All Products
Document Center

Object Storage Service:PostObject Policy Signature

Last Updated:Jul 31, 2023

You can use the signature tool in the Object Storage Service (OSS) console to generate a request signature by uploading an HTML form. After you specify the required parameters, the system automatically generates and verifies a request signature.

Usage notes

  • If the signature obtained from the signature tool is inconsistent with those obtained from OSS SDKs or other tools, you need to verify the parameters yourself.

  • The signature tool does not provide identification and notification for incorrect parameters. In this case, the request signature that is generated may not pass the signature verification.

  • If you do not specify the required parameters of the signature tool, the request signature cannot be generated.


To generate a signature by using the signature tool in the OSS console, perform the following steps:

  1. Log on to the OSS console.

  2. In the left-side navigation pane, choose Self-service Tools > Signature Tool.

  3. On the Signature Tool page, click the PostObject Policy Signature tab.

  4. On the PostObject Policy Signature tab, configure the parameters. The following table describes the parameters.








    The AccessKey pair of the Alibaba Cloud account or the RAM user that you want to use to access OSS resources. An AccessKey pair consists of an AccessKey ID and AccessKey secret.




    Expire At



    The expiration date of this operation. The value of this parameter must be in UTC. After you select an expiration date from the drop-down list, the expiration parameter of the policy is automatically configured.



    { "expiration": "2014-12-01T12:00:00.000Z", "conditions": [ {"bucket": "johnsmith" }, ["content-length-range", 1, 10], ["eq", "$success_action_status", "201"], ["starts-with", "$key", "user/eric/"], ["in", "$content-type", ["image/jpg", "image/png"]], ["not-in", "$cache-control", ["no-cache"]] ]}

    The Policy form field in a PostObject request that is used to verify the validity of the request. The value of the Policy form field is a JSON string that is encoded in UTF-8 and Base64. The value specifies the conditions that a PostObject request must meet.


    The Policy form field is optional when you upload an HTML form to a public read/write bucket. To restrict PostObject requests, we recommend that you specify this form field.

    For more information about the Policy form field, see PostObject.

  5. Click Generate Signature.

    The policy and generated signature are displayed in the Result Feedback (Signature Process) section on the right of the Signature Tool page. You can initiate a PostObject request based on the generated signature.