- Release Notes
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Bucket Management
- Bucket Overview
- Creating Buckets
- Deleting Buckets
- Querying Buckets
- Empty Buckets
- Setting Access Permission
- Setting Bucket Encryption
- Setting Hotlink Protection
- Setting Origin-Pull
- Setting Cross-Origin Access
- Setting Versioning
- Setting up a Static Website
- Setting Lifecycle
- Setting Logging
- Accessing Bucket List Using Sub-Account
- Adding Bucket Policies
- Setting INTELLIGENT TIERING
- Setting Inventory
- Domain Name Management
- Setting Bucket Tags
- Setting Cross-Bucket Replication
- Enabling Global Acceleration
- Object Management
- Uploading Objects
- Downloading Objects
- Copying Objects
- Viewing Object Information
- Searching for Objects
- Sorting and Filtering Objects
- Direct Upload to COS ARCHIVE Storage
- Modifying Storage Class
- Deleting File Fragments
- Setting Object Access Permission
- Setting Object Encryption
- Custom Headers
- Deleting an Object
- Restoring Archived Objects
- Folder Management
- Data Extraction
- Setting Object Tags
- Exporting Object URLs
- Restoring a Historical Object Version
- Batch Operation
- Monitoring Reports
- Data Processing
- Application Integration
- User Tools
- Tool Overview
- Installation and Configuration of Environment
- COSBrowser
- COSCLI (Beta)
- COSCLI Overview
- Download and Installation Configuration
- Common Commands
- Generating and Modifying Configuration Files - config
- Creating Buckets - mb
- Deleting Buckets - rb
- Querying Bucket/Object List - ls
- Obtaining Statistics on Different Types of Objects - du
- Uploading/Downloading/Copying Objects - cp
- Syncing Upload/Download/Copy - sync
- Deleting Objects - rm
- Getting File Hash Value - hash
- Listing Incomplete Multipart Uploads - lsparts
- Clearing Incomplete Multipart Uploads - abort
- Retrieving Archived Files - restore
- Getting Pre-signed URL - signurl
- FAQs
- COSCMD
- COS Migration
- FTP Server
- COSFS
- Hadoop Tool
- COSDistCp
- Hadoop-cos-DistChecker
- HDFS TO COS
- Diagnostic Tool
- GooseFS
- Update History
- Getting Started
- Key Features
- Deployment Guide
- OPS Guide
- Data Security
- GooseFS on TKE Cloud Native Practices
- Getting Started
- Using GooseFS as Fluid Dataset Runtime
- Multi-Master Node Deployment
- Multiple-Master Affinity Scheduling
- Accelerating Data in COS
- Global Client Deployment
- Using Parameters for Encryption
- Manual Scaling
- Data Caching and Metadata Caching
- Data Affinity Scheduling
- Data Scheduling Based on Tolerations and Taints
- Data Preloading
- Deploying Multiple Datasets on the Same Cluster via Placement
- Best Practice
- Overview
- Access Control and Permission Management
- ACL Practices
- Cloud Access Management Practices
- Granting Sub-accounts Access to COS
- Cases of Permission Setting
- Working with COS API Access Policies
- Temporary Key Security Guide for Frontend Direct Upload to COS
- Generating and Using Temporary Keys
- Grant Sub-account Permissions to Pull Tag List
- Granting Sub-account Under One Root Account Permission to Manipulate Buckets Under Another Root Account
- Performance Optimization
- Data Migration
- Accessing COS Using the AWS S3 SDK
- Data Disaster Recovery and Backup
- Direct Data Upload
- Domain Name Management Practice
- Data Security
- Data Verification
- Big Data Practice
- Using COS in the Third-party Applications
- Using APIs to Zip Files
- Using APIs to Merge Files
- Developer Guide
- Creating Request
- Bucket
- Object
- Data Management
- Data Disaster Recovery
- Data Security
- Cloud Access Management (CAM)
- Batch Processing
- Global Acceleration
- Data Processing
- Metadata Acceleration
- Monitoring and Alarms
- Troubleshooting
- API Documentation
- Introduction
- Common Request Headers
- Common Response Headers
- Error Codes
- Request Signature
- Operation List
- Service APIs
- Bucket APIs
- Basic Operations
- Access Control List (acl)
- Cross-Origin Resource Sharing (cors)
- Lifecycle
- Bucket Policy (policy)
- Hotlink Protection (referer)
- Tag (tagging)
- Static Website (website)
- Intelligent Tiering
- Bucket inventory(inventory)
- Versioning
- Cross-Bucket Replication(replication)
- Log Management(logging)
- Global Acceleration (Accelerate)
- Bucket Encryption (encryption)
- Custom Domain Name (Domain)
- Object APIs
- Batch Operation APIs
- Data Processing APIs
- Image Processing
- Basic Image Processing
- Scaling
- Cropping
- Rotation
- Converting Format
- Quality Change
- Gaussian Blurring
- Adjusting Brightness
- Adjusting Contrast
- Sharpening
- Image Watermarking
- Text Watermarking
- Obtaining Basic Image Information
- Obtaining Image EXIF
- Obtaining Image’s Average Hue
- Removing Image Metadata
- Quick Thumbnail Template
- Limiting Output Image Size
- Pipeline Operators
- Image Advanced Compression
- Persistent Image Processing
- Image Compression
- Basic Image Processing
- Image Processing
- SDK Documentation
- SDK Overview
- Preparations
- Android SDK
- Object Operations
- Uploading and Copying Objects
- Downloading Objects
- Moving an Object
- Listing Objects
- Deleting Objects
- Restoring an Archived Object
- Querying Object Metadata
- Generating Pre-Signed URLs
- Configuring Preflight Requests for Cross-origin Access
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Getting Started
- Quick Experience
- Bucket Operations
- Remote Disaster Recovery
- Data Management
- Cloud Access Management
- Setting Custom Headers
- Setting Access Domain Names
- Image Processing
- Troubleshooting
- Object Operations
- C SDK
- C++ SDK
- .NET(C#) SDK
- Getting Started
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Restoring Archived Objects
- Querying Object Metadata
- Getting Pre-Signed URLs
- Configuring Preflight Requests for Cross-Origin Access
- Server-Side Encryption
- Single-URL Speed Limits
- Extracting Object Content
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Backward Compatibility
- Go SDK
- iOS SDK
- Java SDK
- JavaScript SDK
- Node.js SDK
- PHP SDK
- Python SDK
- Mini Program SDK
- Error Codes
- FAQs
- Service Agreement
- Glossary
- Release Notes
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Bucket Management
- Bucket Overview
- Creating Buckets
- Deleting Buckets
- Querying Buckets
- Empty Buckets
- Setting Access Permission
- Setting Bucket Encryption
- Setting Hotlink Protection
- Setting Origin-Pull
- Setting Cross-Origin Access
- Setting Versioning
- Setting up a Static Website
- Setting Lifecycle
- Setting Logging
- Accessing Bucket List Using Sub-Account
- Adding Bucket Policies
- Setting INTELLIGENT TIERING
- Setting Inventory
- Domain Name Management
- Setting Bucket Tags
- Setting Cross-Bucket Replication
- Enabling Global Acceleration
- Object Management
- Uploading Objects
- Downloading Objects
- Copying Objects
- Viewing Object Information
- Searching for Objects
- Sorting and Filtering Objects
- Direct Upload to COS ARCHIVE Storage
- Modifying Storage Class
- Deleting File Fragments
- Setting Object Access Permission
- Setting Object Encryption
- Custom Headers
- Deleting an Object
- Restoring Archived Objects
- Folder Management
- Data Extraction
- Setting Object Tags
- Exporting Object URLs
- Restoring a Historical Object Version
- Batch Operation
- Monitoring Reports
- Data Processing
- Application Integration
- User Tools
- Tool Overview
- Installation and Configuration of Environment
- COSBrowser
- COSCLI (Beta)
- COSCLI Overview
- Download and Installation Configuration
- Common Commands
- Generating and Modifying Configuration Files - config
- Creating Buckets - mb
- Deleting Buckets - rb
- Querying Bucket/Object List - ls
- Obtaining Statistics on Different Types of Objects - du
- Uploading/Downloading/Copying Objects - cp
- Syncing Upload/Download/Copy - sync
- Deleting Objects - rm
- Getting File Hash Value - hash
- Listing Incomplete Multipart Uploads - lsparts
- Clearing Incomplete Multipart Uploads - abort
- Retrieving Archived Files - restore
- Getting Pre-signed URL - signurl
- FAQs
- COSCMD
- COS Migration
- FTP Server
- COSFS
- Hadoop Tool
- COSDistCp
- Hadoop-cos-DistChecker
- HDFS TO COS
- Diagnostic Tool
- GooseFS
- Update History
- Getting Started
- Key Features
- Deployment Guide
- OPS Guide
- Data Security
- GooseFS on TKE Cloud Native Practices
- Getting Started
- Using GooseFS as Fluid Dataset Runtime
- Multi-Master Node Deployment
- Multiple-Master Affinity Scheduling
- Accelerating Data in COS
- Global Client Deployment
- Using Parameters for Encryption
- Manual Scaling
- Data Caching and Metadata Caching
- Data Affinity Scheduling
- Data Scheduling Based on Tolerations and Taints
- Data Preloading
- Deploying Multiple Datasets on the Same Cluster via Placement
- Best Practice
- Overview
- Access Control and Permission Management
- ACL Practices
- Cloud Access Management Practices
- Granting Sub-accounts Access to COS
- Cases of Permission Setting
- Working with COS API Access Policies
- Temporary Key Security Guide for Frontend Direct Upload to COS
- Generating and Using Temporary Keys
- Grant Sub-account Permissions to Pull Tag List
- Granting Sub-account Under One Root Account Permission to Manipulate Buckets Under Another Root Account
- Performance Optimization
- Data Migration
- Accessing COS Using the AWS S3 SDK
- Data Disaster Recovery and Backup
- Direct Data Upload
- Domain Name Management Practice
- Data Security
- Data Verification
- Big Data Practice
- Using COS in the Third-party Applications
- Using APIs to Zip Files
- Using APIs to Merge Files
- Developer Guide
- Creating Request
- Bucket
- Object
- Data Management
- Data Disaster Recovery
- Data Security
- Cloud Access Management (CAM)
- Batch Processing
- Global Acceleration
- Data Processing
- Metadata Acceleration
- Monitoring and Alarms
- Troubleshooting
- API Documentation
- Introduction
- Common Request Headers
- Common Response Headers
- Error Codes
- Request Signature
- Operation List
- Service APIs
- Bucket APIs
- Basic Operations
- Access Control List (acl)
- Cross-Origin Resource Sharing (cors)
- Lifecycle
- Bucket Policy (policy)
- Hotlink Protection (referer)
- Tag (tagging)
- Static Website (website)
- Intelligent Tiering
- Bucket inventory(inventory)
- Versioning
- Cross-Bucket Replication(replication)
- Log Management(logging)
- Global Acceleration (Accelerate)
- Bucket Encryption (encryption)
- Custom Domain Name (Domain)
- Object APIs
- Batch Operation APIs
- Data Processing APIs
- Image Processing
- Basic Image Processing
- Scaling
- Cropping
- Rotation
- Converting Format
- Quality Change
- Gaussian Blurring
- Adjusting Brightness
- Adjusting Contrast
- Sharpening
- Image Watermarking
- Text Watermarking
- Obtaining Basic Image Information
- Obtaining Image EXIF
- Obtaining Image’s Average Hue
- Removing Image Metadata
- Quick Thumbnail Template
- Limiting Output Image Size
- Pipeline Operators
- Image Advanced Compression
- Persistent Image Processing
- Image Compression
- Basic Image Processing
- Image Processing
- SDK Documentation
- SDK Overview
- Preparations
- Android SDK
- Object Operations
- Uploading and Copying Objects
- Downloading Objects
- Moving an Object
- Listing Objects
- Deleting Objects
- Restoring an Archived Object
- Querying Object Metadata
- Generating Pre-Signed URLs
- Configuring Preflight Requests for Cross-origin Access
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Getting Started
- Quick Experience
- Bucket Operations
- Remote Disaster Recovery
- Data Management
- Cloud Access Management
- Setting Custom Headers
- Setting Access Domain Names
- Image Processing
- Troubleshooting
- Object Operations
- C SDK
- C++ SDK
- .NET(C#) SDK
- Getting Started
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Restoring Archived Objects
- Querying Object Metadata
- Getting Pre-Signed URLs
- Configuring Preflight Requests for Cross-Origin Access
- Server-Side Encryption
- Single-URL Speed Limits
- Extracting Object Content
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Backward Compatibility
- Go SDK
- iOS SDK
- Java SDK
- JavaScript SDK
- Node.js SDK
- PHP SDK
- Python SDK
- Mini Program SDK
- Error Codes
- FAQs
- Service Agreement
- Glossary
Getting Pre-Signed URLs
Last updated: 2022-01-17 12:46:49
Overview
The Python SDK provides APIs to obtain request signatures, pre-signed URLs, and pre-signed download URLs for request distribution.
The method for getting a pre-signed URL is the same whether you are using permanent or temporary keys, with the only difference being that the latter requires x-cos-security-token included in the header or query_string.
Note:
- When getting a signature, you are strongly advised to include sensitive request headers and parameters in the signature to prevent related request headers and parameters from being tampered with by users and prevent permission trespassing. In addition, the SDK will include the requested domain name in the signature by default. If the requested domain name is modified after distribution, the access will fail. In this case, you can ignore the requested domain name in the input parameters when getting the signature. See the request examples below for details.
- You are advised to use a temporary key to generate a pre-signed URL for the security of your requests such as uploads and downloads. When you apply for a temporary key, follow the Principle of Least Privilege to avoid leaking resources besides your buckets and objects.
- If you need to use a permanent key to generate a pre-signed URL, you are advised to limit the permission of the permanent key to uploads and downloads only to avoid risks.
Getting Pre-Signed URLs
Description
The SDK allows you to get a pre-signed URL that can be used for distribution purposes.
Method prototype
get_presigned_url(Bucket, Key, Method, Expired=300, Params={}, Headers={})
Sample request 1. Generate a pre-signed upload URL
# -*- coding=utf-8
from qcloud_cos import CosConfig
from qcloud_cos import CosS3Client
import sys
import logging
import requests
# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print the communication information of the client.
logging.basicConfig(level=logging.INFO, stream=sys.stdout)
# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.
secret_id = 'SecretId' # Replace it with the actual SecretId, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
secret_key = 'SecretKey' # Replace it with the actual SecretKey, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
region = 'ap-beijing' # Replace it with the actual region, which can be viewed in the console at https://console.cloud.tencent.com/cos5/bucket
# For the list of regions supported by COS, see https://intl.cloud.tencent.com/document/product/436/6224?from_cn_redirect=1
token = None # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, see https://intl.cloud.tencent.com/document/product/436/14048?from_cn_redirect=1
scheme = 'https' # Specify whether to use HTTP or HTTPS protocol to access COS. This is optional and is https by default.
config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)
client = CosS3Client(config)
# Generate an upload URL without specifying request headers and parameters
url = client.get_presigned_url(
Method='PUT',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(url)
# Generate an upload URL with a specified storage class and upload speed
url = client.get_presigned_url(
Method='PUT',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Headers={
'x-cos-storage-class':'STANDARD_IA',
'x-cos-traffic-limit':'819200' # The pre-signed URL itself does not include request headers, but request headers are signed in the signature. Therefore, the URL must carry request headers and their values specified here.
},
Expired=300 # Expire in 300 seconds. Specify the expiration time as needed.
)
print(url)
# Generate an upload URL that can only be used to upload specified file content
url = client.get_presigned_url(
Method='PUT',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Headers={'Content-MD5':'string'}, # When the URL is used to upload an object, an MD5 request header must be carried, and the value of the request header must be the value specified here, thus limiting the content of the file.
Expired=300 # Expire in 300 seconds. Specify the expiration time as needed.
)
print(url)
# Generate an upload URL that can only be used for ACL upload
url = client.get_presigned_url(
Method='PUT',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Params={'acl':''}, # If a request parameter is specified, it will be carried in the URL and included in the signature, and its value cannot be modified by users.
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(url)
# Generate an upload URL, where the request domain name is not signed and users need to modify the request domain name before usage
url = client.get_presigned_url(
Method='PUT',
Bucket='examplebucket-1250000000',
Key='exampleobject',
SignHost=False, # Exclude the request domain name from the signature. This setting will bring certain security risks. Use it only when you need to allow users to modify the request domain name after signing.
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(url)
# Use an upload URL
response = requests.put(url=url, data=b'123')
print(response)
Sample request 2. Generate a pre-signed download URL
# -*- coding=utf-8
from qcloud_cos import CosConfig
from qcloud_cos import CosS3Client
import sys
import logging
import requests
# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print the communication information of the client.
logging.basicConfig(level=logging.INFO, stream=sys.stdout)
# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.
secret_id = 'SecretId' # Replace it with the actual SecretId, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
secret_key = 'SecretKey' # Replace it with the actual SecretKey, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
region = 'ap-beijing' # Replace it with the actual region, which can be viewed in the console at https://console.cloud.tencent.com/cos5/bucket
# For the list of regions supported by COS, see https://intl.cloud.tencent.com/document/product/436/6224?from_cn_redirect=1
token = None # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, see https://intl.cloud.tencent.com/document/product/436/14048?from_cn_redirect=1
scheme = 'https' # Specify whether to use HTTP or HTTPS protocol to access COS. This is optional and is https by default.
config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)
client = CosS3Client(config)
# Generate a download URL without specifying request headers and parameters
url = client.get_presigned_url(
Method='GET',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(url)
# Generate a download URL, specifying the `content-disposition` header in the response to save the file in the browser instead of displaying it
url = client.get_presigned_url(
Method='GET',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Params={
'response-content-disposition':'attachment; filename=example.xlsx' # Save the object as a specified file during download
# Other request parameters supported in addition to `response-content-disposition` include `response-cache-control`, `response-content-encoding`, `response-content-language`,
# `response-content-type`, and `response-expires`. For more information, see the object download API at https://intl.cloud.tencent.com/document/product/436/7753?from_cn_redirect=1.
},
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(url)
# Generate a download URL with a specified download speed
url = client.get_presigned_url(
Method='GET',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Headers={'x-cos-traffic-limit':'819200'}, # The pre-signed URL itself does not include request headers, but request headers are included in the signature. Therefore, the URL must carry the request headers and their values specified here.
Expired=300 # Expire in 300 seconds. Specify the expiration time as needed.
)
print(url)
# Generate a download URL that can only be used for ACL download
url = client.get_presigned_url(
Method='GET',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Params={'acl':''}, # If a request parameter is specified, it will be carried in the URL and included in the signature, and its value cannot be modified by users.
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(url)
# Generate a download URL that does not include the request domain name in the signature and is used when users need to modify the request domain name after signing
url = client.get_presigned_url(
Method='GET',
Bucket='examplebucket-1250000000',
Key='exampleobject',
SignHost=False, # Exclude the request domain name from the signature. This setting will bring certain security risks. Use it only when you need to allow users to modify the request domain name after signing.
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(url)
# Use the download URL
response = requests.get(url)
print(response)
Sample request 3. Generate a pre-signed download URL with a temporary key
# -*- coding=utf-8
from qcloud_cos import CosConfig
from qcloud_cos import CosS3Client
import sys
import logging
import requests
# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print the communication information of the client.
logging.basicConfig(level=logging.INFO, stream=sys.stdout)
# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.
secret_id = 'SecretId' # Replace it with the actual SecretId, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
secret_key = 'SecretKey' # Replace it with the actual SecretKey, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
region = 'ap-beijing' # Replace it with the actual region, which can be viewed in the console at https://console.cloud.tencent.com/cos5/bucket
# For the list of regions supported by COS, see https://intl.cloud.tencent.com/document/product/436/6224?from_cn_redirect=1
token = None # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, see https://intl.cloud.tencent.com/document/product/436/14048?from_cn_redirect=1
scheme = 'https' # Specify whether to use HTTP or HTTPS protocol to access COS. This is optional and is https by default.
config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)
client = CosS3Client(config)
# Generate a download URL
url = client.get_presigned_url(
Method='GET',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Headers={'x-cos-traffic-limit':'819200'}, # The pre-signed URL itself does not include request headers, but request headers are included in the signature. Therefore, the URL must carry the request headers and their values specified here.
Params={
'x-cos-security-token': 'string' # If you use a temporary key, you need to enter the token as a request parameter.
},
Expired=120, # Expire in 120 seconds. Specify the expiration time as needed.
SignHost=False # Do not sign the request domain name. This setting will bring certain security risks. Use it only when you need to allow users to modify the request domain name after signing.
)
print(url)
# Use the download URL
response = requests.get(url)
print(response)
Sample request with all parameters
response = client.get_presigned_url(
Bucket='examplebucket-1250000000',
Key='exampleobject',
Method='PUT'|'POST'|'GET'|'DELETE'|'HEAD',
Expired=300,
Headers={
'header1': 'string',
'header2': 'string',
},
Params={
'param1': 'string',
'param2': 'string'
},
SignHost=True|False
)
Parameter description
| Parameter | Description | Type | Required |
|---|---|---|---|
| Bucket | Bucket name in the format of BucketName-APPID |
String | Yes |
| Key | Object key, which uniquely identifies an object in a bucket. For example, if an object’s access endpoint is examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com/doc/pic.jpg, its key is doc/pic.jpg. |
String | Yes |
| Method | Operation method. Valid values: 'PUT', 'POST', 'GET', 'DELETE', 'HEAD' | String | Yes |
| Expired | Specifies the time in seconds before a signature expires | Int | No |
| Params | Request parameters in a pre-signed URL. If a request parameter is specified, it will be carried in the URL and included in the signature, and its value cannot be modified by users. The request parameters that can be signed depend on the corresponding operations. For example, for request parameters that can be carried and signed for object download, see the description of the request parameters of the GET Object API. | Dict | No |
| Headers | Request headers that need to be signed in a pre-signed URL. The pre-signed URL itself does not include request headers, but request headers are included in the signature. Therefore, the URL must carry the request headers and their values specified by this parameter. The request headers that can be signed depend on the corresponding operations. For example, for request headers that can be signed for object upload, see the description of the request headers of the PUT Object API. | Dict | No |
| SignHost | Whether to include the request domain name in the signature. The default value is True. To allow users to modify the request domain name after signing, set this parameter to False. |
Bool | No |
Response description
A pre-signed URL is returned upon success.
Getting Pre-Signed Download URLs
Description
The SDK allows you to get a pre-signed download URL that can be used to directly download an object.
Method prototype
get_presigned_download_url(Bucket, Key, Expired=300, Params={}, Headers={})
Sample request
# -*- coding=utf-8
from qcloud_cos import CosConfig
from qcloud_cos import CosS3Client
import sys
import logging
import requests
# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print the communication information of the client.
logging.basicConfig(level=logging.INFO, stream=sys.stdout)
# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.
secret_id = 'SecretId' # Replace it with the actual SecretId, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
secret_key = 'SecretKey' # Replace it with the actual SecretKey, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
region = 'ap-beijing' # Replace it with the actual region, which can be viewed in the console at https://console.cloud.tencent.com/cos5/bucket
# For the list of regions supported by COS, see https://intl.cloud.tencent.com/document/product/436/6224?from_cn_redirect=1
token = None # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, see https://intl.cloud.tencent.com/document/product/436/14048?from_cn_redirect=1
scheme = 'https' # Specify whether to use HTTP or HTTPS protocol to access COS. This is optional and is https by default.
config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)
client = CosS3Client(config)
# Generate a download URL without specifying request headers and parameters
url = client.get_presigned_download_url(
Bucket='examplebucket-1250000000',
Key='exampleobject',
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(url)
# Generate a download URL, specifying the `content-disposition` header in the response to save the file in the browser instead of displaying it
url = client.get_presigned_download_url(
Bucket='examplebucket-1250000000',
Key='exampleobject',
Params={
'response-content-disposition':'attachment; filename=example.xlsx' # Save the object as a specified file during download
# Other request parameters supported in addition to `response-content-disposition` include `response-cache-control`, `response-content-encoding`, `response-content-language`,
# `response-content-type`, and `response-expires`. For more information, see the object download API at https://intl.cloud.tencent.com/document/product/436/7753?from_cn_redirect=1.
},
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(url)
# Generate a download URL with a specified download speed
url = client.get_presigned_download_url(
Bucket='examplebucket-1250000000',
Key='exampleobject',
Headers={'x-cos-traffic-limit':'819200'}, # The pre-signed URL itself does not include request headers, but request headers are included in the signature. Therefore, the URL must carry the request headers and their values specified here.
Expired=300 # Expire in 300 seconds. Specify the expiration time as needed.
)
print(url)
# Generate a download URL that can only be used for ACL download
url = client.get_presigned_download_url(
Bucket='examplebucket-1250000000',
Key='exampleobject',
Params={'acl':''}, # If a request parameter is specified, it will be carried in the URL and included in the signature, and its value cannot be modified by users.
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(url)
# Generate a download URL that does not include the request domain name in the signature and is used when users need to modify the request domain name after signing
url = client.get_presigned_download_url(
Bucket='examplebucket-1250000000',
Key='exampleobject',
SignHost=False, # Exclude the request domain name from the signature. This setting will bring certain security risks. Use it only when you need to allow users to modify the request domain name after signing.
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(url)
# Generate a download URL with a temporary key
url = client.get_presigned_download_url(
Bucket='examplebucket-1250000000',
Key='exampleobject',
Params={
'x-cos-security-token': 'string' # Token is required for temporary keys but not permanent keys.
}
)
print(url)
# Use the download URL
response = requests.get(url)
print(response)
Sample request with all parameters
response = client.get_presigned_download_url(
Bucket='examplebucket-1250000000',
Key='exampleobject',
Expired=300,
Headers={
'header1': 'string'
},
Params={
'param1': 'string',
'param2': 'string'
},
SignHost=True|False
)
Parameter description
| Parameter | Description | Type | Required |
|---|---|---|---|
| Bucket | Bucket name in the format of BucketName-APPID |
String | Yes |
| Key | Object key, which uniquely identifies an object in a bucket. For example, if an object’s access endpoint is examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com/doc/pic.jpg, its key is doc/pic.jpg. |
String | Yes |
| Expired | Specifies the time in seconds before a signature expires | Int | No |
| Params | Request parameters in a pre-signed URL. If a request parameter is specified, it will be carried in the URL and included in the signature, and its value cannot be modified by users. The request parameters that can be signed depend on the corresponding operations. For example, for request parameters that can be carried and signed for object download, see the description of the request parameters of the GET Object API. | Dict | No |
| Headers | Request headers that need to be signed in a pre-signed URL. The pre-signed URL itself does not include request headers, but request headers are included in the signature. Therefore, the URL must carry the request headers and their values specified by this parameter. The request headers that can be signed depend on the corresponding operations. For example, for request headers that can be signed for object upload, see the description of the request headers of the PUT Object API. | Dict | No |
| SignHost | Whether to include the request domain name in the signature. The default value is True. To allow users to modify the request domain name after signing, set this parameter to False. |
Bool | No |
Response description
A pre-signed download URL is returned upon success.
Getting Signatures
Description
The SDK allows you to obtain a signature for a specified operation. This feature is commonly used for signature distribution to mobile devices.
Method prototype
get_auth(Method, Bucket, Key, Expired=300, Headers={}, Params={})
Sample request 1. Generate an upload signature
# -*- coding=utf-8
from qcloud_cos import CosConfig
from qcloud_cos import CosS3Client
import sys
import logging
# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print the communication information of the client.
logging.basicConfig(level=logging.INFO, stream=sys.stdout)
# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.
secret_id = 'SecretId' # Replace it with the actual SecretId, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
secret_key = 'SecretKey' # Replace it with the actual SecretKey, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
region = 'ap-beijing' # Replace it with the actual region, which can be viewed in the console at https://console.cloud.tencent.com/cos5/bucket
# For the list of regions supported by COS, see https://intl.cloud.tencent.com/document/product/436/6224?from_cn_redirect=1
token = None # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, see https://intl.cloud.tencent.com/document/product/436/14048?from_cn_redirect=1
scheme = 'https' # Specify whether to use HTTP or HTTPS protocol to access COS. This is optional and is https by default.
config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)
client = CosS3Client(config)
# Generate an upload signature without specifying request headers and parameters
response = client.get_auth(
Method='PUT',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(response)
# Generate an upload signature with a specified storage class and upload speed
response = client.get_auth(
Method='PUT',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Headers={
'x-cos-storage-class':'STANDARD_IA',
'x-cos-traffic-limit':'819200' # When the signature is used, this URL speed limiting request header and its value specified here must be carried.
},
Expired=300 # Expire in 300 seconds. Specify the expiration time as needed.
)
print(response)
# Generate an upload signature that can only be used to upload specified file content
response = client.get_auth(
Method='PUT',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Headers={'Content-MD5':'string'}, # When the signature is used, this MD5 request header must be carried, and the value of the request header must be the value specified here, thus limiting the content of the file.
Expired=300 # Expire in 300 seconds. Specify the expiration time as needed.
)
print(response)
# Generate an upload signature that can only be used for ACL upload
response = client.get_auth(
Method='PUT',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Params={'acl':''}, # When the signature is used, this ACL request parameter must be carried so that the request can only be used for object ACL upload.
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(response)
# Generate an upload signature that does not include the request domain name and is used by users when they need to modify the request domain name after signing
response = client.get_auth(
Method='PUT',
Bucket='examplebucket-1250000000',
Key='exampleobject',
SignHost=False, # Exclude the request domain name from the signature. This setting will bring certain security risks. Use it only when you need to allow users to modify the request domain name after signing.
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(response)
Sample request 2: Generate a download signature
# -*- coding=utf-8
from qcloud_cos import CosConfig
from qcloud_cos import CosS3Client
import sys
import logging
# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print the communication information of the client.
logging.basicConfig(level=logging.INFO, stream=sys.stdout)
# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.
secret_id = 'SecretId' # Replace it with the actual SecretId, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
secret_key = 'SecretKey' # Replace it with the actual SecretKey, which can be viewed and managed at https://console.cloud.tencent.com/cam/capi
region = 'ap-beijing' # Replace it with the actual region, which can be viewed in the console at https://console.cloud.tencent.com/cos5/bucket
# For the list of regions supported by COS, see https://intl.cloud.tencent.com/document/product/436/6224?from_cn_redirect=1
token = None # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, see https://intl.cloud.tencent.com/document/product/436/14048?from_cn_redirect=1
scheme = 'https' # Specify whether to use HTTP or HTTPS protocol to access COS. This is optional and is https by default.
config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)
client = CosS3Client(config)
# Generate a download signature without specifying request headers and parameters
response = client.get_auth(
Method='GET',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(response)
# Generate a download signature with a specified download speed
response = client.get_auth(
Method='GET',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Headers={'x-cos-traffic-limit':'819200'}, # When the signature is used, this URL speed limiting request header must be carried, and the value of the request header must be the value specified here.
Expired=300 # Expire in 300 seconds. Specify the expiration time as needed.
)
print(response)
# Generate a download signature that can only be used for ACL download
response = client.get_auth(
Method='GET',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Params={'acl':''}, # When the signature is used, this ACL request parameter must be carried so that the request can only be used for object ACL download.
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(response)
# Generate a download signature that does not include the request domain name and is used by users when they need to modify the request domain name after signing
response = client.get_auth(
Method='GET',
Bucket='examplebucket-1250000000',
Key='exampleobject',
SignHost=False, # Exclude the request domain name from the signature. This setting will bring certain security risks. Use it only when you need to allow users to modify the request domain name after signing.
Expired=120 # Expire in 120 seconds. Specify the expiration time as needed.
)
print(response)
# Generate a download signature with a temporary key
response = client.get_auth(
Bucket='examplebucket-1250000000',
Key='exampleobject',
Params={
'x-cos-security-token': 'string' # Token is required for temporary keys but not permanent keys.
}
)
print(response)
Sample request with all parameters
response = client.get_auth(
Method='PUT'|'POST'|'GET'|'DELETE'|'HEAD',
Bucket='examplebucket-1250000000',
Key='exampleobject',
Expired=300,
Headers={
'header1': 'string',
'header2': 'string'
},
Params={
'param1': 'string',
'param2': 'string'
},
SignHost=True|False
)
Parameter description
| Parameter | Description | Type | Required |
|---|---|---|---|
| Method | Operation method. Valid values: 'PUT', 'POST', 'GET', 'DELETE', 'HEAD' | String | Yes |
| Bucket | Bucket name in the format of BucketName-APPID |
String | Yes |
| Key | Specifies the root path / for a bucket operation or the file path for an object operation |
String | Yes |
| Expired | Specifies the time in seconds before a signature expires | Int | No |
| Params | Request parameters that need to be signed in a signature. When the signature is used, the request parameters and their values specified by this parameter must be carried. The request parameters that can be signed depend on the corresponding operations. For example, for request parameters that can be carried and signed for object download, see the description of the request parameters of the GET Object API. | Dict | No |
| Headers | Request headers that need to be signed in a signature. When the signature is used, the request headers and their values specified by this parameter must be carried. The request headers that can be signed depend on the corresponding operations. For example, for request headers that can be signed for object upload, see the description of the request headers of the PUT Object API. | Dict | No |
| SignHost | Whether to include the request domain name in the signature. The default value is True. To allow users to modify the request domain name after signing, set this parameter to False. |
Bool | No |
Response description
The signature value for the corresponding operation is returned upon success.
Yes
No
Was this page helpful?