edit-icon download-icon

How do I set the response signature?

Last Updated: Apr 11, 2018

The response signature is contained in Authorization of the HTTP header, indicating the response is authorized.

Sample header: Authorization:OTS44CF9590006BF252F707:jZNOcbfWmD/A/f3hSvVzXZjM2HU=

The values separated by the colon are the AccessKeyID (left) and signature (right). The verification code is calculated as follows.

  1. "Authorization: OTS " + AccessID + ":" + base64(hmac-sha1(
  2. + CONTENT-MD5 + "\n"
  3. + CONTENT-TYPE + "\n"
  4. + CanonicalizedOTSHeaders
  5. + CanonicalizedResource
  6. , AccessKey))

As shown in the preceding code, the headers of a Table Store response signature include Content-Md5, Content-Type, CanonicalizedOTSHeaders (canonicalized Table Store header), and CanonicalizedResource (canonicalized Table Store resource address). Content-Typeand Content-MD5 are required. A carriage return must be added after each header, with the exception of if CanonicalizedOTSHeaders does not exist. A canonicalized Table Store header is a header prefixed with x-ots-.

The signature of CanonicalizedOTSHeaders must observe the following rules:

  • Headers are in lowercase.

  • The headers are sorted in ascending lexicographic order by name.

  • There cannot be a space before or after the colon that separates the header name and value.

  • A newline character \n must be used to separate headers.

  • If CanonicalizedOTSHeaders does not exist, the parameter can remain blank.

  • The current version has a unique CanonicalizedOTSHeaders, which is x-ots-date. It indicates the time that Table Store returns the response. The format is %a, %d %b %Y %H:%M:%S GMT, for example, Mon, 3 Jan 2010 08:33:47 GMT.

You can calculate the signature in the same way, and check whether the response is valid by comparing the calculated signature and the one provided by Table Store in terms of consistency.

Thank you! We've received your feedback.