tencent cloud

All product documents
Cloud Object Storage
DocumentationCloud Object StorageDeveloper GuideCloud Access ManagementAccess Permission Configuration DescriptionRequest MethodsAccessing COS Using a Permanent Key
Accessing COS Using a Permanent Key
Download PDF
Last updated: 2024-03-25 15:33:39
Accessing COS Using a Permanent Key
Last updated: 2024-03-25 15:33:39
Download PDF

Background

With RESTful APIs, you can initiate anonymous HTTP requests or signed HTTP requests to COS. Anonymous requests are typically used for scenarios that require public access, such as hosting static websites; and signed requests are required in most other scenarios.
Compared with an anonymous request, a signed request carries an additional signature value. The signature is an encrypted string generated based on the key (SecretId/SecretKey) and request information. The SDK automatically calculates the signature. You only need to set the key when initializing user information and do not need to worry about signature calculation. For requests initiated through RESTful APIs, COS needs to calculate signatures based on the signature algorithm and add them to the requests.

Getting a Permanent Key

You can log in to the CAM console and go to the Manage API Key page to get a permanent key. A permanent key consists of a SecretId and a SecretKey. It represents the permanent identity of your account and does not expire.
SecretId: used to identify the API caller.
SecretKey: used to encrypt the signature string and server-side authentication signature string.

Accessing COS Using a Permanent Key

Accessing COS using an API request

When using an API request, you must use a signed request for a private bucket. A signature is generated based on a permanent key and put into the Authorization header to form a signed request. When the request is sent to COS, COS verifies whether the signature matches the request.
Note:
Because the signature generation algorithm is complex, you are advised to use an SDK to initiate a request and skip this step.
1. Use a permanent key to generate a signature. For the signature algorithm, see Request Signature. COS provides a signature generation tool. You can also use a COS SDK to generate signatures. For more information, see Implementing Signature in SDK. You can also write a program to generate signatures. However, this method is not recommended because the signature algorithm is complex.
2. Enter the signature into the Authorization header. When initiating an API request, enter the signature into the standard HTTP Authorization header. The following is an example of a GetObject request:
GET /<ObjectKey> HTTP/1.1
Host: <BucketName-APPID>.cos.<Region>.myqcloud.com
Date: GMT Date
Authorization: q-sign-algorithm=sha1&q-ak=SecretId&q-sign-time=KeyTime&q-key-time=KeyTime&q-header-list=HeaderList&q-url-param-list=UrlParamList&q-signature=Signature

Accessing COS using an SDK tool

1. Initialize the identity information with the permanent key. After installing the SDK tool, enter the permanent key (SecretId and SecretKey) of the root account or sub-account to initialize the user identity information.
2. Directly use the SDK tool to initiate requests to COS. After initialization, you can directly use the SDK tool for upload, download, and other basic operations, without the need to generate signatures like using API requests, because the SDK tool generates signatures based on keys on your behalf and initiates requests to COS.
The following is an example of the corresponding Java SDK code. For demos of other languages, see the corresponding quick start documentation in SDK Overview.
// 1. Initialize the user credentials (secretId, secretKey).
// Log in to the [CAM console](https://console.tencentcloud.com/cam/capi) to view and manage the `SecretId` and `SecretKey` of your project.
String secretId = "SECRETID";
String secretKey = "SECRETKEY";
COSCredentials cred = new BasicCOSCredentials(secretId, secretKey);
// 2. Set the bucket region. For abbreviations of COS regions, please visit https://www.tencentcloud.com/document/product/436/6224?from_cn_redirect=1.
// `clientConfig` contains the set methods to set region, HTTPS (HTTP by default), timeout, and proxy. For detailed usage, please see the source code or the FAQs about the SDK for Java.
Region region = new Region("COS_REGION");
ClientConfig clientConfig = new ClientConfig(region);
// The HTTPS protocol is recommended.
// Starting from 5.6.54, HTTPS is used by default.
clientConfig.setHttpProtocol(HttpProtocol.https);
// 3. Generate a COS client.
COSClient cosClient = new COSClient(cred, clientConfig);

Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 available.

Submit a Ticket
7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon