To authorize a third-party user to download objects from a private bucket, you must use a signed URL or a temporary access credential. You cannot directly provide the AccessKey.

Signed URL

OSS allows users to use a signed URL to download data. You can add a signed URL and forward the URL to a third-party user to authorize access. The third-party user can then send an HTTP GET request and use the URL to download objects.

  • Implementation method

    The following example shows how to generate a signed URL.

    http://<bucket>.<region>.aliyuncs.com/<object>?OSSAccessKeyId=<user access_key_id>&Expires=<unix time>&Signature=<signature_string> 

    A signed URL must include at least the following three parameters: Signature, Expires, and OSSAccessKeyId.

    • OSSAccessKeyId: The AccessKey ID of your Alibaba Cloud account.
    • Expires: The expected expiration time of the URL.
    • Signature: The signature string. For more information, see Add a signature to a URL.
      Note This link must be URL-encoded.
  • Operating methods
    Operating method Description
    Console Web application, which is intuitive and easy to use
    Java SDK SDK demos in various languages
    Python SDK
    PHP SDK
    Go SDK
    C SDK
    .NET SDK

Temporary access credential

OSS uses Security Token Service (STS) to provide temporary credentials for third-party users. By adding a signature to the request header, a third-party user can access objects. This authorization method is applicable to object download in mobile scenarios. For more information about how to implement temporary access credentials, see STS Java SDK.

  • Implementation method

    A third-party user sends a request to the application server to obtain the AccessKey ID, AccessKey Secret, and STS Token issued by STS. The user then uses the obtained AccessKey ID, AccessKey Secret, and STS Token to request the developer's object resources.

  • Operating methods
    Operating method Description
    Console Web application, which is intuitive and easy to use
    Java SDK SDK demos in various languages
    Python SDK
    PHP SDK
    Go SDK
    C SDK
    .NET SDK
    Android SDK
    iOS SDK

Best practices

RAM and STS User Guide