Signature in Authorization Header - Object Storage Service

You can use the signature tool in the Object Storage Service (OSS) console to generate signatures for different request methods. After you specify the required parameters, the system automatically generates and verifies a request signature.

Usage notes

If the signature obtained from the signature tool is inconsistent with those obtained from OSS SDKs or other tools, you need to verify the parameters yourself.
The signature tool does not provide identification and notification for incorrect parameters. In this case, the request signature that is generated may not pass the signature verification.
If you do not specify the required parameters of the signature tool, the request signature cannot be generated.

Procedure

To generate a signature by using the signature tool in the OSS console, perform the following steps:

Log on to the OSS console.
In the left-side navigation pane, choose Self-service Tools > Signature Tool.
On the Signature Tool page, click the Signature in Authorization Header tab.

On the Signature in Authorization Header tab, configure the parameters. The following table describes the parameters.


Parameter	Required	Example	Description
AccessKeyId	Yes	LTAI5t7h6SgiLSganP2m****	The AccessKey pair of the account that you want to use to access OSS resources. An AccessKey pair consists of an AccessKey ID and AccessKey secret. For more information about how to obtain the AccessKey pair of an Alibaba Cloud account or a RAM user, see Create an AccessKey pair. For more information about how to obtain a temporary AccessKey pair provided by Security Token Service (STS) for an account, see Use temporary credentials provided by STS to access OSS.
AccessKeySecret	Yes	KZo149BD9GLPNiDIEmdQ7dyNKG****
Security-Token	No	CAISowJ1q6Ft5B2yfSjIr5feHsPhtYh3+pONd2uCglI3dvxVt7DB1Tz2IHxMdHJsCeAcs/Q0lGFR5/sflqJIRoReREvCUcZr8sy2SqEGos2T1fau5Jko1be0ewHKeQKZsebWZ+LmNpy/Ht6md1HDkAJq3LL+bk/Mdle5MJqP+/kFC9MMRVuAcCZhDtVbLRcYgq18D3bKMuu3ORPHm3fZCFES2jBxkmRi86+ysIP+phPVlw/90fRH5dazcJW0Zsx0OJo6Wcq+3+FqM6DQlTNM6hwNtoUO1fYUommb54nDXwQIvUjfbtC5qIM/cFVLAYEhALNBofTGkvl1h/fejYyfyWwWYbkFCHiPFNr9kJCUSbr4a4sjF6zyPnPWycyCLYXleLzhxPWd/2kagAF6qLNY5paXF18NyRP0PISqxlWBuSQldMS3avlblTFB7apY8CUiAQcSY3uDYUhuxU+KFBxpGaq8c1SU5ARo+1JBA5nXhFlY2nbDnWONxa0mvNvE3XJ0FZJnDS7WBHyOMjC8nmw2GfaQ4bxQ0D2+20yrDNevWSSqnwh0qXMI3zY5****	This parameter is required only if you use temporary access credentials to access OSS resources. Otherwise, you can leave this parameter empty. For more information about how to obtain a security token, see AssumeRole.
VERB	Yes	GET	The method that is used for the HTTP request, including GET, POST, PUT, DELETE, and HEAD. For more information, see List of operations by function.
Content-MD5	No	eB5eJF1ptWaXm4bijSPyxw==	The MD5 hash of the requested content. The message content that excludes the header is calculated to obtain a 128-bit MD5 hash. This hash is encoded in Base64. For more information, see RFC 2616 Content-MD5. The request header can be used to check the validity of a message. The message content is valid only if the received message content is the same as the content that is sent. This parameter can be left empty. For more information about how to calculate the value of Content-MD5, see Calculation of Content-MD5.
Content-Type	No	application/octet-stream	The type of the request content. This parameter can be left empty. For more information about Content-Type, see How do I specify the Content-Type header?
Date	Yes	Jan 9, 2023 14:20:38 GMT	The time when the signature is generated. The value of this parameter must be in UTC. Important If the difference between the time specified by the Date header in a request and the time on the server when the request is received is greater than 15 minutes, OSS rejects the request and returns the HTTP status code 403.
Canonicalized Headers	No	x-oss-meta-name: taobao	The HTTP headers that are prefixed with `x-oss-`. The HTTP headers are sorted in alphabetical order. To add multiple Canonicalized headers, click Add. For more information about how to construct Canonicalized headers, see Creation of CanonicalizedOSSHeaders.
Canonicalized Resource	No	examplebucket	The OSS resource that you want to access. If no bucket or object is used to generate the signature, you do not need to specify the Canonicalized Resource parameter. For example, when you call the ListBuckets (GetService) operation to generate the signature, you do not need to specify the Canonicalized Resource parameter. If buckets, objects, or other subresources are used to generate the signature, specify the Canonicalized Resource parameter based on your business requirements. For more information about how to specify the Canonicalized Resource parameter, see Creation of CanonicalizedResource.

After you specify the preceding parameters, click Generate Signature.
The used signature functions and the generated Authorization request header are displayed in the Result Feedback section on the right of the Signature Tool page.