tencent cloud


Signature for Upload from Client

Last updated: 2022-05-26 14:48:01

    Before a client initiates an upload, it needs to apply to the application's signature distribution server for an upload signature which must be carried during the upload operation, so that VOD can verify whether the upload is authorized.

    Signature Generation Steps

    1. Get TencentCloud API key
      Get the security credentials (i.e., SecretId and SecretKey) required to call the server API in the following steps:
      1. Log in to the console and select Products > Cloud Access Management > API Key Management to enter the "API Key Management" page.
      2. Get the TencentCloud API key. If you have not created a key, click Create Key to create a pair of SecretId and SecretKey.
    2. Splice the plaintext string original
      Splice the plaintext signature string original based on the format requirement of URL QueryString as shown below:

    • [secretId], [currentTimeStamp], [expireTime], and [random] in the above original should be replaced with actual parameter values.
    • original must contain four required parameters (secretId, currentTimeStamp, expireTime, and random) and may contain any number of optional parameters. For more information, please see Signature Parameters.
    • The parameter values must be URL-encoded; otherwise, QueryString parsing may fail.
    1. Convert the plaintext string into a signature (with code in Java as an example)

      1. Use the SecretKey to encrypt the plaintext string original with the HMAC-SHA1 algorithm to get signatureTmp:

        Mac mac = Mac.getInstance("HmacSHA1");
        SecretKeySpec secretKey = new SecretKeySpec(this.secretKey.getBytes("UTF-8"), mac.getAlgorithm());
        byte[] signatureTmp = mac.doFinal(original.getBytes("UTF-8"));

        signatureTmp is a byte array encoded with UTF-8 and encrypted with HMAC-SHA1.

      2. Encode the plaintext string original into a byte array with UTF-8, merge the array with signatureTmp, and then Base64-encode the combination to get the signature:

        String signature = base64Encode(byteMerger(signatureTmp, original.getBytes("utf8")));

    byteMerger and base64Encode are methods of array merging and Base64-encoding, respectively. For more information, please see Sample Code of Signature in Java.

    Example of Signature Generation

    VOD also provides sample code for signature generation and a signature generator for your reference and verification:

    Descriptions of Signature Parameters

    Parameter Name Required Type Description
    secretId Yes String SecretId in the TencentCloud API key. For more information on how to get it, please see Guide for Upload from Client - Get TencentCloud API Key.
    currentTimeStamp Yes Integer Current Unix timestamp.
    expireTime Yes Integer Unix timestamp for signature expiration.
    expireTime = currentTimeStamp + signature validity period
    The maximum value for signature validity period is 7,776,000 (i.e., 90 days).
    random Yes Integer A parameter used to construct plaintext signature string. Decimal number. The maximum value is xxxxx (the maximum value of a 32-bit unsigned binary number).
    classId No Integer Video file category. Default value: 0.
    procedure No String Subsequent task operation on a video, i.e., after a video file is uploaded, task flow operations will be initiated automatically. This parameter value is a task flow template name. VOD supports creating task flow templates and naming the templates.
    taskPriority No Integer Priority of subsequent video task (only valid if procedure is specified). Value range: [-10, 10]. Default value: 0.
    taskNotifyMode No String Notification mode for task flow status change (only valid if procedure is specified).
  • Finish: an event notification will be initiated only after the task flow is completely executed.
  • Change: an event notification will be initiated as soon as the status of a subtask in the task flow changes.
  • None: no callback for the task flow will be accepted.
  • Default value: Finish.
    sourceContext No String Source context, which is used to pass through the user request information. The upload callback API will return the value of this field. It can contain up to 250 characters.
    oneTimeValid No Integer Whether a signature is valid only for once. For more information, please see Guide for Upload from Client - One-time Signature.
    0 (default value): not enabled; 1: enabled.
    For relevant error codes, please see One-time Signature Description.
    vodSubAppId No Integer Subapplication ID. If this parameter is left empty, 0, or your Tencent Cloud AppId, the manipulated subapplication will be the "primary application".
    sessionContext No String Session context, which is used to pass through the user request information. If the procedure parameter is specified, the task flow status change callback API will return the value of this field. It can contain up to 1,000 characters.
    storageRegion No String Specifies the storage region. You can add storage regions in the console by yourself. For more information, please see Upload Storage Settings. This field should be filled in with a region abbreviation.

    One-time signature description

    • After the one-time signature feature is enabled, the signature server needs to ensure that the signatures distributed to users are different each time (for example, it should be ensured that the random parameters in the signatures distributed at the same time are unique); otherwise, a duplicate signature error will occur.
    • If an upload fails due to a signature error, a new signature needs to be obtained for retry.
    • The error code for signature errors caused by the SDKs for Android and Java is 1001.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support