All Products
Document Center

Upload OSS objects

Last Updated: May 19, 2022


After obtaining the upload URL and credential for a video or image, you can use Base64 decoding to obtain the STS token and URL for OSS upload. Then, call the following operations to upload the video or image file.

For your convenience, we recommend that you use an upload SDK.

Simple upload operations

Note: The maximum size of an object to be uploaded is 5 GB. Resumable upload is not supported.

Operation Description
PutObject Uploads an object in simple mode.
PostObject Uploads an object by using the HTML form.
AppendObject Uploads an object in append mode.

Multipart upload operations

Note: The maximum size of an object to be uploaded is 48.8 TB. Resumable upload is supported.

Operation Description
InitiateMultipartUpload Initializes a multipart upload event.
UploadPart Uploads an object in multipart mode.
CompleteMultipartUpload Completes the multipart upload of the entire object.
AbortMultipartUpload Cancels a multipart upload event.
ListMultipartUploads Lists all the ongoing multipart upload events.
ListParts Lists all uploaded parts matching a specific upload ID.

Upload verification operations

Note: You can obtain the 64-bit CRC value from the metadata of an object to check the data integrity of the object.

Operation Description
GetObjectMeta Obtains the metadata of an object.
HeadObject Obtains the metadata of an object. This operation functions the same as the GetObjectMeta operation.


Before calling an operation, ensure that you have obtained and decoded the upload URL and credential. The mapping between request parameters and decoded upload information is as follows:

  • The ObjectName parameter maps to the decoded FileName parameter.

  • The Host parameter maps to the decoded Bucket.Endpoint parameter.

    Note: Place http(s): of the Endpoint parameter at the very beginning.

  • When calculating the value of the Authorization parameter:

    • Use the decoded AccessKey ID and AccessKey Secret pair as the signature key. Do not use the AccessKey of your own account.
    • Include the decoded SecurityToken parameter in the request header or in a URL as a request parameter. Use either of these two methods to specify the AccessKey. If both methods are used, OSS returns an InvalidArgument error.
    • Include x-oss-security-token:SecurityToken in the header. When calculating CanonicalizedOSSHeaders for a signature, take x-oss-security-token into consideration.
    • Include security-token=SecurityToken in a URL. When calculating CanonicalizedResource for a signature, include security-token as a sub-resource.

      Note: For more information about how to calculate Authorization for a signature, see Add a signature to the header and Add a signature to a URL.

If you call OSS operations, you need to go through a complex process to calculate a signature. We recommend that you use an OSS upload SDK.