After pay-by-requester is enabled for a bucket, the request and traffic fees that are incurred when the bucket is accessed are paid by the requester instead of the bucket owner. The bucket owner pays only the storage fees. You can enable pay-by-requester for a bucket to share data in the bucket without paying for the request and traffic fees incurred by the access to your bucket.

Request instructions

  • Access from anonymous users is rejected.

    If you enable pay-by-requester for a bucket, anonymous users are not allowed to access the bucket. Requesters must provide authentication information to OSS so that OSS can identify and charge requesters for requests and traffic.

    If a requester assumes a RAM role of an Alibaba Cloud account to request data, OSS charges this Alibaba Cloud account for the requests sent by the requester and the generated traffic.

  • Requesters must specify the x-oss-request-payer header in the request.

    If you enable pay-by-requester for a bucket, requesters must specify the x-oss-request-payer:requester header in POST, GET, or HEAD requests. This header indicates that requesters understand that they are charged for sending requests to and downloading data from the bucket. Otherwise, requesters cannot be authenticated.

    Bucket owners do not need to specify the x-oss-request-payer header in requests sent to access their buckets. In this case, bucket owners are charged for the requests sent by them and the traffic generated by the requests.

For more information about pay-by-requester, see Enable pay-by-requester in the Developer Guide.

Enable pay-by-requester

The following code provides an example on how to enable pay-by-requester for a bucket:

<? php
if (is_file(__DIR__ . '/../autoload.php')) {
    require_once __DIR__ . '/../autoload.php';
}
if (is_file(__DIR__ . '/../vendor/autoload.php')) {
    require_once __DIR__ . '/../vendor/autoload.php';
}

use OSS\OssClient;
use OSS\Core\OssException;

// Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to log on to OSS because the account has permissions on all API operations. We recommend that you use your RAM user's credentials to call API operations or perform routine operations and maintenance. To create a RAM user, log on to the RAM console.
$accessKeyId = "<yourAccessKeyId>";
$accessKeySecret = "<yourAccessKeySecret>";
// The endpoint of the China (Hangzhou) region is used in this example. Specify the actual endpoint.
$endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
$bucket= "<yourBucketName>";

$ossClient = new OssClient($accessKeyId, $accessKeySecret, $endpoint, false);

try {
    // Enable pay-by-requester for the bucket.
    $ossClient->putBucketRequestPayment($bucket, "Requester");
} catch (OssException $e) {
    printf(__FUNCTION__ . ": FAILED\n");
    printf($e->getMessage() . "\n");
    return;
}

print(__FUNCTION__ . ": OK" . "\n");

For more information about how to enable pay-by-requester for a bucket, see PutBucketRequestPayment.

Query pay-by-requester configurations

The following code provides an example on how to query the pay-by-requester configurations of a bucket:

<? php
if (is_file(__DIR__ . '/../autoload.php')) {
    require_once __DIR__ . '/../autoload.php';
}
if (is_file(__DIR__ . '/../vendor/autoload.php')) {
    require_once __DIR__ . '/../vendor/autoload.php';
}

use OSS\OssClient;
use OSS\Core\OssException;

// Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to log on to OSS because the account has permissions on all API operations. We recommend that you use your RAM user's credentials to call API operations or perform routine operations and maintenance. To create a RAM user, log on to the RAM console.
$accessKeyId = "<yourAccessKeyId>";
$accessKeySecret = "<yourAccessKeySecret>";
// The endpoint of the China (Hangzhou) region is used in this example. Specify the actual endpoint.
$endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
$bucket= "<yourBucketName>";

$ossClient = new OssClient($accessKeyId, $accessKeySecret, $endpoint, false);

try {
    // Query the pay-by-requester configurations of the bucket.
    $payer = $ossClient->getBucketRequestPayment($bucket);

    // Display the pay-by-requester configurations.
    print($payer);
} catch (OssException $e) {
    printf(__FUNCTION__ . ": FAILED\n");
    printf($e->getMessage() . "\n");
    return;
}

print(__FUNCTION__ . ": OK" . "\n"); 

For more information about how to query the pay-by-requester configurations of a bucket, see GetBucketRequestPayment.

Specify that third parties are charged for access to objects

If you specify that third parties are charged for access to objects, requesters must include the x-oss-request-payer:requester header in the HTTP requests to perform operations on your objects. If this header is not included, an error is returned.

The following code provides an example on how to specify that third parties are charged when they access objects by calling the PutObject, GetObject, and DeleteObject operations. You can use the same method to specify that third parties are charged when they call other operations to access your objects.

The following code provides an example on how to specify that third parties are charged when they access objects:

<? php
if (is_file(__DIR__ . '/../autoload.php')) {
    require_once __DIR__ . '/../autoload.php';
}
if (is_file(__DIR__ . '/../vendor/autoload.php')) {
    require_once __DIR__ . '/../vendor/autoload.php';
}

use OSS\OssClient;
use OSS\Core\OssException;

// Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to log on to OSS because the account has permissions on all API operations. We recommend that you use your RAM user's credentials to call API operations or perform routine operations and maintenance. To create a RAM user, log on to the RAM console.
$accessKeyId = "<yourAccessKeyId>";
$accessKeySecret = "<yourAccessKeySecret>";
// The endpoint of the China (Hangzhou) region is used in this example. Specify the actual endpoint.
$endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
$bucket= "<yourBucketName>";
$object = "<yourObjectName>";

$ossClient = new OssClient($accessKeyId, $accessKeySecret, $endpoint, false);

// Enable pay-by-requester for the bucket.
$options = array(
  OssClient::OSS_HEADERS => array(
  OssClient::OSS_REQUEST_PAYER => 'requester',
));

try {
    // Specify the payer when a third party calls the PutObject operation to access objects.
    $content = "hello";
    $ossClient->putObject($bucket, $object, $content, $options);

    // Specify the payer when a third party calls the GetObject operation to access objects.
    $ossClient->getObject($bucket, $object, $options);

    // Specify the payer when a third party calls the DeleteObject operation to access objects.
    $ossClient->deleteObject($bucket, $object, $options);
} catch (OssException $e) {
    printf(__FUNCTION__ . ": FAILED\n");
    printf($e->getMessage() . "\n");
    return;
}

print(__FUNCTION__ . ": OK" . "\n");