Common Request Headers

Last updated: 2019-12-16 14:39:39

Description

This document describes the common request headers that may be used in API requests. The headers mentioned below will not be detailed again in specific API documents.

Request Headers

Header Name Description Type Required
Authorization Carries authentication information, i.e., the signing information used to verify the validity of a request.
This header is optional for public-read objects or if the authentication information is passed in through request parameters. For more information, see Request Signature.
string Yes.
This header is optional for public-read objects or if the authentication information is passed in through request parameters.
Content-Length HTTP request length in bytes as defined in RFC 2616. integer No.
This header is required for PUT and POST requests (except PUT Object requests where the Transfer-Encoding request header is specified).
Content-Type HTTP request content type (MIME) as defined in RFC 2616.
For example, application/xml, image/jpeg
string No.
This header is required for PUT and POST requests with a request body.
Content-MD5 Base64-encoded MD5 hash value of the request body content as defined in RFC 1864, such as ZzD3iDJdrMAAb00lgLLeig==.
This header is used for integrity check to verify whether the request body has changed during the transfer.
For PUT and POST requests with a request body (except POST Object requests), it is highly recommended to carry this header.
string No
Date Current time in GMT format as defined in RFC 1123, such as Wed, 29 May 2019 04:10:12 GMT. string No
Host Requested host in the format of <BucketName-APPID>.cos.<Region>.myqcloud.com string Yes
x-cos-security-token The security token field that needs to be passed in when temporary security credentials are used. For more information, see Temporary Security Credentials. string No.
This header is required when a temporary key is used and the authentication information is carried through Authorization.

Server-side Encryption Headers

For APIs that support server-side encryption (SSE), the following request headers are applicable based on different encryption methods. Please consult the specific API documents to determine whether SSE is applicable. Whether the following headers are required is only for scenarios where SSE is used. If you request an API that does not support or use SSE, the following headers do not need to be carried. For more information, see Server-side Encryption Overview.

SSE-COS

Header Name Description Type Required
x-cos-server-side-encryption Server-side encryption algorithm; currently only AES256 is supported string Required when you upload or copy objects (including simple upload/copy and multipart upload/copy). This header cannot be specified when you download objects

SSE-C

Header Name Description Type Required
x-cos-server-side-encryption-customer-algorithm Server-side encryption algorithm; currently only AES256 is supported string Yes
x-cos-server-side-encryption-customer-key Base64-encoded server-side encryption key.
For example, MDEyMzQ1Njc4OUFCQ0RFRjAxMjM0NTY3ODlBQkNERUY=
string Yes
x-cos-server-side-encryption-customer-key-MD5 Base64-encoded MD5 hash of the server-side encryption key.
For example, U5L61r7jcwdNvT7frmUG8g==
string Yes