You can use additional parameters when generating the HASH key suck as token start time and token end time. This will specify an interval in which the generated token is valid. All playback requests, using that particular token that are placed outside that time interval will be rejected for playback.
Using Secure Token V2, you can also enforce Client IP restriction in the sense that only the client IP parameter used when the HASH token was generated would be able to play back the URL using that particular token.
Please go ahead and try out the Secure Token V2 feature and if you have any troubles, don't hesitate to write us back.