tencent cloud

Feedback

POST Object

Last updated: 2021-11-17 12:32:43

    Overview

    This API is used to upload an object within 5 GB to a bucket using an HTML form. To call this API, you need to have permission to write to the bucket.

    Note:

    • This API requires a signature different from the standard COS request signatures. For more information, please see Signature protection and the description of related fields.
    • If you upload an object whose name is the same as another object that is already stored in the bucket with versioning disabled, the old object will be overwritten and the response will be returned normally as specified upon successful upload.
    API Explorer is recommended.
    Debug
    API Explorer makes it easy to make online API calls, verify signatures, generate SDK code, search for APIs, etc. You can also use it to query the content of each request as well as its response.

    Versioning

    • For a versioning-enabled bucket, COS will automatically generate a unique version ID for the object, and the ID will be returned in the x-cos-version-id response header.
    • For a versioning-suspended bucket, COS will always use null as the version ID of the object and will not return the x-cos-version-id response header.

    Request

    Sample request

    POST / HTTP/1.1
    Host: <BucketName-APPID>.cos.<Region>.myqcloud.com
    Date: GMT Date
    Content-Type: multipart/form-data; boundary=Multipart Boundary
    Content-Length: Content Length
    
    [Multipart Form Data]
    
    Note:

    Host: .cos..myqcloud.com, where is the bucket name followed by the APPID, such as examplebucket-1250000000 (see Bucket Overview > Basic Information and Bucket Overview > Bucket Naming Conventions), and is a COS region (see Regions and Access Endpoints).

    Request form

    The request body of this API is encoded with multipart/form-data. When sending the request with the HTML &dxlt;form&dxgt; element, set the value of the enctype attribute to multipart/form-data. After this, use HTML elements (such as &dxlt;input&dxgt; and &dxlt;select&dxgt;) to add form fields as needed.

    Form fields

    Field Description Type Required
    key Object key. If you use the ${filename} wildcard in the object key, the wildcard will be replaced with the name of the object uploaded (see Example 7). string Yes
    Cache-Control Cache directives defined in RFC 2616. It will be stored as object metadata. string No
    Content-Disposition Filename defined in RFC 2616. It will be stored as object metadata. string No
    Content-Encoding Encoding format defined in RFC 2616. It will be stored as object metadata. string No
    Content-Type HTTP content type (MIME) defined in RFC 2616. It will be stored as object metadata
    Note: If a file is uploaded via an HTML form, the browser will automatically carry the file’s MIME type in the request. However, COS will not use this MIME type carried. Therefore, you need to use the Content-Type field to specify the content type of the object.
    string No
    Expires Cache expiration time defined in RFC 2616. It will be stored as object metadata. string No
    success_action_redirect Redirection target URL if the upload succeeds. If this field is set, HTTP status code “303 (Redirect)” and the Location response header will be returned. Location will include the URL specified in this field as well as the bucket, key, and ETag parameters (see Example 8). string No
    success_action_status HTTP status code to return for a successful upload. Valid values: 200, 201, 204 (default). If success_action_redirect is specified, this field will be ignored (see Example 9). number No
    x-cos-meta-* User-defined metadata and header suffixes. It will be stored as object metadata. Maximum size: 2 KB.
    Note: User-defined metadata can contain underscores (_), but header suffixes can contain minus signs (−) but not underscores.
    string No
    x-cos-storage-class Object storage class. For the enumerated values, such as STANDARD (default), INTELLIGENT_TIERING, STANDARD_IA, ARCHIVE, and DEEP_ARCHIVE, please see Storage Class Overview. Enum No
    x-cos-traffic-limit Limits the speed (in bit/s) for the current upload for traffic control. Valid range: 819200−838860800 (i.e., 100 KB/s−100 MB/s). If the speed exceeds the limit, a 400 error will be returned. integer No
    Content-MD5 MD5 checksum of the Base64-encoded file content. It is used for integrity check, i.e., whether the file content has changed during the upload. string No
    file File information and content. When the file is uploaded via an HTML form, the browser automatically sets the value of this parameter to the correct format.
    Note: This field must be placed at the end of the form.
    file Yes

    ACL-related form fields

    You can configure access permissions for the object by specifying the following form fields during upload:

    Field Description Type Required
    acl Defines the ACL attribute of the object. For the enumerated values, such as default (default), private, and public-read, please see the Preset ACL section in ACL Overview.
    Note: If you do not need to set an ACL for the object, set this parameter to default or leave it empty. In this way, the object will inherit the permissions of the bucket it is stored in.
    Enum No
    x-cos-grant-read Grants a user permission to read the object in the format: id="[OwnerUin]" (e.g., id="100000000001"). You can use commas (,) to separate multiple users, for example, id="100000000001",id="100000000002". string No
    x-cos-grant-read-acp Grants a user permission to read the ACL of an object in the format: id="[OwnerUin]" (e.g., id="100000000001"). You can use commas (,) to separate multiple users, for example, id="100000000001",id="100000000002". string No
    x-cos-grant-write-acp Grants a user permission to write to the ACL of an object in the format: id="[OwnerUin]" (e.g., id="100000000001"). You can use commas (,) to separate multiple users, for example, id="100000000001",id="100000000002". string No
    x-cos-grant-full-control Grants a user full permission to operate on an object in the format: id="[OwnerUin]" (e.g., id="100000000001"). You can use commas (,) to separate multiple users, for example, id="100000000001",id="100000000002". string No

    SSE-related form fields

    You can use server-side encryption by specifying the following form fields during upload:

    Field Description Type Required
    x-cos-server-side-encryption Server-side encryption algorithm. AES256 and cos/kms are supported. string Required if SSE-COS or SSE-KMS is used
    x-cos-server-side-encryption-customer-algorithm Server-side encryption algorithm. AES256 is supported. string Required if SSE-C is used
    x-cos-server-side-encryption-cos-kms-key-id Customer master key (CMK) of KMS if x-cos-server-side-encryption is set to cos/kms. If this field is not specified, the default CMK created by COS will be used. For more information, please see SSE-KMS Encryption. string No
    x-cos-server-side-encryption-context Base64-encoded encryption context (key-value pairs in JSON format) if x-cos-server-side-encryption is set to cos/kms.
    Example: eyJhIjoiYXNkZmEiLCJiIjoiMTIzMzIxIn0=
    string No
    x-cos-server-side-encryption-customer-key Base64-encoded server-side encryption key
    Example: MDEyMzQ1Njc4OUFCQ0RFRjAxMjM0NTY3ODlBQkNERUY=
    string Required if SSE-C is used
    x-cos-server-side-encryption-customer-key-MD5 Base64-encoded MD5 checksum of the server-side encryption key
    Example: U5L61r7jcwdNvT7frmUG8g==
    string Required if SSE-C is used

    Signature protection

    This API requires signature-related fields to be carried in the request. COS authenticates the messages carried, and if the authentication is passed, COS executes the request. If not, COS returns an error message and discards the request.

    You can generate a signature as follows:

    1. Preparations

    Log in to the CAM console and go to Manage API Key to get the SecretId and SecretKey.

    2. Generate KeyTime

    a. Get the Unix StartTimestamp of the current time. It is the total number of seconds elapsed from January 1, 1970, 00:00:00 UTC (January 1, 1970, 08:00:00 Beijing time) till the current time.
    b. Calculate the Unix EndTimestamp for the signature to expire according to StartTimestamp and the expected validity period of the signature.
    c. Generate KeyTime by splicing the two timestamps above in StartTimestamp;EndTimestamp format.

    3. Construct a policy

    A policy is a text in JSON format. A typical policy is as follows:

    {
      "expiration": "2019-08-30T09:38:12.414Z",
      "conditions": [
          { "acl": "default" },
          { "bucket": "examplebucket-1250000000" },
          [ "starts-with", "$key", "folder/subfolder/" ],
          [ "starts-with", "$Content-Type", "image/" ],
          [ "starts-with", "$success_action_redirect", "https://my.website/" ],
          [ "eq", "$x-cos-server-side-encryption", "AES256" ],
          { "q-sign-algorithm": "sha1" },
          { "q-ak": "AKIDQjz3ltompVjBni5LitkWHFlFpwkn9U5q" },
          { "q-sign-time": "1567150692;1567157892" }
      ]
    }
    

    Where,

    • expiration: the policy’s expiration time, which is a string in ISO 8601 format.
    • conditions: an array of conditions for the policy. The conditions are described below.
    Type Description
    Exact Match Uses {" key ":" value "} or [" eq "," $ key "," value "], where key is a limited form field and value is a limited value.
    Prefix Match Uses [ "starts-with", "$key", "value" ], where key is a limited form field and value is a limited prefix that can be empty.
    Range Match Uses [ "content-length-range", minNum, maxNum ] to limit the file size to be within minNum and maxNum.

    Form fields that can be limited are as follows:

    Field Description Match Type Required
    acl ACL attribute of the object Exact/Prefix No
    bucket Bucket for upload Exact No
    key Object key. If you use the ${filename} wildcard in the object key during upload, the object key will be processed to the final object key before the policy is verified. Therefore, you should use prefix match in the policy and ${filename} should not appear. Exact/Prefix No
    content-length-range Range of the file length Range No
    Cache-Control, Content-Type, Content-Disposition, Content-Encoding, Expires Headers defined in RFC 2616, which will be returned as response headers when the object is downloaded. Exact/Prefix No
    success_action_redirect Redirection target URL when the upload succeeds Exact/Prefix No
    success_action_status HTTP status code returned when the upload succeeds Exact No
    x-cos-meta-* User-defined metadata headers Exact/Prefix No
    x-cos-* Other COS-related form fields described in this document, such as ACL- or SSE-related fields Exact No
    q-sign-algorithm Signature hash algorithm. Fixed at sha1 Exact Yes
    q-ak SecretId mentioned above Exact Yes
    q-sign-time KeyTime generated above Exact Yes
    Note:

    • Except for bucket, fields that are used for limitation in the policy must be used in the form fields. For example, if { "acl": "default" } is used, acl must be used and set to default in the form.
    • For security reasons, you are advised to use all limitable form fields.

    4. Generate SignKey

    Use HMAC-SHA1 with SecretKey as the key and KeyTime as the message to calculate the message digest (hash value, lowercase hexadecimal), that is, the SignKey (e.g., 39acc8c9f34ba5b19bce4e965b370cd3f62d2fba).

    5. Generate StringToSign

    Use SHA1 with the policy text constructed above to calculate the message digest (hash value, lowercase hexadecimal), that is, the StringToSign (e.g., d5d903b8360468bc81c1311f134989bc8c8b5b89).

    6. Generate Signature

    Use HMAC-SHA1 with SignKey (string, not binary) as the key and StringToSign (string, not binary) as the message to calculate the message digest (hash value, lowercase hexadecimal), that is, the Signature (e.g., 7758dc9a832e9d301dca704cacbf9d9f8172fdef).

    7. Attach the signature to the form

    Attach the policy and signature-related information above to the form as described in the following table:

    Parameter Description Type Required
    x-cos-security-token Security token when a temporary security token is used. For more information, please see Temporary security credentials. string No
    (Required when a temp key is used)
    policy Base64-encoded policy string Yes
    q-sign-algorithm Signature hash algorithm. Fixed at sha1 string Yes
    q-ak SecretId mentioned above string Yes
    q-key-time KeyTime generated above string Yes
    q-signature Signature generated above string Yes
    Note:

    Signature form fields should be placed before the file form field.

    Signature protection use cases

    Preparations

    Log in to the CAM console and go to the Manage API Key page to obtain your APPID, SecretId, and SecretKey. Below is an example:

    APPID SecretId SecretKey
    1250000000 AKIDQjz3ltompVjBni5LitkWHFlFpwkn9U5q BQYIM75p8x0iWVFSIgqEKwFprpRSVHlz

    Constructing a policy

    {
      "expiration": "2019-08-30T09:38:12.414Z",
      "conditions": [
          { "acl": "default" },
          { "bucket": "examplebucket-1250000000" },
          [ "starts-with", "$key", "folder/subfolder/" ],
          [ "starts-with", "$Content-Type", "image/" ],
          [ "starts-with", "$success_action_redirect", "https://my.website/" ],
          [ "eq", "$x-cos-server-side-encryption", "AES256" ],
          { "q-sign-algorithm": "sha1" },
          { "q-ak": "AKIDQjz3ltompVjBni5LitkWHFlFpwkn9U5q" },
          { "q-sign-time": "1567150692;1567157892" }
      ]
    }
    

    Intermediate variables

    • KeyTime = 1567150692;1567157892
    • SignKey = 39acc8c9f34ba5b19bce4e965b370cd3f62d2fba
    • StringToSign = d5d903b8360468bc81c1311f134989bc8c8b5b89
    • Signature = 7758dc9a832e9d301dca704cacbf9d9f8172fdef

    Signature form fields

    • policy = ewogICAgImV4cGlyYXRpb24iOiAiMjAxOS0wOC0zMFQwOTozODoxMi40MTRaIiwKI CAgICJjb25kaXRpb25zIjogWwogI CAgICAgIHsgImFjbCI6ICJkZWZhdWx0IiB9LAogICAgICAgIHsgImJ1Y2tldCI6ICJleGFtcGxlYn Vja2V0LTEyNTAwMDAwMDAiIH0sCiAgI CAgICAgWyAic3RhcnRzLXdpdGgiLCAiJGtleSIsICJmb2xkZXIvc3ViZm9sZGVyLyIgXSwKICAgICAgI CBbICJzdGFydHMtd2l0aCIsICIkQ29ud GVudC1UeXBlIiwgImltYWdlLyIgXSwKICAgICAgICBbICJzdGFydHMtd2l0aCIsICIkc3VjY2Vzc19hY3 Rpb25fcmVkaXJlY3QiLCAiaHR0cHM6Ly9te S53ZWJzaXRlLyIgXSwKICAgICAgICBbICJlcSIsICIkeC1jb3Mtc2VydmVyLXNpZGUtZW5jcnlwdGlvbiIsI CJBRVMyNTYiIF0sCiAgICAgICAgeyAic S1zaWduLWFsZ29yaXRobSI6ICJzaGExIiB9LAogICAgICAgIHsgInEtYWsiOiAiQUtJRFFqejNsdG9tc FZqQm5pNUxpdGtXSEZsRnB3a245VTVxIi B9LAogICAgICAgIHsgInEtc2lnbi10aW1lIjogIjE1NjcxNTA2OTI7MTU2NzE1Nzg5MiIgfQogICAgXQp9
    • q-sign-algorithm = sha1
    • q-ak = AKIDQjz3ltompVjBni5LitkWHFlFpwkn9U5q
    • q-key-time = 1567150692;1567157892
    • q-signature = 7758dc9a832e9d301dca704cacbf9d9f8172fdef

    Response

    Response headers

    In addition to common response headers, this API also returns the following response headers. For more information about common response headers, please see Common Response Headers.

    Header Description Type
    Location
  • If success_action_redirect is used, the value is the URL specified in success_action_redirect as well as the bucket, key, and ETag parameters (see Example 8).
  • If success_action_redirect is not used, the value is the full access URL of the object (see Example 1).
  • string

    Versioning-related headers

    If the object is uploaded to a versioning-enabled bucket, the following response headers will be returned:

    Header Description Type
    x-cos-version-id Version ID of the object string

    SSE-related headers

    If server-side encryption is used during object upload, this API will return headers used specifically for server-side encryption. For more information, please see Server-Side Encryption Headers.

    Response body

    The response body of this API is empty.

    Error codes

    This API returns common error responses and error codes. For more information, please see Error Codes.

    Examples

    Example 1: simple use case (with versioning disabled)

    Request

    POST / HTTP/1.1
    Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
    Date: Thu, 29 Aug 2019 07:39:34 GMT
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZBPbaoYE2gqeB21N
    Content-Length: 1119
    Connection: close

    ------WebKitFormBoundaryZBPbaoYE2gqeB21N
    Content-Disposition: form-data; name="key"

    exampleobject
    ------WebKitFormBoundaryZBPbaoYE2gqeB21N
    Content-Disposition: form-data; name="policy"

    eyJjb25kaXRpb25zIjpbeyJxLXNpZ24tYWxnb3JpdGhtIjoic2hhMSJ9LHsicS1hayI6IkFLSUQ4QTBmQlZ0WUZyTm0wMm9ZMWcxSlFRRjBjM0pPNk5FdSJ9LHsicS1zaWduLXRpbWUiOiIxNTY3MDY0Mzc0OzE1NjcwNzE1NzQifV0sImV4cGlyYXRpb24iOiIyMDE5LTA4LTI5VDA5OjM5OjM0LjQ3MVoifQ==
    ------WebKitFormBoundaryZBPbaoYE2gqeB21N
    Content-Disposition: form-data; name="q-sign-algorithm"

    sha1
    ------WebKitFormBoundaryZBPbaoYE2gqeB21N
    Content-Disposition: form-data; name="q-ak"

    AKID8A0fBVtYFrNm02oY1g1JQQF0c3JO****
    ------WebKitFormBoundaryZBPbaoYE2gqeB21N
    Content-Disposition: form-data; name="q-key-time"

    1567064374;1567071574
    ------WebKitFormBoundaryZBPbaoYE2gqeB21N
    Content-Disposition: form-data; name="q-signature"

    74ba120129a13d8f0e19479fbdc01bca3bca****
    ------WebKitFormBoundaryZBPbaoYE2gqeB21N
    Content-Disposition: form-data; name="file"; filename="example.jpg"
    Content-Type: image/jpeg

    [Object Content]
    ------WebKitFormBoundaryZBPbaoYE2gqeB21N--

    Response

    HTTP/1.1 204 
    Content-Length: 0
    Connection: close
    Date: Thu, 29 Aug 2019 07:39:34 GMT
    ETag: "ee8de918d05640145b18f70f4c3aa602"
    Location: http://examplebucket-1250000000.cos.ap-beijing.myqcloud.com/exampleobject
    Server: tencent-cos
    x-cos-request-id: NWQ2NzgxMzZfMmViMDJhMDlfY2NjOF84NGQz****
    

    Example 2: specifying metadata and ACL using form fields

    Request

    POST / HTTP/1.1
    Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
    Date: Thu, 29 Aug 2019 07:39:34 GMT
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundary9JtEhEGHSdx8Patg
    Content-Length: 2146
    Connection: close

    ------WebKitFormBoundary9JtEhEGHSdx8Patg
    Content-Disposition: form-data; name="key"

    exampleobject
    ------WebKitFormBoundary9JtEhEGHSdx8Patg
    Content-Disposition: form-data; name="acl"

    public-read
    ------WebKitFormBoundary9JtEhEGHSdx8Patg
    Content-Disposition: form-data; name="Cache-Control"

    max-age=86400
    ------WebKitFormBoundary9JtEhEGHSdx8Patg
    Content-Disposition: form-data; name="Content-Disposition"

    attachment; filename=example.jpg
    ------WebKitFormBoundary9JtEhEGHSdx8Patg
    Content-Disposition: form-data; name="Content-Type"

    image/jpeg
    ------WebKitFormBoundary9JtEhEGHSdx8Patg
    Content-Disposition: form-data; name="x-cos-meta-example-field"

    example-value
    ------WebKitFormBoundary9JtEhEGHSdx8Patg
    Content-Disposition: form-data; name="Content-MD5"

    7o3pGNBWQBRbGPcPTDqmAg==
    ------WebKitFormBoundary9JtEhEGHSdx8Patg
    Content-Disposition: form-data; name="policy"

    eyJjb25kaXRpb25zIjpbeyJhY2wiOiJwdWJsaWMtcmVhZCJ9LHsiYnVja2V0IjoiZXhhbXBsZWJ1Y2tldC0xMjUyMjQ2NTU1In0seyJrZXkiOiJleGFtcGxlb2JqZWN0In0sWyJlcSIsIiRDb250ZW50LURpc3Bvc2l0aW9uIiwiYXR0YWNobWVudDsgZmlsZW5hbWU9ZXhhbXBsZS5qcGciXSxbInN0YXJ0cy13aXRoIiwiJENvbnRlbnQtVHlwZSIsImltYWdlLyJdLFsiZXEiLCIkeC1jb3MtbWV0YS1leGFtcGxlLWZpZWxkIiwiZXhhbXBsZS12YWx1ZSJdLHsicS1zaWduLWFsZ29yaXRobSI6InNoYTEifSx7InEtYWsiOiJBS0lEOEEwZkJWdFlGck5tMDJvWTFnMUpRUUYwYzNKTzZORXUifSx7InEtc2lnbi10aW1lIjoiMTU2NzA2NDM3NDsxNTY3MDcxNTc0In1dLCJleHBpcmF0aW9uIjoiMjAxOS0wOC0yOVQwOTozOTozNC45MzdaIn0=
    ------WebKitFormBoundary9JtEhEGHSdx8Patg
    Content-Disposition: form-data; name="q-sign-algorithm"

    sha1
    ------WebKitFormBoundary9JtEhEGHSdx8Patg
    Content-Disposition: form-data; name="q-ak"

    AKID8A0fBVtYFrNm02oY1g1JQQF0c3JO****
    ------WebKitFormBoundary9JtEhEGHSdx8Patg
    Content-Disposition: form-data; name="q-key-time"

    1567064374;1567071574
    ------WebKitFormBoundary9JtEhEGHSdx8Patg
    Content-Disposition: form-data; name="q-signature"

    228a89b5f7b8fce7fdfa4a3b36cfb5a5eafb****
    ------WebKitFormBoundary9JtEhEGHSdx8Patg
    Content-Disposition: form-data; name="file"; filename="example.jpg"
    Content-Type: image/jpeg

    [Object Content]
    ------WebKitFormBoundary9JtEhEGHSdx8Patg--

    Response

    HTTP/1.1 204 
    Content-Length: 0
    Connection: close
    Date: Thu, 29 Aug 2019 07:39:35 GMT
    ETag: "ee8de918d05640145b18f70f4c3aa602"
    Location: http://examplebucket-1250000000.cos.ap-beijing.myqcloud.com/exampleobject
    Server: tencent-cos
    x-cos-request-id: NWQ2NzgxMzdfM2NhZjJhMDlfMTQzYV84Nzhh****
    

    Example 3: using server-side encryption SSE-COS

    Request

    POST / HTTP/1.1
    Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
    Date: Thu, 29 Aug 2019 07:39:35 GMT
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBVaHvBJQJnQrAxKY
    Content-Length: 1296
    Connection: close

    ------WebKitFormBoundaryBVaHvBJQJnQrAxKY
    Content-Disposition: form-data; name="key"

    exampleobject
    ------WebKitFormBoundaryBVaHvBJQJnQrAxKY
    Content-Disposition: form-data; name="x-cos-server-side-encryption"

    AES256
    ------WebKitFormBoundaryBVaHvBJQJnQrAxKY
    Content-Disposition: form-data; name="policy"

    eyJjb25kaXRpb25zIjpbeyJ4LWNvcy1zZXJ2ZXItc2lkZS1lbmNyeXB0aW9uIjoiQUVTMjU2In0seyJxLXNpZ24tYWxnb3JpdGhtIjoic2hhMSJ9LHsicS1hayI6IkFLSUQ4QTBmQlZ0WUZyTm0wMm9ZMWcxSlFRRjBjM0pPNk5FdSJ9LHsicS1zaWduLXRpbWUiOiIxNTY3MDY0Mzc1OzE1NjcwNzE1NzUifV0sImV4cGlyYXRpb24iOiIyMDE5LTA4LTI5VDA5OjM5OjM1LjUyN1oifQ==
    ------WebKitFormBoundaryBVaHvBJQJnQrAxKY
    Content-Disposition: form-data; name="q-sign-algorithm"

    sha1
    ------WebKitFormBoundaryBVaHvBJQJnQrAxKY
    Content-Disposition: form-data; name="q-ak"

    AKID8A0fBVtYFrNm02oY1g1JQQF0c3JO****
    ------WebKitFormBoundaryBVaHvBJQJnQrAxKY
    Content-Disposition: form-data; name="q-key-time"

    1567064375;1567071575
    ------WebKitFormBoundaryBVaHvBJQJnQrAxKY
    Content-Disposition: form-data; name="q-signature"

    65f3f8864bb1b271e1235d1ec7d1cb508ffa****
    ------WebKitFormBoundaryBVaHvBJQJnQrAxKY
    Content-Disposition: form-data; name="file"; filename="example.jpg"
    Content-Type: image/jpeg

    [Object Content]
    ------WebKitFormBoundaryBVaHvBJQJnQrAxKY--

    Response

    HTTP/1.1 204 
    Content-Length: 0
    Connection: close
    Date: Thu, 29 Aug 2019 07:39:35 GMT
    ETag: "ee8de918d05640145b18f70f4c3aa602"
    Location: http://examplebucket-1250000000.cos.ap-beijing.myqcloud.com/exampleobject
    Server: tencent-cos
    x-cos-request-id: NWQ2NzgxMzdfMTljMDJhMDlfNTg4ZF84Njgx****
    x-cos-server-side-encryption: AES256
    

    Example 4: using server-side encryption SSE-C

    Request

    POST / HTTP/1.1
    Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
    Date: Thu, 29 Aug 2019 07:39:36 GMT
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryYa6H7Gd4xuhlyfJb
    Content-Length: 1667
    Connection: close

    ------WebKitFormBoundaryYa6H7Gd4xuhlyfJb
    Content-Disposition: form-data; name="key"

    exampleobject
    ------WebKitFormBoundaryYa6H7Gd4xuhlyfJb
    Content-Disposition: form-data; name="x-cos-server-side-encryption-customer-algorithm"

    AES256
    ------WebKitFormBoundaryYa6H7Gd4xuhlyfJb
    Content-Disposition: form-data; name="x-cos-server-side-encryption-customer-key"

    MDEyMzQ1Njc4OUFCQ0RFRjAxMjM0NTY3ODlBQkNERUY=
    ------WebKitFormBoundaryYa6H7Gd4xuhlyfJb
    Content-Disposition: form-data; name="x-cos-server-side-encryption-customer-key-MD5"

    U5L61r7jcwdNvT7frmUG8g==
    ------WebKitFormBoundaryYa6H7Gd4xuhlyfJb
    Content-Disposition: form-data; name="policy"

    eyJjb25kaXRpb25zIjpbeyJ4LWNvcy1zZXJ2ZXItc2lkZS1lbmNyeXB0aW9uLWN1c3RvbWVyLWFsZ29yaXRobSI6IkFFUzI1NiJ9LHsicS1zaWduLWFsZ29yaXRobSI6InNoYTEifSx7InEtYWsiOiJBS0lEOEEwZkJWdFlGck5tMDJvWTFnMUpRUUYwYzNKTzZORXUifSx7InEtc2lnbi10aW1lIjoiMTU2NzA2NDM3NjsxNTY3MDcxNTc2In1dLCJleHBpcmF0aW9uIjoiMjAxOS0wOC0yOVQwOTozOTozNi4wODdaIn0=
    ------WebKitFormBoundaryYa6H7Gd4xuhlyfJb
    Content-Disposition: form-data; name="q-sign-algorithm"

    sha1
    ------WebKitFormBoundaryYa6H7Gd4xuhlyfJb
    Content-Disposition: form-data; name="q-ak"

    AKID8A0fBVtYFrNm02oY1g1JQQF0c3JO****
    ------WebKitFormBoundaryYa6H7Gd4xuhlyfJb
    Content-Disposition: form-data; name="q-key-time"

    1567064376;1567071576
    ------WebKitFormBoundaryYa6H7Gd4xuhlyfJb
    Content-Disposition: form-data; name="q-signature"

    0273a4b4ede39d0e5162758e145ea0c3e9ef****
    ------WebKitFormBoundaryYa6H7Gd4xuhlyfJb
    Content-Disposition: form-data; name="file"; filename="example.jpg"
    Content-Type: image/jpeg

    [Object Content]
    ------WebKitFormBoundaryYa6H7Gd4xuhlyfJb--

    Response

    HTTP/1.1 204 
    Content-Length: 0
    Connection: close
    Date: Thu, 29 Aug 2019 07:39:36 GMT
    ETag: "582d9105f71525f3c161984bc005efb5"
    Location: http://examplebucket-1250000000.cos.ap-beijing.myqcloud.com/exampleobject
    Server: tencent-cos
    x-cos-request-id: NWQ2NzgxMzhfMzdiMDJhMDlfNDA4YV84MzQx****
    x-cos-server-side-encryption-customer-algorithm: AES256
    x-cos-server-side-encryption-customer-key-MD5: U5L61r7jcwdNvT7frmUG8g==
    

    Example 5: versioning-enabled

    Request

    POST / HTTP/1.1
    Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
    Date: Thu, 29 Aug 2019 07:40:07 GMT
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryJspR3QIUhGJLALwf
    Content-Length: 1119
    Connection: close

    ------WebKitFormBoundaryJspR3QIUhGJLALwf
    Content-Disposition: form-data; name="key"

    exampleobject
    ------WebKitFormBoundaryJspR3QIUhGJLALwf
    Content-Disposition: form-data; name="policy"

    eyJjb25kaXRpb25zIjpbeyJxLXNpZ24tYWxnb3JpdGhtIjoic2hhMSJ9LHsicS1hayI6IkFLSUQ4QTBmQlZ0WUZyTm0wMm9ZMWcxSlFRRjBjM0pPNk5FdSJ9LHsicS1zaWduLXRpbWUiOiIxNTY3MDY0NDA3OzE1NjcwNzE2MDcifV0sImV4cGlyYXRpb24iOiIyMDE5LTA4LTI5VDA5OjQwOjA3LjQ4OFoifQ==
    ------WebKitFormBoundaryJspR3QIUhGJLALwf
    Content-Disposition: form-data; name="q-sign-algorithm"

    sha1
    ------WebKitFormBoundaryJspR3QIUhGJLALwf
    Content-Disposition: form-data; name="q-ak"

    AKID8A0fBVtYFrNm02oY1g1JQQF0c3JO****
    ------WebKitFormBoundaryJspR3QIUhGJLALwf
    Content-Disposition: form-data; name="q-key-time"

    1567064407;1567071607
    ------WebKitFormBoundaryJspR3QIUhGJLALwf
    Content-Disposition: form-data; name="q-signature"

    699ad0ce7780eb559b75e88f77e95743d829****
    ------WebKitFormBoundaryJspR3QIUhGJLALwf
    Content-Disposition: form-data; name="file"; filename="example.jpg"
    Content-Type: image/jpeg

    [Object Content]
    ------WebKitFormBoundaryJspR3QIUhGJLALwf--

    Response

    HTTP/1.1 204 
    Content-Length: 0
    Connection: close
    Date: Thu, 29 Aug 2019 07:40:07 GMT
    ETag: "ee8de918d05640145b18f70f4c3aa602"
    Location: http://examplebucket-1250000000.cos.ap-beijing.myqcloud.com/exampleobject
    Server: tencent-cos
    x-cos-request-id: NWQ2NzgxNTdfNzFiNDBiMDlfMmE3ZmJfODQ1****
    x-cos-version-id: MTg0NDUxNzcwMDkzMDE3NDQ0MDU
    

    Example 6: versioning-suspended

    Request

    POST / HTTP/1.1
    Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
    Date: Thu, 29 Aug 2019 07:40:38 GMT
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryX8hd2lxTMzIBk5Li
    Content-Length: 1119
    Connection: close

    ------WebKitFormBoundaryX8hd2lxTMzIBk5Li
    Content-Disposition: form-data; name="key"

    exampleobject
    ------WebKitFormBoundaryX8hd2lxTMzIBk5Li
    Content-Disposition: form-data; name="policy"

    eyJjb25kaXRpb25zIjpbeyJxLXNpZ24tYWxnb3JpdGhtIjoic2hhMSJ9LHsicS1hayI6IkFLSUQ4QTBmQlZ0WUZyTm0wMm9ZMWcxSlFRRjBjM0pPNk5FdSJ9LHsicS1zaWduLXRpbWUiOiIxNTY3MDY0NDM4OzE1NjcwNzE2MzgifV0sImV4cGlyYXRpb24iOiIyMDE5LTA4LTI5VDA5OjQwOjM4LjA5MloifQ==
    ------WebKitFormBoundaryX8hd2lxTMzIBk5Li
    Content-Disposition: form-data; name="q-sign-algorithm"

    sha1
    ------WebKitFormBoundaryX8hd2lxTMzIBk5Li
    Content-Disposition: form-data; name="q-ak"

    AKID8A0fBVtYFrNm02oY1g1JQQF0c3JO****
    ------WebKitFormBoundaryX8hd2lxTMzIBk5Li
    Content-Disposition: form-data; name="q-key-time"

    1567064438;1567071638
    ------WebKitFormBoundaryX8hd2lxTMzIBk5Li
    Content-Disposition: form-data; name="q-signature"

    bb04222322bfb17f4d1f43833bbbac0a03aa****
    ------WebKitFormBoundaryX8hd2lxTMzIBk5Li
    Content-Disposition: form-data; name="file"; filename="example.jpg"
    Content-Type: image/jpeg

    [Object Content]
    ------WebKitFormBoundaryX8hd2lxTMzIBk5Li--

    Response

    HTTP/1.1 204 
    Content-Length: 0
    Connection: close
    Date: Thu, 29 Aug 2019 07:40:38 GMT
    ETag: "ee8de918d05640145b18f70f4c3aa602"
    Location: http://examplebucket-1250000000.cos.ap-beijing.myqcloud.com/exampleobject
    Server: tencent-cos
    x-cos-request-id: NWQ2NzgxNzZfMjFjOTBiMDlfMWY3YTFfNjY2****
    

    Example 7: using the ${filename} wildcard in the object key (key form field)

    Request

    POST / HTTP/1.1
    Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
    Date: Thu, 29 Aug 2019 12:35:07 GMT
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryHrAMWZO4BNyT0rca
    Content-Length: 1188
    Connection: close

    ------WebKitFormBoundaryHrAMWZO4BNyT0rca
    Content-Disposition: form-data; name="key"

    folder/subfolder/${filename}
    ------WebKitFormBoundaryHrAMWZO4BNyT0rca
    Content-Disposition: form-data; name="policy"

    eyJjb25kaXRpb25zIjpbWyJzdGFydHMtd2l0aCIsIiRrZXkiLCJmb2xkZXIvc3ViZm9sZGVyLyJdLHsicS1zaWduLWFsZ29yaXRobSI6InNoYTEifSx7InEtYWsiOiJBS0lEOEEwZkJWdFlGck5tMDJvWTFnMUpRUUYwYzNKTzZORXUifSx7InEtc2lnbi10aW1lIjoiMTU2NzA4MjEwNzsxNTY3MDg5MzA3In1dLCJleHBpcmF0aW9uIjoiMjAxOS0wOC0yOVQxNDozNTowNy44OTlaIn0=
    ------WebKitFormBoundaryHrAMWZO4BNyT0rca
    Content-Disposition: form-data; name="q-sign-algorithm"

    sha1
    ------WebKitFormBoundaryHrAMWZO4BNyT0rca
    Content-Disposition: form-data; name="q-ak"

    AKID8A0fBVtYFrNm02oY1g1JQQF0c3JO****
    ------WebKitFormBoundaryHrAMWZO4BNyT0rca
    Content-Disposition: form-data; name="q-key-time"

    1567082107;1567089307
    ------WebKitFormBoundaryHrAMWZO4BNyT0rca
    Content-Disposition: form-data; name="q-signature"

    3cc37f8c81e36f57506efa02d0a3b6c9d551****
    ------WebKitFormBoundaryHrAMWZO4BNyT0rca
    Content-Disposition: form-data; name="file"; filename="photo.jpg"
    Content-Type: image/jpeg

    [Object Content]
    ------WebKitFormBoundaryHrAMWZO4BNyT0rca--

    Response

    HTTP/1.1 204 
    Content-Length: 0
    Connection: close
    Date: Thu, 29 Aug 2019 12:35:08 GMT
    ETag: "ee8de918d05640145b18f70f4c3aa602"
    Location: http://examplebucket-1250000000.cos.ap-beijing.myqcloud.com/folder/subfolder/photo.jpg
    Server: tencent-cos
    x-cos-request-id: NWQ2N2M2N2NfNWZhZjJhMDlfNmUzMV84OTg4****
    

    Example 8: specifying the success_action_redirect form field

    Request

    POST / HTTP/1.1
    Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
    Date: Thu, 29 Aug 2019 08:02:29 GMT
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryJ0bRH1MwgMq5eu6H
    Content-Length: 1351
    Connection: close

    ------WebKitFormBoundaryJ0bRH1MwgMq5eu6H
    Content-Disposition: form-data; name="key"

    exampleobject
    ------WebKitFormBoundaryJ0bRH1MwgMq5eu6H
    Content-Disposition: form-data; name="success_action_redirect"

    https://my.website/upload_success.html
    ------WebKitFormBoundaryJ0bRH1MwgMq5eu6H
    Content-Disposition: form-data; name="policy"

    eyJjb25kaXRpb25zIjpbWyJzdGFydHMtd2l0aCIsIiRzdWNjZXNzX2FjdGlvbl9yZWRpcmVjdCIsImh0dHBzOi8vbXkud2Vic2l0ZS8iXSx7InEtc2lnbi1hbGdvcml0aG0iOiJzaGExIn0seyJxLWFrIjoiQUtJRDhBMGZCVnRZRnJObTAyb1kxZzFKUVFGMGMzSk82TkV1In0seyJxLXNpZ24tdGltZSI6IjE1NjcwNjU3NDk7MTU2NzA3Mjk0OSJ9XSwiZXhwaXJhdGlvbiI6IjIwMTktMDgtMjlUMTA6MDI6MjkuMjcyWiJ9
    ------WebKitFormBoundaryJ0bRH1MwgMq5eu6H
    Content-Disposition: form-data; name="q-sign-algorithm"

    sha1
    ------WebKitFormBoundaryJ0bRH1MwgMq5eu6H
    Content-Disposition: form-data; name="q-ak"

    AKID8A0fBVtYFrNm02oY1g1JQQF0c3JO****
    ------WebKitFormBoundaryJ0bRH1MwgMq5eu6H
    Content-Disposition: form-data; name="q-key-time"

    1567065749;1567072949
    ------WebKitFormBoundaryJ0bRH1MwgMq5eu6H
    Content-Disposition: form-data; name="q-signature"

    c4a8ae7411687bc3d6ed2ac9b249e87a50b5****
    ------WebKitFormBoundaryJ0bRH1MwgMq5eu6H
    Content-Disposition: form-data; name="file"; filename="example.jpg"
    Content-Type: image/jpeg

    [Object Content]
    ------WebKitFormBoundaryJ0bRH1MwgMq5eu6H--

    Response

    HTTP/1.1 303 Redirect
    Content-Length: 0
    Connection: close
    Date: Thu, 29 Aug 2019 08:02:29 GMT
    ETag: "ee8de918d05640145b18f70f4c3aa602"
    Location: https://my.website/upload_success.html?bucket=examplebucket-1250000000&key=exampleobject&etag=%22ee8de918d05640145b18f70f4c3aa602%22
    Server: tencent-cos
    x-cos-request-id: NWQ2Nzg2OTVfMTRiYjI0MDlfZGFkOV85MDA4****
    

    Example 9: specifying the success_action_status form field

    Request

    POST / HTTP/1.1
    Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
    Date: Thu, 29 Aug 2019 08:04:29 GMT
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryST9Mz8AGzCDphgJF
    Content-Length: 1270
    Connection: close

    ------WebKitFormBoundaryST9Mz8AGzCDphgJF
    Content-Disposition: form-data; name="key"

    exampleobject
    ------WebKitFormBoundaryST9Mz8AGzCDphgJF
    Content-Disposition: form-data; name="success_action_status"

    200
    ------WebKitFormBoundaryST9Mz8AGzCDphgJF
    Content-Disposition: form-data; name="policy"

    eyJjb25kaXRpb25zIjpbeyJzdWNjZXNzX2FjdGlvbl9zdGF0dXMiOiIyMDAifSx7InEtc2lnbi1hbGdvcml0aG0iOiJzaGExIn0seyJxLWFrIjoiQUtJRDhBMGZCVnRZRnJObTAyb1kxZzFKUVFGMGMzSk82TkV1In0seyJxLXNpZ24tdGltZSI6IjE1NjcwNjU4Njk7MTU2NzA3MzA2OSJ9XSwiZXhwaXJhdGlvbiI6IjIwMTktMDgtMjlUMTA6MDQ6MjkuMzI3WiJ9
    ------WebKitFormBoundaryST9Mz8AGzCDphgJF
    Content-Disposition: form-data; name="q-sign-algorithm"

    sha1
    ------WebKitFormBoundaryST9Mz8AGzCDphgJF
    Content-Disposition: form-data; name="q-ak"

    AKID8A0fBVtYFrNm02oY1g1JQQF0c3JO****
    ------WebKitFormBoundaryST9Mz8AGzCDphgJF
    Content-Disposition: form-data; name="q-key-time"

    1567065869;1567073069
    ------WebKitFormBoundaryST9Mz8AGzCDphgJF
    Content-Disposition: form-data; name="q-signature"

    e46285af04d4fb68e0624fdd0a525b6a07ab****
    ------WebKitFormBoundaryST9Mz8AGzCDphgJF
    Content-Disposition: form-data; name="file"; filename="example.jpg"
    Content-Type: image/jpeg

    [Object Content]
    ------WebKitFormBoundaryST9Mz8AGzCDphgJF--

    Response

    HTTP/1.1 200 
    Content-Length: 0
    Connection: close
    Date: Thu, 29 Aug 2019 08:04:29 GMT
    ETag: "ee8de918d05640145b18f70f4c3aa602"
    Location: http://examplebucket-1250000000.cos.ap-beijing.myqcloud.com/exampleobject
    Server: tencent-cos
    x-cos-request-id: NWQ2Nzg3MGRfZjhjODBiMDlfOGM3N184Nzdl****
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support