Generating Authentication Parameters for Browser-Based Uploads¶
Function¶
This API generates parameters for authentication. The parameters can be used to perform a browser-based upload through POST operations.
Note
There are two request parameters generated for authentication:
policy, which corresponds to the policy parameter in the form.
signature, which corresponds to the signature parameter in the form.
Restrictions¶
To upload an object, you must be the bucket owner or have the required permission (obs:object:PutObject in IAM or PutObject in a bucket policy).
Method¶
ObsClient.createPostSignature(bucketName, objectKey, expires, formParams)
Request Parameters¶
Parameter | Type | Mandatory (Yes/No) | Description |
|---|---|---|---|
bucketName | str | No | Explanation: Bucket name Restrictions:
Default value: None |
objectKey | str | No | Explanation: Object name. An object is uniquely identified by an object name in a bucket. An object name is a complete path that does not contain the bucket name. Value range: The value must contain 1 to 1,024 characters. Default value: None |
expires | int | No | Explanation: Expiration time of authentication for a browser-based upload Value range: An integer greater than or equal to 0, in seconds Default value: 300 |
formParams | dict | No | Explanation: Parameters of browser-based uploads, not including key, policy, and signature. Value range:
Default value: None |
Responses¶
Parameter | Type | Description |
|---|---|---|
originPolicy | str | Explanation: policy not encoded by Base64. This parameter can only be used for verification. Example: {"expiration":"2023-09-12T12:52:59Z","conditions":[{"content-type":"text/plain"},{"bucket":"examplebucket"},{"key":"example/objectname"},]}" Default value: None |
policy | str | Explanation: Base64-encoded value of policy in the form Example: eyJleHBpcmF0aW9uIjoiMjAyMy0wOS0xMlQxMjo1Mjo1OVoiLCJjb25kaXRpb25zIjpbeyJjb250ZW50LXR5cGUiOiJ0ZXh0L3BsYWluIn0seyJidWNrZXQiOiJleGFtcGxlYnVja2V0In0seyJrZXkiOiJleGFtcGxlL29iamVjdG5hbWUifSxdfQ== Default value: None |
signature | str | Explanation: signature in the form Example: g0jQr4v9VWd1Q2FOFDG6LGfV9Cw= Default value: None |
Code Examples¶
This example generates authentication parameters policy and signature for a browser-based upload.
from obs import ObsClient
import os
import traceback
# Obtain an AK and SK pair using environment variables or import the AK and SK pair in other ways. Using hard coding may result in leakage.
# Obtain an AK and SK pair on the management console.
ak = os.getenv("AccessKeyID")
sk = os.getenv("SecretAccessKey")
# (Optional) If you use a temporary AK and SK pair and a security token to access OBS, obtain them from environment variables.
# security_token = os.getenv("SecurityToken")
# Set server to the endpoint of the region where the bucket is located.
server = "https://your-endpoint"
# Create an obsClient instance.
# If you use a temporary AK and SK pair and a security token to access OBS, you must specify security_token when creating an instance.
obsClient = ObsClient(access_key_id=ak, secret_access_key=sk, server=server)
try:
bucketName = "examplebucket"
objectKey = "objectname"
# Configure the validity period (in seconds) for a browser-based upload request. 3600 is used as an example.
expires = 3600
# Specify parameters for a browser-based upload except key, policy, and signature. In this example, x-obs-acl is set to private and content-type is set to text/plain.
formParams = {'x-obs-acl': 'private', 'content-type': 'text/plain'}
# Create parameters for a browser-based upload.
resp = obsClient.createPostSignature(bucketName, objectKey, expires, formParams)
print('originPolicy:', resp.originPolicy)
print('policy:', resp.policy)
print('signature:', resp.signature)
except:
print(traceback.format_exc())