Common Request Headers

Description
This document introduces the common request headers used when you use APIs. The headers mentioned in the following text will not be reiterated in subsequent specific API documentation.
List of Request Headers
Header Name
﻿
Description
﻿
Type
﻿
Mandatory
﻿
Authorization
Signature information that carries authentication information to verify the legitimacy of the request.
For public read objects, you do not need to carry this header. If you transmit the authentication information through request parameters, you do not need to carry this header. For details, see Request Signature.
string
Yes
For public read objects or authentication information transmitted through request parameters, this header is optional.
Content-Length
Content length of an HTTP request defined in RFC 2616, which is measured in bytes.
integer
For PUT and POST requests (excluding PUT Object requests specifying the Transfer-Encoding request header), this header is mandatory.
For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Content-Type
HTTP request content type (MIME) defined in RFC 2616， such as application/xml or image/jpeg.
string
For PUT and POST requests that contain a request body, this header is mandatory.
For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Content-MD5
Base64 encoding format of the 16-byte binary MD5 hash value of the request body content defined in RFC 1864, which is used for integrity checks to verify whether the request body has undergone changes during transmission. The final value length should be 24 characters. Ensure that the correct methods and parameters are used when writing code. For instance, ZzD3iDJdrMAAb00lgLLeig==.
string
For PUT and POST requests that have a request body (excluding POST Object), this header is mandatory.
For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Date
Current time in GMT format defined in RFC 1123, for instance, Wed, 29 May 2019 04:10:12 GMT.
string
No
Host
Requested host, formatted as <BucketName-APPID>.cos.<Region>.myqcloud.com.
string
Yes
x-cos-security-token
Security token field required when the temporary security credentials are used. For details, refer to the instructions related to temporary security credentials.
string
No
When temporary keys are used and authentication information are carried via Authorization, this header is mandatory.
Dedicated Headers for SSE
For interfaces that support server-side encryption (SSE), the following request headers are applicable based on different encryption methods. Refer to the specific interface documentation to determine the applicability of SSE. The necessity of the following headers is only for scenarios that use SSE. If the request does not support SSE interfaces or does not use SSE, there is no need to carry the following headers. For more details, refer to the SSE overview.
SSE-COS
Header Name
Description
Type
Mandatory
x-cos-server-side-encryption
SSE algorithm, which is specified as AES256 when SSE-COS is used.
string
When uploading or duplicating objects (including simple uploading/duplication and multipart uploading/duplication), carrying this header will employ SSE-COS encryption. If this header is not carried, encryption will be implemented based on the bucket encryption configuration.  This header cannot be specified when you download objects.
SSE-KMS
Header Name
Description
Type
Mandatory
x-cos-server-side-encryption
SSE algorithm, which is specified as cos/kms when SSE-KMS is used.
﻿
string
When uploading or duplicating objects (including simple uploading/duplication and multipart uploading/duplication), carrying this header will employ SSE-KMS encryption. If this header is not carried, encryption will be implemented based on the bucket encryption configuration. This header cannot be specified when you download objects.
x-cos-server-side-encryption-cos-kms-key-id
When the value of x-cos-server-side-encryption is cos/kms, this header is used to designate the user primary key CMK of KMS. If this header is not specified, the default CMK created by COS is used. For more details, refer to SSE-KMS Encryption.
﻿
string
No
x-cos-server-side-encryption-context
When the value of x-cos-server-side-encryption is cos/kms, this header is used to specify the encryption context. The value is the Base64 encoding of the JSON formatted encryption context key-value pair. For instance, eyJhIjoiYXNkZmEiLCJiIjoiMTIzMzIxIn0=.
string
No
SSE-C
Header Name
Description
Type
Mandatory
x-cos-server-side-encryption-customer-algorithm
SSE algorithm. Currently only AES256 is supported.
﻿
string
Yes
x-cos-server-side-encryption-customer-key
Base64 encoding of the SSE key. For instance, MDEyMzQ1Njc4OUFCQ0RFRjAxMjM0NTY3ODlBQkNERUY=.
string
Yes
x-cos-server-side-encryption-customer-key-MD5
MD5 hash value of the SSE key, which is encoded in Base64. For instance, U5L61r7jcwdNvT7frmUG8g==.
string
Yes
Dedicated Headers for Object Lock
For interfaces that support object lock, the following object lock headers can be used for lock adding during the object uploading process. The necessity of the following headers is only applicable to scenarios using the object lock function. For more details, refer to Object Lock Overview.
Header Name
Description
Type
Mandatory
x-cos-object-lock-retain-until-date
Sets the object lock period, which is a timestamp used for setting the specific retention period. The value is represented in accordance with the ISO8601 standard and requires the use of the UTC time. For instance, 2022-02-17T10:30:09.000Z.
String
Yes
x-cos-object-lock-mode
Sets the object lock mode. The COMPLIANCE mode is supported.
String
Yes
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Header Name	Description	Type	Mandatory
Authorization	Signature information that carries authentication information to verify the legitimacy of the request. For public read objects, you do not need to carry this header. If you transmit the authentication information through request parameters, you do not need to carry this header. For details, see Request Signature.	string	Yes For public read objects or authentication information transmitted through request parameters, this header is optional.
Content-Length	Content length of an HTTP request defined in RFC 2616, which is measured in bytes.	integer	For PUT and POST requests (excluding PUT Object requests specifying the Transfer-Encoding request header), this header is mandatory. For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Content-Type	HTTP request content type (MIME) defined in RFC 2616， such as application/xml or image/jpeg.	string	For PUT and POST requests that contain a request body, this header is mandatory. For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Content-MD5	Base64 encoding format of the 16-byte binary MD5 hash value of the request body content defined in RFC 1864, which is used for integrity checks to verify whether the request body has undergone changes during transmission. The final value length should be 24 characters. Ensure that the correct methods and parameters are used when writing code. For instance, ZzD3iDJdrMAAb00lgLLeig==.	string	For PUT and POST requests that have a request body (excluding POST Object), this header is mandatory. For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Date	Current time in GMT format defined in RFC 1123, for instance, Wed, 29 May 2019 04:10:12 GMT.	string	No
Host	Requested host, formatted as <BucketName-APPID>.cos.<Region>.myqcloud.com.	string	Yes
x-cos-security-token	Security token field required when the temporary security credentials are used. For details, refer to the instructions related to temporary security credentials.	string	No When temporary keys are used and authentication information are carried via Authorization, this header is mandatory.

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service free trial

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

E-commerce

E-commerce retail solutions

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Financial Services

Financial Services Solution

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha

Cloud Workload Protection Platform

Data Security Governance Center

Key Management Service