All Products
Search

This Product

    Object Storage Service:PostObject Policy Signature

    Document Center

    Object Storage Service:PostObject Policy Signature

    Last Updated:Jul 31, 2023

    You can use the signature tool in the Object Storage Service (OSS) console to generate a request signature by uploading an HTML form. After you specify the required parameters, the system automatically generates and verifies a request signature.

    Usage notes

    • If the signature obtained from the signature tool is inconsistent with those obtained from OSS SDKs or other tools, you need to verify the parameters yourself.

    • The signature tool does not provide identification and notification for incorrect parameters. In this case, the request signature that is generated may not pass the signature verification.

    • If you do not specify the required parameters of the signature tool, the request signature cannot be generated.

    Procedure

    To generate a signature by using the signature tool in the OSS console, perform the following steps:

    1. Log on to the OSS console.

    2. In the left-side navigation pane, choose Self-service Tools > Signature Tool.

    3. On the Signature Tool page, click the PostObject Policy Signature tab.

    4. On the PostObject Policy Signature tab, configure the parameters. The following table describes the parameters.

      Parameter

      Required

      Example

      Description

      AccessKeyId

      Yes

      LTAI5t7h6SgiLSganP2m****

      The AccessKey pair of the Alibaba Cloud account or the RAM user that you want to use to access OSS resources. An AccessKey pair consists of an AccessKey ID and AccessKey secret.

      AccessKeySecret

      Yes

      KZo149BD9GLPNiDIEmdQ7dyNKG****

      Expire At

      Yes

      2023-01-09T07:36:58.086Z

      The expiration date of this operation. The value of this parameter must be in UTC. After you select an expiration date from the drop-down list, the expiration parameter of the policy is automatically configured.

      Policy

      No

      { "expiration": "2014-12-01T12:00:00.000Z", "conditions": [ {"bucket": "johnsmith" }, ["content-length-range", 1, 10], ["eq", "$success_action_status", "201"], ["starts-with", "$key", "user/eric/"], ["in", "$content-type", ["image/jpg", "image/png"]], ["not-in", "$cache-control", ["no-cache"]] ]}

      The Policy form field in a PostObject request that is used to verify the validity of the request. The value of the Policy form field is a JSON string that is encoded in UTF-8 and Base64. The value specifies the conditions that a PostObject request must meet.

      Important

      The Policy form field is optional when you upload an HTML form to a public read/write bucket. To restrict PostObject requests, we recommend that you specify this form field.

      For more information about the Policy form field, see PostObject.

    5. Click Generate Signature.

      The policy and generated signature are displayed in the Result Feedback (Signature Process) section on the right of the Signature Tool page. You can initiate a PostObject request based on the generated signature.