Description
This document describes the common request headers that may be used in API requests. The headers mentioned below will not be detailed again in specific API documents.
Request Headers
| Header Name | Description | Type | Required |
|---|---|---|---|
| Authorization | Carries authentication information, i.e., the signing information used to verify the validity of a request. This header is optional for public-read objects or if the authentication information is passed in through request parameters. For more information, see Request Signature. |
string | Yes. This header is optional for public-read objects or if the authentication information is passed in through request parameters. |
| Content-Length | HTTP request length in bytes as defined in RFC 2616. | integer | No. This header is required for PUT and POST requests (except PUT Object requests where the Transfer-Encoding request header is specified). |
| Content-Type | HTTP request content type (MIME) as defined in RFC 2616. For example, application/xml, image/jpeg |
string | No. This header is required for PUT and POST requests with a request body. |
| Content-MD5 | Base64-encoded MD5 hash value of the request body content as defined in RFC 1864, such as ZzD3iDJdrMAAb00lgLLeig==. This header is used for integrity check to verify whether the request body has changed during the transfer. For PUT and POST requests with a request body (except POST Object requests), it is highly recommended to carry this header. |
string | No |
| Date | Current time in GMT format as defined in RFC 1123, such as Wed, 29 May 2019 04:10:12 GMT. |
string | No |
| Host | Requested host in the format of <BucketName-APPID>.cos.<Region>.myqcloud.com |
string | Yes |
| x-cos-security-token | The security token field that needs to be passed in when temporary security credentials are used. For more information, see Temporary Security Credentials. | string | No. This header is required when a temporary key is used and the authentication information is carried through Authorization. |
Server-side Encryption Headers
For APIs that support server-side encryption (SSE), the following request headers are applicable based on different encryption methods. Please consult the specific API documents to determine whether SSE is applicable. Whether the following headers are required is only for scenarios where SSE is used. If you request an API that does not support or use SSE, the following headers do not need to be carried. For more information, see Server-side Encryption Overview.
SSE-COS
| Header Name | Description | Type | Required |
|---|---|---|---|
| x-cos-server-side-encryption | Server-side encryption algorithm; currently only AES256 is supported | string | Required when you upload or copy objects (including simple upload/copy and multipart upload/copy). This header cannot be specified when you download objects |
SSE-C
| Header Name | Description | Type | Required |
|---|---|---|---|
| x-cos-server-side-encryption-customer-algorithm | Server-side encryption algorithm; currently only AES256 is supported | string | Yes |
| x-cos-server-side-encryption-customer-key | Base64-encoded server-side encryption key. For example, MDEyMzQ1Njc4OUFCQ0RFRjAxMjM0NTY3ODlBQkNERUY= |
string | Yes |
| x-cos-server-side-encryption-customer-key-MD5 | Base64-encoded MD5 hash of the server-side encryption key. For example, U5L61r7jcwdNvT7frmUG8g== |
string | Yes |
