0002-00000061

更新时间:
复制 MD 格式

Problem description

The signature format is invalid.

Causes

The value of the Authorization header is in an invalid format. For standard OSS requests, the value must start with OSS. For Amazon S3-compatible requests, it must start with AWS. Any other prefix causes this error.

Examples

The following request uses an invalid Authorization value. The prefix OSSxxx is not recognized.

GET /test.txt HTTP/1.0
Date: Tue, 20 Dec 2022 08:48:18 GMT
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Authorization: OSSxxx qn6q**************:77Dv****************

Solutions

Construct the Authorization header using the following format:

Authorization = "OSS " + AccessKeyId + ":" + Signature
Signature = base64(hmac-sha1(AccessKeySecret,
            VERB + "\n"
            + Content-MD5 + "\n"
            + Content-Type + "\n"
            + Date + "\n"
            + CanonicalizedOSSHeaders
            + CanonicalizedResource))

The following table describes each component:

ComponentDescription
OSS Required prefix, followed by a space. For Amazon S3-compatible requests, use AWS instead.
AccessKeyIdYour Alibaba Cloud AccessKey ID.
SignatureBase64-encoded HMAC-SHA1 signature computed from AccessKeySecret and the canonicalized request string.
VERBThe HTTP method of the request, such as GET, PUT, or DELETE.
Content-MD5The MD5 hash of the request body.
Content-TypeThe MIME type of the request body.
DateThe request date, such as Tue, 20 Dec 2022 08:48:18 GMT.
CanonicalizedOSSHeadersThe OSS-specific headers (headers prefixed with x-oss-).
CanonicalizedResourceThe canonicalized OSS resource.

For the full calculation rules, see Include signatures in the Authorization header.

To avoid manually calculating signatures, use Alibaba Cloud SDKs, which generate signatures automatically. See Overview or Use Amazon S3 SDKs to access OSS.