Common Request Headers

Last updated: 2020-07-03 17:13:59

    Description

    This document describes the common request headers that may be used in API requests. The headers mentioned below will not be addressed again in related API documents.

    Request Headers

    Header Name Description Type Required
    Authorization Contains authentication information as part of the signature that authenticates a request
    Not required if the object is public read, or if the authentication information is passed using request parameters. For more information, see Request Signature.
    string Yes
    Optional if it is used for a public-read object, or the authentication information is passed using request parameters
    Content-Length The length of the content of an HTTP request in bytes defined in RFC 2616 integer
  • Required for PUT and POST requests (excluding PUT Object requests with Transfer-Encoding specified)
  • Cannot be used for GET, HEAD, DELETE or OPTIONS requests
  • Content-Type The content type (MIME) of an HTTP request as defined in RFC 2616
    Example: application/xml or image/jpeg
    string
  • Required for PUT and POST requests
  • Cannot be used for GET, HEAD, DELETE or OPTION requests
  • Content-MD5 The Base64-encoded 16-byte MD5 hash in binary format of request body content as defined in RFC 1864. It is used as an integrity check to verify whether the request body has changed during transit. The final value should be 24 characters in length. Please write code using the correct method and parameters, for example ZzD3iDJdrMAAb00lgLLeig==. string
  • Required for PUT and POST requests (except POST Object requests)
  • Cannot be used for GET, HEAD, DELETE or OPTION requests
  • Date Current time in GMT as defined in RFC 1123, such as Wed, 29 May 2019 04:10:12 GMT string No
    Host Request CVM in the format <BucketName-APPID>.cos.<Region>.myqcloud.com string Yes
    x-cos-security-token The security token field required when using temporary security credentials. See Temporary security credentials under Creating Request Overview. string No
    Required if temporary key is used and authentication information is passed using the `Authorization` header

    Server-Side Encryption Headers

    For APIs that support server-side encryption (SSE), the following request headers apply based on the different encryption methods. See API-specific documents to find whether they are applicable. These headers are required only for SSE-based scenarios, but not for cases where the request doesn’t not support SSE APIs or not use SSE. For more information, see Server-side Encryption Overview.

    SSE-COS

    Header Name Description Type Required
    x-cos-server-side-encryption Server-side encryption algorithm; set to AES256 if using SSE-COS string Required when you upload or copy objects (including simple upload/copy and multipart upload/copy). This header cannot be specified when you download objects.

    SSE-KMS

    Header Name Description Type Required
    x-cos-server-side-encryption Server-side encryption algorithm; set to cos/kms if using SSE-KMS string Required when you upload or copy objects (including simple upload/copy and multipart upload/copy). This header cannot be specified when you download objects
    x-cos-server-side-encryption-cos-kms-key-id Specifies the KMS customer master key (CMK) when the x-cos-server-side-encryption value is cos/kms. If not specified, the default CMK created by COS is used. For more information, see SSE-KMS Encryption string No
    x-cos-server-side-encryption-context Specifies the encryption context when the x-cos-server-side-encryption value is cos/kms. This value is a Base64-encoded string holding JSON with the key-value pairs for the encryption context.
    For example, eyJhIjoiYXNkZmEiLCJiIjoiMTIzMzIxIn0=
    string No

    SSE-C

    Header Name Description Type Required
    x-cos-server-side-encryption-customer-algorithm Server-side encryption algorithm; currently only AES256 is supported string Yes
    x-cos-server-side-encryption-customer-key Base64-encoded server-side encryption key.
    For example, MDEyMzQ1Njc4OUFCQ0RFRjAxMjM0NTY3ODlBQkNERUY=
    string Yes
    x-cos-server-side-encryption-customer-key-MD5 Base64-encoded MD5 hash of the server-side encryption key.
    For example, U5L61r7jcwdNvT7frmUG8g==
    string Yes

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help