tencent cloud

All product documents
Cloud Object Storage
DocumentationCloud Object StorageSDK DocumentationPHP SDKObject OperationsGenerating Pre-Signed URLs
Generating Pre-Signed URLs
Download PDF
Last updated: 2024-02-04 14:25:57
Generating Pre-Signed URLs
Last updated: 2024-02-04 14:25:57
Download PDF

Overview

The COS SDK for PHP provides an API for getting pre-signed request URLs. Below are some examples.
Note:
You are advised to use a temporary key to generate a pre-signed URL for the security of your requests such as uploads and downloads. When you apply for a temporary key, follow the Principle of Least Privilege to avoid leaking resources besides your buckets and objects.
If you need to use a permanent key to generate a pre-signed URL, you are advised to limit the permission of the permanent key to uploads and downloads only to avoid risks.
Get the object URL and download the object parameters. You can concatenate the response-content-disposition=attachment parameter to the end of the obtained URL.

Generating Pre-Signed URL with Permanent Key

Upload request samples

Sample 1. Generate a pre-signed URL with a permanent key for simple upload

<?php

require dirname(__FILE__) . '/../vendor/autoload.php';

$secretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$secretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$region = "ap-beijing"; //Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket
$cosClient = new Qcloud\\Cos\\Client(
    array(
        'region' => $region,
        'schema' => 'https', // Protocol header, which is http by default
        'signHost' => true, // The `host` header is signed by default. You can also set `signHost` to `false` to choose not to sign the `host` header, but the request may fail or vulnerabilities may occur.
        'credentials'=> array(
            'secretId'  => $secretId ,
            'secretKey' => $secretKey)));
### Get pre-signed URL for simple upload
try {
    $signedUrl = $cosClient->getPreSignedUrl('putObject', array(
        'Bucket' => "examplebucket-1250000000", // Bucket in the format of BucketName-APPID
        'Key' => "exampleobject", // Location of the object in the bucket, i.e., the object key
        'Body' => 'string', // It can be empty or any string.
        'Params'=> array(), // HTTP request parameters, which should be the same as those passed to the actual request. This can prevent users from tampering with the HTTP request parameters. The parameter is left empty by default.
        'Headers'=> array(), // HTTP request headers, which should be included in the actual request. This can prevent users from tampering with the HTTP request headers that are signed here. By default, `host` is included in the signature.
    ), '+10 minutes'); // Validity period of the signature
    // Request succeeded
    echo ($signedUrl);
} catch (\\Exception $e) {
    // Request failed
    echo($e);
}



Sample 2. Generate a pre-signed URL with a permanent key for multipart upload

<?php

require dirname(__FILE__) . '/../vendor/autoload.php';

$secretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$secretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$region = "ap-beijing"; //Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket
$cosClient = new Qcloud\\Cos\\Client(
    array(
        'region' => $region,
        'schema' => 'https', // Protocol header, which is http by default
        'signHost' => true, // The `host` header is signed by default. You can also set `signHost` to `false` to choose not to sign the `host` header, but the request may fail or vulnerabilities may occur.
        'credentials'=> array(
            'secretId'  => $secretId ,
            'secretKey' => $secretKey)));

### Get pre-signed URL for multipart upload
try {
    $signedUrl = $cosClient->getPreSignedUrl('uploadPart', array(
        'Bucket' => "examplebucket-1250000000", // Bucket in the format of BucketName-APPID
        'Key' => "exampleobject", // Location of the object in the bucket, i.e., the object key
        'UploadId' => 'string', // Upload ID
        'PartNumber' => '1', // Part number
        'Body' => 'string',
        'Params'=> array(), // HTTP request parameters, which should be the same as those passed to the actual request. This can prevent users from tampering with the HTTP request parameters. The parameter is left empty by default.
        'Headers'=> array(), // HTTP request headers, which should be included in the actual request. This can prevent users from tampering with the HTTP request headers that are signed here. By default, `host` is included in the signature.
    ), '+10 minutes'); // Validity period of the signature
    // Request succeeded
    echo ($signedUrl);
} catch (\\Exception $e) {
    // Request failed
    echo($e);
}

Download request samples

Sample 1. Generate a pre-signed URL with a permanent key for simple download

<?php

require dirname(__FILE__) . '/../vendor/autoload.php';

$secretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$secretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$region = "ap-beijing"; //Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket
$cosClient = new Qcloud\\Cos\\Client(
    array(
        'region' => $region,
        'schema' => 'https', // Protocol header, which is http by default
        'signHost' => true, // The `host` header is signed by default. You can also set `signHost` to `false` to choose not to sign the `host` header, but the request may fail or vulnerabilities may occur.
        'credentials'=> array(
            'secretId'  => $secretId ,
            'secretKey' => $secretKey)));

### Get pre-signed URL for simple download
try {
    $signedUrl = $cosClient->getPreSignedUrl('getObject', array(
        'Bucket' => "examplebucket-1250000000", // Bucket in the format of BucketName-APPID
        'Key' => "exampleobject", // Location of the object in the bucket, i.e., the object key
        'Params'=> array(), // HTTP request parameters, which should be the same as those passed to the actual request. This can prevent users from tampering with the HTTP request parameters. The parameter is left empty by default.
        'Headers'=> array(), // HTTP request headers, which should be included in the actual request. This can prevent users from tampering with the HTTP request headers that are signed here. By default, `host` is included in the signature.
        ), '+10 minutes'); // Validity period of the signature
    // Request succeeded
    echo ($signedUrl);
} catch (\\Exception $e) {
    // Request failed
    echo($e);
}

Sample 2. Get the download signature with the encapsulated getObjectUrl to generate a pre-signed URL with a permanent key

<?php

require dirname(__FILE__) . '/../vendor/autoload.php';

$secretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$secretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$region = "ap-beijing"; //Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket
$cosClient = new Qcloud\\Cos\\Client(
    array(
        'region' => $region,
        'schema' => 'https', // Protocol header, which is http by default
        'signHost' => true, // The `host` header is signed by default. You can also set `signHost` to `false` to choose not to sign the `host` header, but the request may fail or vulnerabilities may occur.
        'credentials'=> array(
            'secretId'  => $secretId ,
            'secretKey' => $secretKey)));

### Get the download signature with the encapsulated getObjectUrl
try {    
    $bucket = "examplebucket-1250000000"; // Bucket in the format of BucketName-APPID
    $key = "exampleobject"; // Location of the object in the bucket, i.e., the object key
    $signedUrl = $cosClient->getObjectUrl($bucket, $key, '+10 minutes'); // Validity period of the signature
    // Request succeeded
    echo $signedUrl;
} catch (\\Exception $e) {
    // Request failed
    print_r($e);
}

Generating Pre-signed URL with Temporary Key

Upload request samples

Sample 1. Generate a pre-signed URL with a temporary key for simple upload

<?php

require dirname(__FILE__) . '/../vendor/autoload.php';

$tmpSecretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$tmpSecretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$tmpToken = "COS_TOKEN"; //Token is required for temporary keys. For more information about how to generate and use a temporary key, visit https://www.tencentcloud.com/document/product/436/14048?from_cn_redirect=1
$region = "COS_REGION"; //Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket
$cosClient = new Qcloud\\Cos\\Client(
    array(
        'region' => $region,
        'schema' => 'https', // Protocol, which is `http` by default
        'signHost' => true, // The `host` header is signed by default. You can also set `signHost` to `false` to choose not to sign the `host` header, but the request may fail or vulnerabilities may occur.
        'credentials'=> array(
            'secretId'  => $tmpSecretId,
            'secretKey' => $tmpSecretKey,
            'token' => $tmpToken)));

### Get pre-signed URL for simple upload
try {
    $signedUrl = $cosClient->getPreSignedUrl('putObject', array(
        'Bucket' => "examplebucket-1250000000", // Bucket in the format of BucketName-APPID
        'Key' => "exampleobject", // Location of the object in the bucket, i.e., the object key
        'Body' => 'string',
        'Params'=> array(), // HTTP request parameters, which should be the same as those passed to the actual request. This can prevent users from tampering with the HTTP request parameters. The parameter is left empty by default.
        'Headers'=> array(), // HTTP request headers, which should be included in the actual request. This can prevent users from tampering with the HTTP request headers that are signed here. By default, `host` is included in the signature.
        ), '+10 minutes'); // Validity period of the signature
    // Request succeeded
    echo ($signedUrl);
} catch (\\Exception $e) {
    // Request failed
    echo($e);
}

Sample 2. Generate a pre-signed URL with a temporary key for multipart upload

<?php

require dirname(__FILE__) . '/../vendor/autoload.php';

$tmpSecretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$tmpSecretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$tmpToken = "COS_TOKEN"; //Token is required for temporary keys. For more information about how to generate and use a temporary key, visit https://www.tencentcloud.com/document/product/436/14048?from_cn_redirect=1
$region = "COS_REGION"; //Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket
$cosClient = new Qcloud\\Cos\\Client(
    array(
        'region' => $region,
        'schema' => 'https', // Protocol, which is `http` by default
        'signHost' => true, // The `host` header is signed by default. You can also set `signHost` to `false` to choose not to sign the `host` header, but the request may fail or vulnerabilities may occur.
        'credentials'=> array(
            'secretId'  => $tmpSecretId,
            'secretKey' => $tmpSecretKey,
            'token' => $tmpToken)));

### Get pre-signed URL for multipart upload
try {
    $signedUrl = $cosClient->getPreSignedUrl('uploadPart', array(
        'Bucket' => "examplebucket-1250000000", // Bucket in the format of BucketName-APPID
        'Key' => "exampleobject", // Location of the object in the bucket, i.e., the object key
        'UploadId' => '', // Upload ID
        'PartNumber' => '1', // Part number
        'Body' => '',
        'Params'=> array(), // HTTP request parameters, which should be the same as those passed to the actual request. This can prevent users from tampering with the HTTP request parameters. The parameter is left empty by default.
        'Headers'=> array(), // HTTP request headers, which should be included in the actual request. This can prevent users from tampering with the HTTP request headers that are signed here. By default, `host` is included in the signature.
        ), '+10 minutes'); // Validity period of the signature
    // Request succeeded
    echo ($signedUrl);
} catch (\\Exception $e) {
    // Request failed
    echo($e);
}

Download request samples

Sample 1. Generate a pre-signed URL with a temporary key for simple download

<?php

require dirname(__FILE__) . '/../vendor/autoload.php';

$tmpSecretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$tmpSecretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$tmpToken = "COS_TOKEN"; //Token is required for temporary keys. For more information about how to generate and use a temporary key, visit https://www.tencentcloud.com/document/product/436/14048?from_cn_redirect=1
$region = "COS_REGION"; //Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket
$cosClient = new Qcloud\\Cos\\Client(
    array(
        'region' => $region,
        'schema' => 'https', // Protocol, which is `http` by default
        'signHost' => true, // The `host` header is signed by default. You can also set `signHost` to `false` to choose not to sign the `host` header, but the request may fail or vulnerabilities may occur.
        'credentials'=> array(
            'secretId'  => $tmpSecretId,
            'secretKey' => $tmpSecretKey,
            'token' => $tmpToken)));

### Get pre-signed URL for simple download
try {
    $signedUrl = $cosClient->getPreSignedUrl('getObject', array(
        'Bucket' => "examplebucket-1250000000", // Bucket in the format of BucketName-APPID
        'Key' => "exampleobject", // Location of the object in the bucket, i.e., the object key
        'Params'=> array(), // HTTP request parameters, which should be the same as those passed to the actual request. This can prevent users from tampering with the HTTP request parameters. The parameter is left empty by default.
        'Headers'=> array(), // HTTP request headers, which should be included in the actual request. This can prevent users from tampering with the HTTP request headers that are signed here. By default, `host` is included in the signature.
    ), '+10 minutes'); // Validity period of the signature
    // Request succeeded
    echo ($signedUrl);
} catch (\\Exception $e) {
    // Request failed
    echo($e);
}

Sample 2. Get the download signature with the encapsulated getObjectUrl to generate a pre-signed URL with a temporary key

<?php

require dirname(__FILE__) . '/../vendor/autoload.php';

$tmpSecretId = "SECRETID"; //Replace it with the actual SecretId, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$tmpSecretKey = "SECRETKEY"; //Replace it with the actual SecretKey, which can be viewed and managed at https://console.tencentcloud.com/cam/capi
$tmpToken = "COS_TOKEN"; //Token is required for temporary keys. For more information about how to generate and use a temporary key, visit https://www.tencentcloud.com/document/product/436/14048?from_cn_redirect=1
$region = "COS_REGION"; //Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket
$cosClient = new Qcloud\\Cos\\Client(
    array(
        'region' => $region,
        'schema' => 'https', // Protocol, which is `http` by default
        'credentials'=> array(
            'secretId'  => $tmpSecretId,
            'secretKey' => $tmpSecretKey,
            'token' => $tmpToken)));

### Get the download signature with the encapsulated getObjectUrl
try {    
    $bucket = "examplebucket-1250000000"; // Bucket in the format of BucketName-APPID
    $key = "exampleobject"; // Location of the object in the bucket, i.e., the object key
    $signedUrl = $cosClient->getObjectUrl($bucket, $key, '+10 minutes'); // Validity period of the signature
    // Request succeeded
    echo $signedUrl;
} catch (\\Exception $e) {
    // Request failed
    print_r($e);
}
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

Submit a Ticket
7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon