You can use the signature tool in the OSS console to generate signatures for different request methods. After you enter the required parameters, the tool automatically generates and verifies the request signature.
Usage notes
If a signature calculated by the signature tool is different from a signature calculated by a software development kit (SDK) or another tool, verify the parameters that you entered. The signature tool does not automatically correct incorrect parameters.
The signature tool does not identify or report whether the parameters you entered are valid. Therefore, the generated request signature may fail signature validation.
If you do not enter the required parameters for the signature tool, a request signature cannot be generated.
The signature tool supports only V1 signatures.
Procedure
Follow these steps to generate a signature using the signature tool in the OSS console.
Log on to the OSS console.
In the navigation pane on the left, choose .
On the Signature Tool page, click the Header signature tab.
On the Header signature panel, enter the parameters as described in the following table.
Parameter
Required
Example
Description
AccessKeyId
Yes
LTAI********
Enter the AccessKey pair for the current account. An AccessKey pair includes an AccessKey ID and an AccessKey secret.
For more information about how to obtain the AccessKey pair of an Alibaba Cloud account or a Resource Access Management (RAM) user, see Create an AccessKey pair.
For more information about how to obtain a temporary AccessKey pair from Security Token Service (STS), see Use temporary credentials provided by STS to access OSS.
AccessKeySecret
Yes
KZo1********
Security-Token
No
CAIS********
This parameter is required only when you use temporary access credentials from STS to access OSS. For information about how to obtain a security token, see AssumeRole.
Request method (VERB)
Yes
GET
The request method, such as GET, POST, PUT, DELETE, or HEAD.
For more information about request methods, see API overview.
Content-MD5
No
eB5eJF1ptWaXm4bijSPyxw==
The MD5 hash of the request body. To get this value, calculate the MD5 hash of the message content, not including headers, to get a 128 bit value. Then, Base64-encode the value. For more information, see RFC2616 Content-MD5.
This request header can be used to check message integrity to make sure the message content is the same as when it was sent. This parameter can be empty.
For more information about how to calculate the Content-MD5 value, see Calculate Content-MD5.
Content-Type
No
application/octet-stream
The type of the request content. This parameter can be empty. For more information about Content-Type, see How to set Content-Type (Multipurpose Internet Mail Extensions (MIME)).
Date
Yes
Jan 9, 2023 14:20:38 GMT
The time when the signature is generated. The Date value must be in GMT format and cannot be empty.
ImportantIf the time specified by the Date header in a request is more than 15 minutes different from the current time on the OSS server, OSS rejects the request and returns an HTTP 403 error.
Canonicalized Headers
No
x-oss-meta-name: taobao
The HTTP headers that are prefixed with
x-oss-, sorted in lexicographical order. This parameter can be empty. To add multiple canonicalized headers, click Add.For more information about how to construct canonicalized headers, see Construct CanonicalizedOSSHeaders.
Canonicalized Resource
No
examplebucket
Enter the OSS resource that you want to access.
If the request to be signed does not involve a bucket or object resource, you do not need to enter this parameter. An example is a call to the ListBuckets (GetService) operation.
If the request to be signed involves a bucket, object, or other subresource, enter this parameter as needed. For more information about how to specify this parameter, see Construct CanonicalizedResource.
Click Generate Signature.
The feedback on the right shows the signature function call and the generated Authorization request header.