A system having a content management system (CMS) and an edge node of a content delivery network is provided. The CMS and edge node are configured to perform a method that includes sharing a server secret between the CMS and the edge node and using, by the CMS, the server secret to generate a signing key. The signing key includes a signing secret generated using the server secret. The signing key is transmitted to a client system, and the client system receives a request for a content asset from a user device and authorizes said user device for access to the content asset. The client system uses the signing key to generate a signed URL for the content asset, and the user device is redirected to the signed URL. Responsive to receiving, by the edge node, the signed URL from the user device, the method proceeds to validating the signed URL by the edge node. Validating the signed URL uses the server secret to rederive the signing secret based on the signed URL. Responsive to successful validation of the signed URL by the edge node, the content asset is provided from the edge node to the user device.