You can use the signature tool in the Object Storage Service (OSS) console to generate a signed object URL for temporary access. When you generate a signed URL, you can specify the validity period of the URL to limit the period in which visitors can use the URL to access resources.
Usage notes
If the signature obtained from the signature tool is inconsistent with those obtained from OSS SDKs or other tools, you must verify the parameters yourself.
The signature tool does not provide identification and notification for incorrect parameters. In this case, the request signature that is generated may not pass the signature verification.
If you do not specify the required parameters of the signature tool, the signed object URL cannot be generated.
Procedure
To generate a signature by using the signature tool in the OSS console, perform the following steps:
Log on to the OSS console.
In the left-side navigation pane, choose .
On the Signature Tool page, click the URL Signature tab.
On the URL Signature tab, configure the parameters. The following table describes the parameters.
Parameter
Required
Example
Description
AccessKeyId
Yes
LTAI5t7h6SgiLSganP2m****
The AccessKey pair of the account that you want to use to access OSS resources. An AccessKey pair consists of an AccessKey ID and AccessKey secret.
- For more information about how to obtain the AccessKey pair of an Alibaba Cloud account or a RAM user, see Create an AccessKey pair.
- For more information about how to obtain a temporary AccessKey pair provided by Security Token Service (STS) for an account, see Use temporary credentials provided by STS to access OSS.
AccessKeySecret
Yes
KZo149BD9GLPNiDIEmdQ7dyNKG****
Security-Token
No
CAISowJ1q6Ft5B2yfSjIr5feHsPhtYh3+pONd2uCglI3dvxVt7DB1Tz2IHxMdHJsCeAcs/Q0lGFR5/sflqJIRoReREvCUcZr8sy2SqEGos2T1fau5Jko1be0ewHKeQKZsebWZ+LmNpy/Ht6md1HDkAJq3LL+bk/Mdle5MJqP+/kFC9MMRVuAcCZhDtVbLRcYgq18D3bKMuu3ORPHm3fZCFES2jBxkmRi86+ysIP+phPVlw/90fRH5dazcJW0Zsx0OJo6Wcq+3+FqM6DQlTNM6hwNtoUO1fYUommb54nDXwQIvUjfbtC5qIM/cFVLAYEhALNBofTGkvl1h/fejYyfyWwWYbkFCHiPFNr9kJCUSbr4a4sjF6zyPnPWycyCLYXleLzhxPWd/2kagAF6qLNY5paXF18NyRP0PISqxlWBuSQldMS3avlblTFB7apY8CUiAQcSY3uDYUhuxU+KFBxpGaq8c1SU5ARo+1JBA5nXhFlY2nbDnWONxa0mvNvE3XJ0FZJnDS7WBHyOMjC8nmw2GfaQ4bxQ0D2+20yrDNevWSSqnwh0qXMI3zY5****
This parameter is required only if you use temporary access credentials to access OSS resources. Otherwise, you can leave this parameter empty. For more information about how to obtain a security token, see AssumeRole.
URL
Yes
https://example.oss-cn-hangzhou.aliyuncs.com/test.txt
The URL of the object that you want to access. You can enter multiple URLs at a time. Separate URLs with line feeds.
The object URL is in the following format: <Schema>://<Bucket>.<Endpoint>/<Object>.
Schema: enter HTTP or HTTPS.
Bucket: enter the name of the bucket that you want to access.
Endpoint: enter the internal or public endpoint of the region in which the bucket is located. For more information, see Regions and endpoints.
Object: enter the full path of the object that is uploaded to the bucket.
Bucket Name
No
examplebucket
The name of the bucket. Enter the bucket name if a custom domain name is used.
Query Params
No
response-content-type : image/jpg
Other request parameters. You can select other supported request parameters from the drop-down list of the Query Params parameter. For more information about GetObject, see GetObject.
Validity Period (Seconds)
Yes
3600
The validity period of the STS token. Unit: seconds.
Click Generate Link.
The generated signature link is displayed in the Result Feedback section on the right of the Signature Tool page.