There is requirement for token authentication using two secret key i.e primary and secondary secret for location block.

If token with first secret gives 405, then to generate the token with second secret to allow the request.

This is required for changing the Secret Key in production on server so that partial user will be allowed with old secret and some with new secret for meanwhile till secret is updated on all servers and client.

Something similar to below implementation
https://cdnsun.com/knowledgebase/cdn-live/setting-a-token-authentication-protect-your-cdn-content

Regards & Thanks ,
Anish