Signature for Upload from Client
Last updated:2024-05-16 14:48:59
Before a client initiates an upload, it needs to apply to the application's signature distribution server for an upload signature which must be carried during the upload operation, so that VOD can verify whether the upload is authorized.
Signature Generation Steps
1. Get TencentCloud API key
Get the security credentials (i.e.,
SecretId and SecretKey) required to call the server API in the following steps:2. Log in to the console and select Products > Cloud Access Management > API Key Management to enter the "API Key Management" page.
3. Get the TencentCloud API key. If you have not created a key, click Create Key to create a pair of
SecretId and SecretKey.4. Splice the plaintext string
original
Splice the plaintext signature string original based on the format requirement of URL QueryString as shown below:secretId=[secretId]¤tTimeStamp=[currentTimeStamp]&expireTime=[expireTime]&random=[random]
Note:
`[secretId]`, `[currentTimeStamp]`, `[expireTime]`, and `[random]` in the above `original` should be replaced with actual parameter values.
`original` must contain four required parameters (`secretId`, `currentTimeStamp`, `expireTime`, and `random`) and may contain any number of optional parameters. For more information, please see Signature Parameters.
The parameter values must be URL-encoded; otherwise, `QueryString` parsing may fail.
5. Convert the plaintext string into a signature (with code in Java as an example)
6. Use the
SecretKey to encrypt the plaintext string original with the HMAC-SHA1 algorithm to get signatureTmp:Mac mac = Mac.getInstance("HmacSHA1");SecretKeySpec secretKey = new SecretKeySpec(this.secretKey.getBytes("UTF-8"), mac.getAlgorithm());mac.init(secretKey);byte[] signatureTmp = mac.doFinal(original.getBytes("UTF-8"));
Note:
signatureTmp is a byte array encoded with UTF-8 and encrypted with HMAC-SHA1.7. Encode the plaintext string
original into a byte array with UTF-8, merge the array with signatureTmp, and then Base64-encode the combination to get the signature:String signature = base64Encode(byteMerger(signatureTmp, original.getBytes("utf8")));
Note:
byteMerger and base64Encode are methods of array merging and Base64-encoding, respectively. For more information, please see Sample Code of Signature in Java.Example of Signature Generation
VOD also provides sample code for signature generation and a signature generator for your reference and verification:
Descriptions of Signature Parameters
Parameter Name | Required | Type | Description |
secretId | Yes | String | SecretId in the TencentCloud API key. For more information on how to get it, please see Guide for Upload from Client - Get TencentCloud API Key. |
currentTimeStamp | Yes | Integer | Current Unix timestamp. |
expireTime | Yes | Integer | Unix timestamp for signature expiration. <br/> expireTime = currentTimeStamp + signature validity period<br/>The maximum value for signature validity period is 7,776,000 (i.e., 90 days). |
random | Yes | Integer | A parameter used to construct plaintext signature string. Decimal number. The maximum value is 4294967295 (2^32-1, which is the maximum value of a 32-bit unsigned binary number). |
classId | No | Integer | Video file category. Default value: 0. |
procedure | No | String | Subsequent task operation on a video, i.e., after a video file is uploaded, task flow operations will be initiated automatically. This parameter value is a task flow template name. VOD supports creating task flow templates and naming the templates. |
taskPriority | No | Integer | Priority of subsequent video task (only valid if procedure is specified). Value range: [-10, 10]. Default value: 0. |
taskNotifyMode | No | String | Notification mode for task flow status change (only valid if procedure is specified). Finish: an event notification will be initiated only after the task flow is completely executed. Change: an event notification will be initiated as soon as the status of a subtask in the task flow changes. None: no callback for the task flow will be accepted. Default value: Finish. |
sourceContext | No | String | Source context, which is used to pass through the user request information. The upload callback API will return the value of this field. It can contain up to 250 characters. |
oneTimeValid | No | Integer | Whether a signature is valid only for once. For more information, please see Guide for Upload from Client - One-time Signature. 0 (default value): not enabled; 1: enabled. |
vodSubAppId | No | Integer | Subapplication ID. If this parameter is left empty, 0, or your Tencent Cloud AppId, the manipulated subapplication will be the "primary application". |
sessionContext | No | String | Session context, which is used to pass through the user request information. If the procedure parameter is specified, the task flow status change callback API will return the value of this field. It can contain up to 1,000 characters. |
storageRegion | No | String | Specifies the storage region. You can add storage regions in the console by yourself. For more information, please see Upload Storage Settings. This field should be filled in with a region abbreviation. |
One-time signature description
After the one-time signature feature is enabled, the signature server needs to ensure that the signatures distributed to users are different each time (for example, it should be ensured that the
random parameters in the signatures distributed at the same time are unique); otherwise, a duplicate signature error will occur.If an upload fails due to a signature error, a new signature needs to be obtained for retry.
The error code for signature errors caused by the SDKs for Android and Java is
1001.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback