Object Storage Service:Download an object using a signed URL (PHP SDK V2)

Notes

• The sample code in this topic uses the China (Hangzhou) region ID, cn-hangzhou, as an example. By default, it uses a public endpoint. If you want to access OSS from other Alibaba Cloud services in the same region, use an internal endpoint. For more information about the regions and endpoints supported by OSS, see Regions and endpoints.

• This topic uses environment variables to obtain access credentials as an example. For more examples of how to configure access credentials, see Configure access credentials for PHP.

• You do not need special permissions to generate a signed URL. However, a third party can successfully download the object using the signed URL only if you have the oss:GetObject permission. For more information about how to grant permissions, see Grant custom access policies to a RAM user.

• The sample code in this topic uses a V4 signed URL, which is valid for a maximum of 7 days. For more information, see Signature V4 (recommended).

Process

The following flowchart shows how to download an object by using a presigned URL.

Parameters

Sample code

1. The object owner generates a signed URL for a GET request.

   <?php
   
   // Import the autoloader file to ensure that dependency libraries are loaded correctly.
   require_once __DIR__ . '/../../vendor/autoload.php';
   
   use AlibabaCloud\Oss\V2 as Oss;
   
   // Define the description for command-line arguments.
   $optsdesc = [
       "region" => ['help' => 'The region in which the bucket is located.', 'required' => True], // The region where the bucket is located. (Required)
       "endpoint" => ['help' => 'The domain names that other services can use to access OSS.', 'required' => False], // The endpoint to access OSS. (Optional)
       "bucket" => ['help' => 'The name of the bucket', 'required' => True], // The bucket name. (Required)
       "key" => ['help' => 'The name of the object', 'required' => True], // The object name. (Required)
       "expire" => ['help' => 'The expiration time in seconds (default: 900)', 'required' => False], // The expiration time in seconds. (Optional, default: 900)
   ];
   
   // Convert the argument descriptions to the long options format required by getopt.
   // A colon ":" after each argument indicates that it requires a value.
   $longopts = \array_map(function ($key) {
       return "$key:";
   }, array_keys($optsdesc));
   
   // Parse the command-line arguments.
   $options = getopt("", $longopts);
   
   // Check if all required arguments are provided.
   foreach ($optsdesc as $key => $value) {
       if ($value['required'] === True && empty($options[$key])) {
           $help = $value['help']; // Get the help information for the argument.
           echo "Error: the following arguments are required: --$key, $help" . PHP_EOL;
           exit(1); // If a required argument is missing, exit the program.
       }
   }
   
   // Extract values from the parsed arguments.
   $region = $options["region"]; // The region where the bucket is located.
   $bucket = $options["bucket"]; // The bucket name.
   $key = $options["key"];       // The object name.
   $expire = isset($options["expire"]) ? (int)$options["expire"] : 900; // The expiration time. Default: 900 seconds.
   
   // Load the credentials from environment variables.
   // Use EnvironmentVariableCredentialsProvider to read the Access Key ID and Access Key Secret from environment variables.
   $credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();
   
   // Use the default configurations of the SDK.
   $cfg = Oss\Config::loadDefault();
   $cfg->setCredentialsProvider($credentialsProvider); // Set the credential provider.
   $cfg->setRegion($region); // Set the region where the bucket is located.
   if (isset($options["endpoint"])) {
       $cfg->setEndpoint($options["endpoint"]); // If an endpoint is provided, set it.
   }
   
   try {
       // Create an OSS client instance.
       $client = new Oss\Client($cfg);
   
       // Create a GetObjectRequest object to download the object.
       $request = new Oss\Models\GetObjectRequest(bucket:$bucket, key:$key);
   
       // Call the presign method to generate a signed URL and set the expiration time.
       $result = $client->presign($request, [
           'expires' => new \DateInterval("PT{$expire}S") // PT stands for Period Time, and S stands for seconds.
       ]);
   
       // Output the signed URL.
       echo "Signed URL: " . $result->url . PHP_EOL;
   } catch (Exception $e) {
       echo "Error: " . $e->getMessage() . PHP_EOL;
       exit(1);
   }

2. Other users download the object using the signed URL for the GET request.

   curl

   curl -SO "https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241112T092756Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI****************/20241112/cn-hangzhou/oss/aliyun_v4_request&x-oss-signature=ed5a******************************************************"

   Java

   import java.io.BufferedInputStream;
   import java.io.FileOutputStream;
   import java.io.IOException;
   import java.io.InputStream;
   import java.net.HttpURLConnection;
   import java.net.URL;
   
   public class Demo {
       public static void main(String[] args) {
           // Specify the presigned URL that allows HTTP GET requests. 
           String fileURL = "https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241112T092756Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI****************/20241112/cn-hangzhou/oss/aliyun_v4_request&x-oss-signature=ed5a******************************************************";
           // Specify the path in which the downloaded object is stored, including the object name and extension. 
           String savePath = "C:/downloads/myfile.txt";
   
           try {
               downloadFile(fileURL, savePath);
               System.out.println("Download completed!");
           } catch (IOException e) {
               System.err.println("Error during download: " + e.getMessage());
           }
       }
   
       private static void downloadFile(String fileURL, String savePath) throws IOException {
           URL url = new URL(fileURL);
           HttpURLConnection httpConn = (HttpURLConnection) url.openConnection();
           httpConn.setRequestMethod("GET");
   
           // Specify the response code.
           int responseCode = httpConn.getResponseCode();
           if (responseCode == HttpURLConnection.HTTP_OK) {
               // Configure the input stream.
               InputStream inputStream = new BufferedInputStream(httpConn.getInputStream());
               // Configure the output stream.
               FileOutputStream outputStream = new FileOutputStream(savePath);
   
               byte[] buffer=new byte[4096]; // Specify the size of the buffer.
               int bytesRead;
               while ((bytesRead = inputStream.read(buffer)) != -1) {
                   outputStream.write(buffer, 0, bytesRead);
               }
   
               outputStream.close();
               inputStream.close();
           } else {
               System.out.println("No file to download. Server replied HTTP code: " + responseCode);
           }
           httpConn.disconnect();
       }
   }

   Node.js

   const https = require('https');
   const fs = require('fs');
   
   const fileURL = "https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241112T092756Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI****************/20241112/cn-hangzhou/oss/aliyun_v4_request&x-oss-signature=ed5a******************************************************";
   const savePath = "C:/downloads/myfile.txt";
   
   https.get(fileURL, (response) => {
       if (response.statusCode === 200) {
           const fileStream = fs.createWriteStream(savePath);
           response.pipe(fileStream);
           
           fileStream.on('finish', () => {
               fileStream.close();
               console.log("Download completed!");
           });
       } else {
           console.error(`Download failed. Server responded with code: ${response.statusCode}`);
       }
   }).on('error', (err) => {
       console.error("Error during download:", err.message);
   });

   Python

   import requests
   
   file_url = "https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241112T092756Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI****************/20241112/cn-hangzhou/oss/aliyun_v4_request&x-oss-signature=ed5a******************************************************"
   save_path = "C:/downloads/myfile.txt"
   
   try:
       response = requests.get(file_url, stream=True)
       if response.status_code == 200:
           with open(save_path, 'wb') as f:
               for chunk in response.iter_content(4096):
                   f.write(chunk)
           print("Download completed!")
       else:
           print(f"No file to download. Server replied HTTP code: {response.status_code}")
   except Exception as e:
       print("Error during download:", e)

   Go

   package main
   
   import (
       "io"
       "net/http"
       "os"
   )
   
   func main() {
       fileURL := "https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241112T092756Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI****************/20241112/cn-hangzhou/oss/aliyun_v4_request&x-oss-signature=ed5a******************************************************"
       savePath := "C:/downloads/myfile.txt"
   
       response, err := http.Get(fileURL)
       if err != nil {
           panic(err)
       }
       defer response.Body.Close()
   
       if response.StatusCode == http.StatusOK {
           outFile, err := os.Create(savePath)
           if err != nil {
               panic(err)
           }
           defer outFile.Close()
   
           _, err = io.Copy(outFile, response.Body)
           if err != nil {
               panic(err)
           }
           println("Download completed!")
       } else {
           println("No file to download. Server replied HTTP code:", response.StatusCode)
       }
   }

   JavaScript

   const fileURL = "https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241112T092756Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI****************/20241112/cn-hangzhou/oss/aliyun_v4_request&x-oss-signature=ed5a******************************************************";
   const savePath = "C:/downloads/myfile.txt"; // Specify the name of the downloaded object.
   
   fetch(fileURL)
       .then(response => {
           if (!response.ok) {
               throw new Error(`Server replied HTTP code: ${response.status}`);
           }
           return response.blob(); // Change the type of the response to blob.
       })
       .then(blob => {
           const link = document.createElement('a');
           link.href = window.URL.createObjectURL(blob);
           link.download=savePath; // Specify the name of the downloaded object.
           document.body.appendChild(link); // This step ensures that the presigned URL exists in the document.
           link.click(); // Click the presigned URL to simulate the object download.
           link.remove(); // Remove the presigned URL after the object is downloaded.
           console.log("Download completed!");
       })
       .catch(error => {
           console.error("Error during download:", error);
       });

   Android-Java

   import android.os.AsyncTask;
   import android.os.Environment;
   import java.io.BufferedInputStream;
   import java.io.FileOutputStream;
   import java.io.InputStream;
   import java.net.HttpURLConnection;
   import java.net.URL;
   
   public class DownloadTask extends AsyncTask<String, String, String> {
       @Override
       protected String doInBackground(String... params) {
           String fileURL = params[0];
           String savePath = Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_DOWNLOADS) + "/myfile.txt"; // Specify the path in which you want to store the downloaded object.
           try {
               URL url = new URL(fileURL);
               HttpURLConnection httpConn = (HttpURLConnection) url.openConnection();
               httpConn.setRequestMethod("GET");
               int responseCode = httpConn.getResponseCode();
               if (responseCode == HttpURLConnection.HTTP_OK) {
                   InputStream inputStream = new BufferedInputStream(httpConn.getInputStream());
                   FileOutputStream outputStream = new FileOutputStream(savePath);
                   byte[] buffer = new byte[4096];
                   int bytesRead;
                   while ((bytesRead = inputStream.read(buffer)) != -1) {
                       outputStream.write(buffer, 0, bytesRead);
                   }
                   outputStream.close();
                   inputStream.close();
                   return "Download completed!";
               } else {
                   return "No file to download. Server replied HTTP code: " + responseCode;
               }
           } catch (Exception e) {
               return "Error during download: " + e.getMessage();
           }
       }
   }

   Objective-C

   #import <Foundation/Foundation.h>
   
   int main(int argc, const char * argv[]) {
       @autoreleasepool {
           // Specify the presigned URL and the path in which you want to store the object.
           NSString *fileURL = @"https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.txt?x-oss-date=20241112T092756Z&x-oss-expires=3599&x-oss-signature-version=OSS4-HMAC-SHA256&x-oss-credential=LTAI****************/20241112/cn-hangzhou/oss/aliyun_v4_request&x-oss-signature=ed5a******************************************************";
           NSString *savePath = @"/Users/your_username/Desktop/myfile.txt"; // Replace your_username with your username.
           
           // Create a URL object.
           NSURL *url = [NSURL URLWithString:fileURL];
           
           // Create an object download task.
           NSURLSessionDataTask *task = [[NSURLSession sharedSession] dataTaskWithURL:url completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
               // Handle errors.
               if (error) {
                   NSLog(@"Error during download: %@", error.localizedDescription);
                   return;
               }
               
               // Check the data in the object.
               if (!data) {
                   NSLog(@"No data received.");
                   return;
               }
               
               // Save the object.
               NSError *writeError = nil;
               BOOL success = [data writeToURL:[NSURL fileURLWithPath:savePath] options:NSDataWritingAtomic error:&writeError];
               if (success) {
                   NSLog(@"Download completed!");
               } else {
                   NSLog(@"Error saving file: %@", writeError.localizedDescription);
               }
           }];
           
           // Start the object download task.
           [task resume];
           
           // Continue to run the main thread to complete the asynchronous request.
           [[NSRunLoop currentRunLoop] run];
       }
       return 0;
   }

Common scenarios

<?php

// Import the autoloader file to ensure that dependency libraries are loaded correctly.
require_once __DIR__ . '/../vendor/autoload.php';

use AlibabaCloud\Oss\V2 as Oss;

// Define the description for command-line arguments.
$optsdesc = [
    "region" => ['help' => 'The region in which the bucket is located.', 'required' => True], // The region where the bucket is located. (Required)
    "endpoint" => ['help' => 'The domain names that other services can use to access OSS.', 'required' => False], // The endpoint to access OSS. (Optional)
    "bucket" => ['help' => 'The name of the bucket', 'required' => True], // The bucket name. (Required)
    "key" => ['help' => 'The name of the object', 'required' => True], // The object name. (Required)
];

// Convert the argument descriptions to the long options format required by getopt.
// A colon ":" after each argument indicates that it requires a value.
$longopts = \array_map(function ($key) {
    return "$key:";
}, array_keys($optsdesc));

// Parse the command-line arguments.
$options = getopt("", $longopts);

// Check if all required arguments are provided.
foreach ($optsdesc as $key => $value) {
    if ($value['required'] === True && empty($options[$key])) {
        $help = $value['help']; // Get the help information for the argument.
        echo "Error: the following arguments are required: --$key, $help" . PHP_EOL;
        exit(1); // If a required argument is missing, exit the program.
    }
}

// Extract values from the parsed arguments.
$region = $options["region"]; // The region where the bucket is located.
$bucket = $options["bucket"]; // The bucket name.
$key = $options["key"];       // The object name.

// Load the credentials from environment variables.
// Use EnvironmentVariableCredentialsProvider to read the Access Key ID and Access Key Secret from environment variables.
$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();

// Use the default configurations of the SDK.
$cfg = Oss\Config::loadDefault();
$cfg->setCredentialsProvider($credentialsProvider); // Set the credential provider.
$cfg->setRegion($region); // Set the region where the bucket is located.
if (isset($options["endpoint"])) {
    $cfg->setEndpoint($options["endpoint"]); // If an endpoint is provided, set it.
}

// Create an OSS client instance.
$client = new Oss\Client($cfg);

$versionId = "yourVersionId"; // The version number. This is an example value. Replace it with a real version ID.

// Create a GetObjectRequest object to download the object.
$request = new Oss\Models\GetObjectRequest(bucket:$bucket, key:$key, versionId: $versionId);

// Call the presign method to generate a signed URL.
$result = $client->presign($request);

// Print the presign result.
// Output the signed URL, which users can use directly to download the object.
print(
    'get object presign result:' . var_export($result, true) . PHP_EOL . // Detailed information about the presign result.
    'get object url:' . $result->url . PHP_EOL                           // The signed URL for directly downloading the object.
);

<?php

// Import the autoloader file to ensure that dependency libraries are loaded correctly.
require_once __DIR__ . '/../vendor/autoload.php';

use AlibabaCloud\Oss\V2 as Oss;

// Define the description for command-line arguments.
$optsdesc = [
    "region" => ['help' => 'The region in which the bucket is located.', 'required' => True], // The region where the bucket is located. (Required)
    "endpoint" => ['help' => 'The domain names that other services can use to access OSS.', 'required' => False], // The endpoint to access OSS. (Optional)
    "bucket" => ['help' => 'The name of the bucket', 'required' => True], // The bucket name. (Required)
    "key" => ['help' => 'The name of the object', 'required' => True], // The object name. (Required)
];

// Convert the argument descriptions to the long options format required by getopt.
// A colon ":" after each argument indicates that it requires a value.
$longopts = \array_map(function ($key) {
    return "$key:";
}, array_keys($optsdesc));

// Parse the command-line arguments.
$options = getopt("", $longopts);

// Check if all required arguments are provided.
foreach ($optsdesc as $key => $value) {
    if ($value['required'] === True && empty($options[$key])) {
        $help = $value['help']; // Get the help information for the argument.
        echo "Error: the following arguments are required: --$key, $help" . PHP_EOL;
        exit(1); // If a required argument is missing, exit the program.
    }
}

// Extract values from the parsed arguments.
$region = $options["region"]; // The region where the bucket is located.
$bucket = $options["bucket"]; // The bucket name.
$key = $options["key"];       // The object name.

// Load the credentials from environment variables.
// Use EnvironmentVariableCredentialsProvider to read the Access Key ID and Access Key Secret from environment variables.
$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();

// Use the default configurations of the SDK.
$cfg = Oss\Config::loadDefault();
$cfg->setCredentialsProvider($credentialsProvider); // Set the credential provider.
$cfg->setRegion($region); // Set the region where the bucket is located.
$cfg->setEndpoint(endpoint: "http://static.example.com"); // Set this to your custom endpoint.
$cfg->setUseCname(true); // Set to use a CNAME.

// Create an OSS client instance.
$client = new Oss\Client($cfg);


// Create a GetObjectRequest object to download the object.
$request = new Oss\Models\GetObjectRequest(bucket:$bucket, key:$key);

// Call the presign method to generate a signed URL.
$result = $client->presign($request);

// Print the presign result.
// Output the signed URL, which users can use directly to download the object.
print(
    'get object presign result:' . var_export($result, true) . PHP_EOL . // Detailed information about the presign result.
    'get object url:' . $result->url . PHP_EOL                           // The signed URL for directly downloading the object.
);

References

• For the complete sample code for generating signed URLs, see GitHub example.

• For more information about the Presign API operation, see Presign.