This project is not covered by Drupal’s security advisory policy.

URL token is an API module to make token-based access control simple.

There are two main features:

  • Request a token
  • Check that a token is valid (usually via a URL)

You should only install this module if another module requires it. This module doesn't provide any functionality by itself, it provides features for other developers to use in their modules.

Developer how-to

Request a token

  // Request a token.
  // By default, token validity is limited to 1 hour. This can be changed by adding optional parameters to the call.
  $token = urltoken_get_token('mymodule');

  // Now do whatever you want to with this token, typically:
  // - Display it on screen
  // - Email it to the user

Check if a token is valid

Typically, tokens are checked via the URL, using a wildcard menu loader.

 * Implements hook_menu().
function mymodule_menu() {
  $items = array();

  // If a user reaches this page, the token was successfully validated.
  $items['mymodule/%urltoken'] = array(
    'title' => 'My module',
    'page callback' => 'mymodule_page_callback',

    // You can pass the token as an argument to the page callback if required.
    'page arguments' => array(1),

    // Add the name of your module as a load argument [REQUIRED].
    // This ensures a token created by another module cannot be used to
    // authenticate a token in your module.
    'load arguments' => array('mymodule'),

    // The menu wildcard loader ensures the token is valid, so you don't
    // necessarily an access callback. You can add one though, if you need more
    // complex access controls than just a token.
    'access callback' => TRUE,

  return $items;

 * Page callback for /mymodule/%urltoken.
function mymodule_page_callback($token) {
  // If a user reaches this page, the token was valid.

Project Information