All Products
Search

This Product

    Object Storage Service:0002-00000201

    Document Center

    Object Storage Service:0002-00000201

    Last Updated:May 22, 2024

    Problem description

    The signature in the request does not match the signature that is calculated by Object Storage Service (OSS).

    Causes

    The V4 signature is used to initiated the request. However, the signature included in the request is inconsistent with the signature calculated by OSS.

    Examples

    The V4 signature is included in the URL of the request. However, the signature is not correctly calculated. 

    GET /oss.jpg?x-oss-signature-verion=OSS4-HMAC-SHA256&x-oss-credential=***&x-oss-expires=118060&x-oss-additional-headers=host&x-oss-signature=InvalidSignature HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Fri, 24 Feb 2012 06:38:30 GMT

    Solutions

    • If you want to use Alibaba Cloud SDKs to initiate a request that uses the V4 signature, see Overview.

      If a signature mismatch is reported after you use Alibaba Cloud SDKs to initiate a request, perform the following steps to troubleshoot the issue.

      1. Check whether the format of the endpoint is valid.

        In this example, the endpoint of the China (Hangzhou) region is used. The valid endpoint is in the following format: http://oss-cn-hangzhou.aliyuncs.com. For more information about the endpoints of other regions, see Regions and endpoints.

      2. Check whether the AccessKey ID and AccessKey secret are valid.

        The AccessKey ID and AccessKey secret cannot start or end with a space.

      3. Make sure that the buckets and objects meet the following naming conventions:

        • Naming conventions for buckets:

          • The name must be unique in OSS.

          • The name can contain lowercase letters, digits, and hyphens (-).

          • The name must start and end with a lowercase letter or a digit.

          • The name must be 3 to 63 characters in length.

        • Naming conventions for objects:

          • The name must be encoded in UTF-8.

          • The name must be 1 to 1,023 bytes in length.

          • The name cannot start with a forward slash (/) or a backslash (\).

          • The name is case-sensitive.

      4. Check the signature method.

        • If you use the self-signed mode and your business environment supports OSS SDKs, use the signature method provided by OSS SDKs. For more information, see Overview.

        • If you use the self-signed mode and your business environment does not support OSS SDKs, you must write code to calculate signatures and add the signatures to RESTful API requests. For more information, see Overview.

      5. Check whether additional headers are added to the proxy server.

    • If you want to calculate the V4 signature,

      If the server returns a response that contains the StringToSign parameter, you can check whether the value of the StringToSign parameter on the server is the same as the string before calculation.