SDK | Signature Implementation File |
Android SDK | |
C SDK | |
C++ SDK | |
.NET(C#) SDK | IQCloudSigner.cs (class CosXmlSigner) |
Go SDK | |
iOS SDK | |
Java SDK | |
JavaScript SDK | util.js (getAuth) |
Node.js SDK | util.js (getAuth) |
PHP SDK | |
Python SDK | |
Mini Program SDK | util.js (getAuth) |
Content-Type
and Content-MD5
to limit the media type/content to upload. For the configurations of request headers related to uploads, please see PUT Object.response-xxx
so that you can temporarily modify response headers upon download. For the configurations of request parameters related to downloads, please see GET Object.SDK | Pre-Signed URL Document |
Android SDK | |
C SDK | |
C++ SDK | |
.NET(C#) SDK | |
Go SDK | |
iOS SDK | |
Java SDK | |
JavaScript SDK | |
Node.js SDK | |
PHP SDK | Pre-Signed URL |
Python SDK | |
Mini Program SDK |
Character | Decimal | Hex | Character | Decimal | Hex |
(Space) | 32 | 20 | ; | 59 | 3B |
! | 33 | 21 | < | 60 | 3C |
" | 34 | 22 | = | 61 | 3D |
# | 35 | 23 | > | 62 | 3E |
$ | 36 | 24 | ? | 63 | 3F |
% | 37 | 25 | @ | 64 | 40 |
& | 38 | 26 | [ | 91 | 5B |
' | 39 | 27 | \\ | 92 | 5C |
( | 40 | 28 | ] | 93 | 5D |
) | 41 | 29 | ^ | 94 | 5E |
* | 42 | 2A | ` | 96 | 60 |
+ | 43 | 2B | { | 123 | 7B |
, | 44 | 2C | | | 124 | 7C |
/ | 47 | 2F | } | 125 | 7D |
: | 58 | 3A | None | None | None |
StartTimestamp
of the current time. It is the total number of seconds from January 1, 1970, 00:00:00 UTC (January 1, 1970, 08:00:00 Beijing time) till the current time.EndTimestamp
for the signature to expire according to StartTimestamp
and the expected validity period of the signature.KeyTime
by splicing the two timestamps above in StartTimestamp;EndTimestamp
format (e.g., 1557902800;1557910000
).SignKey
), which is a hash value in lowercase hexadecimal format, such as eb2519b498b02ac213cb1f3d1a3d27a3b3c9bc5f
.Map
and a KeyList
:/?acl
is considered as /?acl=
.?
in the request path. For example, in the request path /?versions&prefix=example-folder%2F&delimiter=%2F&max-keys=10
, the request parameters are versions&prefix=example-folder%2F&delimiter=%2F&max-keys=10
.KeyList
in lexicographical order.Map
according to the order in KeyList
in the format of key1=value1&key2=value2&key3=value3
, which is the HttpParameters
.KeyList
· in the format of key1;key2;key3
, which is the UrlParamList
./?prefix=example-folder%2F&delimiter=%2F&max-keys=10
UrlParamList: delimiter;max-keys;prefix
HttpParameters: delimiter=%2F&max-keys=10&prefix=example-folder%2F
/exampleobject?acl
UrlParamList: acl
HttpParameters: acl=
Map
and the key list KeyList
, where keys are [URL-encoded](#.E5.87.86.E5.A4.87.E5.B7.A5 .E4.BD.9C) and converted to lowercase, and values are URL-encoded.KeyList
in lexicographical order.Map
according to the order in KeyList
in the format of key1=value1&key2=value2&key3=value3
, which is the HttpHeaders
.KeyList
in the format of key1;key2;key3
, which is the HeaderList
.Host: examplebucket-1250000000.cos.ap-shanghai.myqcloud.comDate: Thu, 16 May 2019 03:15:06 GMTx-cos-acl: privatex-cos-grant-read: uin="100000000011"
date;host;x-cos-acl;x-cos-grant-read
date=Thu%2C%2016%20May%202019%2003%3A15%3A06%20GMT&host=examplebucket-1250000000.cos.ap-shanghai.myqcloud.com&x-cos-acl=private&x-cos-grant-read=uin%3D%22100000000011%22
HttpString
based on HttpMethod
, UriPathname
, HttpParameters, and HttpHeaders in the format of HttpMethod\\nUriPathname\\nHttpParameters\\nHttpHeaders\\n
.HttpMethod
is converted to lowercase, such as get
or put
.UriPathname
is the request path, such as /
or /exampleobject
.\\n
is a line break. If there is an empty string, the line breaks before and after it should be retained, for example, get\\n/exampleobject\\n\\n\\n
.StringToSign
based on KeyTime and HttpString in the format of sha1\\nKeyTime\\nSHA1(HttpString)\\n
.
Where:sha1
is a fixed string.\\n
is a line break.54ecfe22f59d3514fdc764b87a32d8133ea611e6
) calculated with SHA1 and HttpString.Signature
, for example, 01681b8c9d798a678e43b685a9f1bba0f6c01234
.q-sign-algorithm=sha1&q-ak=SecretId&q-sign-time=KeyTime&q-key-time=KeyTime&q-header-list=HeaderList&q-url-param-list=UrlParamList&q-signature=Signature
Authorization
header, such as Authorization: q-sign-algorithm=sha1&q-ak=...&q-sign-time=1557989753;1557996953&...&q-signature=...
/exampleobject?q-sign-algorithm=sha1&q-ak=...&q-sign-time=1557989753%3B1557996953&...&q-signature=...
...
are the signatures.x-cos-security-token
field should be specified when you send the request. The way to specify this field varies depending on how the signature is passed in.Authorization
header, specify x-cos-security-token
as a request header as follows:Authorization: q-sign-algorithm=sha1&q-ak=...&q-sign-time=1557989753;1557996953&...&q-signature=...x-cos-security-token: ...
x-cos-security-token
as a request parameter as follows:/exampleobject?q-sign-algorithm=sha1&q-ak=...&q-sign-time=1557989753%3B1557996953&...&q-signature=...&x-cos-security-token=...
...
is the signature and access token.KeyTime = [Now];[Expires]SignKey = HMAC-SHA1([SecretKey], KeyTime)HttpString = [HttpMethod]\\n[HttpURI]\\n[HttpParameters]\\n[HttpHeaders]\\nStringToSign = sha1\\nKeyTime\\nSHA1(HttpString)\\nSignature = HMAC-SHA1(SignKey, StringToSign)
$sha1HttpString = sha1('ExampleHttpString');$signKey = hash_hmac('sha1', 'ExampleKeyTime', 'YourSecretKey');
import org.apache.commons.codec.digest.DigestUtils;import org.apache.commons.codec.digest.HmacUtils;String sha1HttpString = DigestUtils.sha1Hex("ExampleHttpString");String signKey = HmacUtils.hmacSha1Hex("YourSecretKey", "ExampleKeyTime");
import hmacimport hashlibsha1_http_string = hashlib.sha1('ExampleHttpString'.encode('utf-8')).hexdigest()sign_key = hmac.new('YourSecretKey'.encode('utf-8'), 'ExampleKeyTime'.encode('utf-8'), hashlib.sha1).hexdigest()
var crypto = require('crypto');var sha1HttpString = crypto.createHash('sha1').update('ExampleHttpString').digest('hex');var signKey = crypto.createHmac('sha1', 'YourSecretKey').update('ExampleKeyTime').digest('hex');
import ("crypto/hmac""crypto/sha1")h := sha1.New()h.Write([]byte("ExampleHttpString"))sha1HttpString := h.Sum(nil)var hashFunc = sha1.Newh = hmac.New(hashFunc, []byte("YourSecretKey"))h.Write([]byte("ExampleKeyTime"))signKey := h.Sum(nil)
APPID
, SecretId
, and SecretKey
. Below is an example:APPID | SecretId | SecretKey |
1250000000 | AKXXXXXXXXXXXXXXXXXXX | BQXXXXXXXXXXXXXXXXXXXX |
PUT /exampleobject(%E8%85%BE%E8%AE%AF%E4%BA%91) HTTP/1.1Date: Thu, 16 May 2019 06:45:51 GMTHost: examplebucket-1250000000.cos.ap-beijing.myqcloud.comContent-Type: text/plainContent-Length: 13Content-MD5: mQ/fVh815F3k6TAUm8m0eg==x-cos-acl: privatex-cos-grant-read: uin="100000000011"ObjectContent
1557989151;1557996351
eb2519b498b02ac213cb1f3d1a3d27a3b3c9bc5f
(empty string)
(empty string)
content-length;content-md5;content-type;date;host;x-cos-acl;x-cos-grant-read
content-length=13&content-md5=mQ%2FfVh815F3k6TAUm8m0eg%3D%3D&content-type=text%2Fplain&date=Thu%2C%2016%20May%202019%2006%3A45%3A51%20GMT&host=examplebucket-1250000000.cos.ap-beijing.myqcloud.com&x-cos-acl=private&x-cos-grant-read=uin%3D%22100000000011%22
put\\n/exampleobject(tencentcloud)\\n\\ncontent-length=13&content-md5=mQ%2FfVh815F3k6TAUm8m0eg%3D%3D&content-type=text%2Fplain&date=Thu%2C%2016%20May%202019%2006%3A45%3A51%20GMT&host=examplebucket-1250000000.cos.ap-beijing.myqcloud.com&x-cos-acl=private&x-cos-grant-read=uin%3D%22100000000011%22\\n
sha1\\n1557989151;1557996351\\n8b2751e77f43a0995d6e9eb9477f4b685cca4172\\n
3b8851a11a569213c17ba8fa7dcf2abec6931234
\\n
is a line break.PUT /exampleobject(%E8%85%BE%E8%AE%AF%E4%BA%91) HTTP/1.1Date: Thu, 16 May 2019 06:45:51 GMTHost: examplebucket-1250000000.cos.ap-beijing.myqcloud.comContent-Type: text/plainContent-Length: 13Content-MD5: mQ/fVh815F3k6TAUm8m0eg==x-cos-acl: privatex-cos-grant-read: uin="100000000011"Authorization: q-sign-algorithm=sha1&q-ak=AKIDQjz3ltompVjBni5LitkWHFlFpwkn****&q-sign-time=1557989151;1557996351&q-key-time=1557989151;1557996351&q-header-list=content-length;content-md5;content-type;date;host;x-cos-acl;x-cos-grant-read&q-url-param-list=&q-signature=3b8851a11a569213c17ba8fa7dcf2abec693****ObjectContent
GET /exampleobject(%E8%85%BE%E8%AE%AF%E4%BA%91)?response-content-type=application%2Foctet-stream&response-cache-control=max-age%3D600 HTTP/1.1Date: Thu, 16 May 2019 06:55:53 GMTHost: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
1557989753;1557996953
937914bf490e9e8c189836aad2052e4feeb35eaf
response-cache-control;response-content-type
response-cache-control=max-age%3D600&response-content-type=application%2Foctet-stream
date;host
date=Thu%2C%2016%20May%202019%2006%3A55%3A53%20GMT&host=examplebucket-1250000000.cos.ap-beijing.myqcloud.com
get\\n/exampleobject(tencentcloud)\\nresponse-cache-control=max-age%3D600&response-content-type=application%2Foctet-stream\\ndate=Thu%2C%2016%20May%202019%2006%3A55%3A53%20GMT&host=examplebucket-1250000000.cos.ap-beijing.myqcloud.com\\n
sha1\\n1557989753;1557996953\\n54ecfe22f59d3514fdc764b87a32d8133ea611e6\\n
01681b8c9d798a678e43b685a9f1bba0f6c01234
\\n
is a line break.GET /exampleobject(%E8%85%BE%E8%AE%AF%E4%BA%91)?response-content-type=application%2Foctet-stream&response-cache-control=max-age%3D600 HTTP/1.1Date: Thu, 16 May 2019 06:55:53 GMTHost: examplebucket-1250000000.cos.ap-beijing.myqcloud.comAuthorization: q-sign-algorithm=sha1&q-ak=AKIDQjz3ltompVjBni5LitkWHFlFpwkn****&q-sign-time=1557989753;1557996953&q-key-time=1557989753;1557996953&q-header-list=date;host&q-url-param-list=response-cache-control;response-content-type&q-signature=01681b8c9d798a678e43b685a9f1bba0f6c0****
Was this page helpful?