0002-00000203 - Object Storage Service - Alibaba Cloud Documentation Center

Problem description

The format of the Authorization request header is invalid.

Causes

The V4 signature is used in the request. However, the format of the Authorization header is invalid.

Examples

The V4 signature is used in the request. However, the format of the Authorization header is invalid.

GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Authorization: OSS4-HMAC-SHA256 CredentialAK**ID/20221220/us-east-1/oss/aliyun_v4_request,Signature=18**0a
x-oss-content-sha256: UNSIGNED-PAYLOAD

The signature version and information in the Authorization header must be separated by spaces.

Signature version: Only OSS4-HMAC-SHA256 is supported.
Signature information: The signature information is displayed in the form of key-value pairs. Separate key-value pairs with commas (,), and connect keys and values with equal signs (=).
The key of the signature information includes two required fields (Credential and Signature) and one optional field (AdditionalHeaders). In this example, the equal sign (=) between the key and value of the Credential field is missing.

Solutions

Make sure that the format of the Authorization header in the request that uses the V4 signature meets the preceding requirements. Example:

GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Authorization: OSS4-HMAC-SHA256 Credential=AK**ID/20221220/us-east-1/oss/aliyun_v4_request,AdditionalHeaders=host,Signature=18**0a
x-oss-content-sha256: UNSIGNED-PAYLOAD

References

For information about how to use Alibaba Cloud SDKs to initiate a request that uses the V4 signature, see Overview.
Calculate the signature:
- For information about how to calculate the V4 signature, see Calculate V4 signature by using OSS SDK for Python.
- For information about how to specify the signature logic based on the V1 signature, see Overview.
If the server returns a response that contains the StringToSign parameter, you must check whether the value of the StringToSign parameter on the server is the same as the string before calculation.