assign:variable> <assign:variable> <name>PMUSER_ENCRYPTED_GRN</name> <value>%(PMUSER_GRN)</value> <transform> <encrypt> <algorithm>3DES</algorithm> <key>%(PMUSER_DEBUG_KEY)</key> <mode>ECB</mode> <prepend-bytes>off</prepend-bytes> </encrypt> </transform> </assign:variable> <edgeservices:modify-outgoing-response.add-header> <name>grn</name> <value>%(PMUSER_ENCRYPTED_GRN)</value> <status>on</status> <edge-only>on</edge-only> </edgeservices:modify-outgoing-response.add-header> </match:request.type>

Note that if you are an Akamai customer, the above step will need to be performed by an Akamai Solutions Architect, since customers do not have the ability to directly add Advanced XML into their configurations.

7. Save and activate your configuration version

Note: If you only wish to return the grn response header for some requests, you can includ match conditions in the Add GRN response header rule. For instance, if you don't want to return the grn header for image requests, you could include a negative match on image file extensions.

At this point, all requests to your delivery configurations should return a grn header, containing an encrypted GRN value

Decryption

To decrypt an encrypted GRN for debugging purposes, follow these steps:

1. Go to the GRN Decryption page
2. Enter the value of the grn response header in the Global Reference Number field
3. Enter the value used for the PMUSER_DEBUG_KEY in the Encryption Key field
4. Click the Decrypt GRN button
5. The resulting page should show the decrypted GRN, in the format 0.xxxxxxxx.xxxxxx.xxxxxx (the exact length may differ)
6. You can then enter this GRN into the Akamai GRN Translator tool to display logs from the specific request