When the pay-by-requester mode is enabled for a bucket in Alibaba Cloud OSS, the requester instead of the bucket owner pays the cost of requests and traffic instead of the bucket owner. The bucket owner always pays the cost for storing data. You can enable this feature to share data without having to pay for the request and traffic costs by yourself.

Implementation modes

Implementation mode Description
Console A user-friendly and intuitive Web application
Java SDK SDK demos for various programming languages
Python SDK
Go SDK
C++ SDK

Use cases

  • Share large datasets, such as postal code directories, reference data, geospatial information, or Web crawling data. For example, a research institute provides a public dataset to share data with its customers for which they are expected to pay the request and traffic costs. The configuration procedure is as follows:
    1. Enable the pay-by-requester mode for the bucket. For more information, see Configure the pay-by-requester mode.
    2. Configure bucket policy to authorize the RAM user accounts of your customers' Alibaba Cloud accounts to access your bucket. For more information, see Use bucket policies to authorize other users to access OSS resources.
  • Deliver data to your customers or partners. For example, a company needs to deliver production data to its partners and expects the partners to pay for requests and traffic generated by data downloads.
    The configuration procedure is as follows:
    1. Enable the pay-by-requester mode for the bucket.
    2. Set the bucket ACL to Private.
    3. Configure bucket policy to authorize the RAM user accounts of your partners' Alibaba Cloud accounts to access your bucket. For more information, see Tutorial:Authorize a RAM user under another Alibaba Cloud account by adding a bucket policy.
    Notice You must authorize the RAM user account of your customers' or partners' Alibaba Cloud accounts to access your bucket. However, ensure that you do not provide them with the AccessKey pair of your RAM user account. If your customers or partners use your RAM user account to access your bucket, you will be charged for requests and traffic because you are still the requester.

Request methods

  • Access from anonymous users is not allowed

    If you the enable pay-by-requester mode for a bucket, anonymous users will be denied access to the bucket. Requesters must provide authentication information so that OSS can identify and charge them, but not the bucket owner, for requests and traffic.

    If requesters assume the RAM role of an Alibaba Cloud account to request data, OSS charges this Alibaba Cloud account for such requests and traffic.

  • Requesters must include the x-oss-request-payer request header

    If you enable the pay-by-requester mode for a bucket, requesters must include the x-oss-request-payer:requester request header in the PUT, POST, GET, or HEAD request. This field indicates that requesters understand that they will be charged for requests and data downloads. Otherwise, requesters cannot be authenticated.

    The bucket owner does not need to include the x-oss-request-payer request header when attempting to access their own buckets. In this case, the bucket owner pays for such requests and traffic.

Billing details

When the pay-by-requester mode is enabled, requesters pay for one or more of the following billing items based on their request content: outbound traffic over the public network, back-to-origin traffic, and traffic generated when making API operation calls, performing Image Processing (IMG), taking video snapshots, and retrieving IA objects or archives. The bucket owner pays other fees such as storage, object tagging, and transfer acceleration fees. However, requests fail (where HTTP status code 403 is returned) in the following cases and the bucket owner will be charged:

  • The requester does not include the x-oss-request-payer request header in the POST, GET, or HEAD request, or does not use this field as a parameter for a request through a RESTful API.
  • The requester fails authentication.
  • The requester is anonymous.