All Products
Document Center

Object Storage Service:URL Signature

Last Updated:Aug 18, 2023

You can use the signature tool in the Object Storage Service (OSS) console to generate a signed object URL for temporary access. When you generate a signed URL, you can specify the validity period of the URL to limit the period in which visitors can use the URL to access resources.

Usage notes

  • If the signature obtained from the signature tool is inconsistent with those obtained from OSS SDKs or other tools, you must verify the parameters yourself.

  • The signature tool does not provide identification and notification for incorrect parameters. In this case, the request signature that is generated may not pass the signature verification.

  • If you do not specify the required parameters of the signature tool, the signed object URL cannot be generated.


To generate a signature by using the signature tool in the OSS console, perform the following steps:

  1. Log on to the OSS console.

  2. In the left-side navigation pane, choose Self-service Tools > Signature Tool.

  3. On the Signature Tool page, click the URL Signature tab.

  4. On the URL Signature tab, configure the parameters. The following table describes the parameters.








    The AccessKey pair of the account that you want to use to access OSS resources. An AccessKey pair consists of an AccessKey ID and AccessKey secret.







    This parameter is required only if you use temporary access credentials to access OSS resources. Otherwise, you can leave this parameter empty. For more information about how to obtain a security token, see AssumeRole.



    The URL of the object that you want to access. You can enter multiple URLs at a time. Separate URLs with line feeds.

    The object URL is in the following format: <Schema>://<Bucket>.<Endpoint>/<Object>.

    • Schema: enter HTTP or HTTPS.

    • Bucket: enter the name of the bucket that you want to access.

    • Endpoint: enter the internal or public endpoint of the region in which the bucket is located. For more information, see Regions and endpoints.

    • Object: enter the full path of the object that is uploaded to the bucket.

    Bucket Name



    The name of the bucket. Enter the bucket name if a custom domain name is used.

    Query Params


    response-content-type : image/jpg

    Other request parameters. You can select other supported request parameters from the drop-down list of the Query Params parameter. For more information about GetObject, see GetObject.

    Validity Period (Seconds)



    The validity period of the STS token. Unit: seconds.

  5. Click Generate Link.

    The generated signature link is displayed in the Result Feedback section on the right of the Signature Tool page.