All buckets and objects are private by default. If you want a third party to be able to upload an object to your bucket but don't want them to use CAM account or temporary keys, signatures can be provided by pre-signed URLs for temporary upload operations. Anyone who receives a valid pre-signed URL can upload an object.
When creating a pre-signed URL, you can include an object key in your signature so that the object can only be uploaded to the specified object key. Besides, the validity period of pre-signed URLs can be provided in SDKs to ensure that expired URLs will not be used by any unauthorized party.
You can call the pre-signed URL method in the SDK directly. For more information, see the SDK documentation for the corresponding programming language below: