0002-00000062

更新时间:
复制 MD 格式

Problem description

The Authorization header format is invalid.

Causes

The Authorization header in your request does not follow the required format. A common cause is a missing colon (:) between the AccessKey ID and the signature value.

Examples

The following request has an invalid Authorization header. In this example, the colon (:) that separates the AccessKey ID from the signature is missing:

GET /test.txt HTTP/1.0
Date: Tue, 20 Dec 2022 08:48:18 GMT
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Authorization: OSS qn6q**************:77Dv****************

Solutions

Construct the Authorization header using the following format:

Authorization = "OSS " + AccessKeyId + ":" + Signature
Signature = base64(hmac-sha1(AccessKeySecret,
            VERB + "\n"
            + Content-MD5 + "\n"
            + Content-Type + "\n"
            + Date + "\n"
            + CanonicalizedOSSHeaders
            + CanonicalizedResource))

The header value has two components separated by a colon:

ComponentDescription
AccessKeyIdYour AccessKey ID
SignatureA Base64-encoded HMAC-SHA1 hash computed from your AccessKey secret and the canonical request string

A typical mistake is omitting the colon (:) between AccessKeyId and Signature. For the full signature calculation procedure, see Include signatures in the Authorization header.

Tip: Use Alibaba Cloud SDKs to send requests. SDKs compute and attach signatures automatically, so you do not need to construct the Authorization header manually. See Overview.