After you upload an object to a bucket, you can generate a signed URL for the object and share the URL with third parties for downloads and previews. This topic describes how to run the sign command to generate a signed URL for an object.

Notice Sample command lines in this topic are based on the 64-bit Linux system. For other systems, replace ./ossutil64 in the commands with the corresponding binary name. For more information, see ossutil.

Command syntax

./ossutil64 sign cloud_url
[--timeout <value>] 
[--version-id <value>] 
[--trafic-limit <value>] 
[--disable-encode-slash] 
[--payer <value>]

The following table describes the parameters that you can configure to run the sign command.

Parameter Description
cloud_url The full path of the bucket in which the object is stored.
--timeout The expiration time of the signed URL. Unit: seconds. Default value: 60.
Notice The sum of the current timestamp and the expiration time of the signed URL cannot exceed 9223372036854775807. Otherwise, an error is thrown. If the current timestamp is 1643341269, the expiration time of the signed URL cannot exceed 9223372035211434538.
--version-id The version ID of the object for which you want to generate a signed URL. This parameter applies only to objects in buckets for which versioning is enabled or suspended.
--trafic-limit The maximum speed to access the object over HTTP by using the signed URL. Unit: bit/s. The default value of this parameter is 0, which indicates that the access speed is not limited. Valid values: 819200 to 838860800 (100 KB/s to 100 MB/s).
--disable-encode-slash Specifies that forward slashes (/) contained in the value of cloud_url are not encoded.
--payer The payer of the request. If you want the requester who accesses the resources in the specified path to pay for the traffic and request fees, set this parameter to requester.

Examples

  • You can run the following command to generate a signed URL for an object named exampleobject.png in a bucket named examplebucket. In the command, the expiration time of the URL is the default value, which is 60 seconds.
    ./ossutil64 sign oss://examplebucket/exampleobject.png
  • You can run the following command to generate a signed URL for an object named exampleobject.png in a bucket named examplebucket. In the command, the expiration time of the URL is set to 3,600 seconds.
    ./ossutil64 sign oss://examplebucket/exampleobject.png --timeout 3600
  • You can run the following command to generate a signed URL for an object named exampleobject.png in a bucket named examplebucket. In the command, the expiration time of the URL is set to 7,200 seconds, and the maximum speed to access the object over HTTP by using the signed URL is set to 100 MB/s.
    ./ossutil64 sign oss://examplebucket/exampleobject.png --timeout 7200 --trafic-limit 838860800
  • You can run the following command to generate a signed URL for the specified version of an object named exampleobject.png in a bucket named examplebucket. In the command, the expiration time of the URL is set to 1,800 seconds.
    ./ossutil64 sign oss://examplebucket/exampleobject.jpg --timeout 1800 --version-id  CAEQARiBgID8rumR2hYiIGUyOTAyZGY2MzU5MjQ5ZjlhYzQzZjNlYTAyZDE3****
  • After the preceding commands are run, an output similar to the following is returned, which includes the time used to generate the signed URL, the expiration time of the URL, and the signature information in the URL:
    https://examplebucket.ss-cn-hangzhou.aliyuncs.com/exampleobject.png?Expires=1608282224&OSSAccessKeyId=LTAI4G33piUmgRN1DXx9****&Signature=jo4%2FGykfuc1A4fvyvKRpRyymYH****
    0.368676(s) elapsed

Common options

If you use ossutil to switch to a bucket that is located in a different region, you can use the -e option to specify the endpoint of the region in which the specified bucket resides. If you use ossutil to switch to a bucket that belongs to another Alibaba Cloud account, you can use the -i option to specify the AccessKey ID of the specified account, and use the -k option to specify the AccessKey secret of the specified account.

For example, you can run the following command to generate a signed URL for an object named exampletest.jpg in a bucket named testbucket, which is located in the China (Shanghai) region and owned by another Alibaba Cloud account. In this example, the expiration time of the URL is set to 3,600 seconds.
./ossutil64 sign oss://testbucket/exampletest.jpg --timeout 3600 -e oss-cn-shanghai.aliyuncs.com -i LTAI4Fw2NbDUCV8zYUzA****  -k 67DLVBkH7EamOjy2W5RVAHUY9H****

For more information about other common options that you can use for the sign command, see Common options.