Upload via Pre-Signed URL
Last updated:2025-08-27 11:38:11
Use Cases
All buckets and objects are private by default. If you want any third party to be able to upload an object to your bucket, but you don't want them to use CAM accounts or temporary keys, signatures can be provided by pre-signed URLs for temporary upload operations. Anyone who receives a valid pre-signed URL can upload an object.
When creating a pre-signed URL, you can include an object key in your signature so that the object can only be uploaded to the specified object key. Besides, the validity period of pre-signed URLs can be provided in SDKs to ensure that expired URLs will not be used by any unauthorized party.
Note:
Accessing a CDN domain needs to follow the authentication process of CDN, in which case COS signatures cannot be used. Therefore, pre-signed URLs do not support the use of CDN domains.
Use a permanent key to generate a pre-signed URL, noting that the permission scope is limited to upload or download operations, and the validity period of the generated signature is set to the shortest duration required to complete the upload or download operation.
Once the specified validity period of the pre-signed URL expires, the request will be interrupted; a new signature must be applied for, and the failed request needs to be retried.
Pre-signed URLs only support pre-signing for a single object and do not support multiple objects.
The pre-signed URL upload method only supports simple uploads, with a maximum file size of 5GB. Chunked uploads (resume uploads) are not supported.
Directions
Using SDKs
You can call the pre-signed URL method in the SDK directly. For more information, please see the SDK documentation for the corresponding programming language below:
Go SDK
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback