tencent cloud

Feedback

Getting Pre-Signed URLs

Last updated: 2024-02-01 18:01:21

    Overview

    The C SDK provides APIs to obtain pre-signed URLs. For detailed directions, see the description and examples below.
    Note:
    You are advised to use a temporary key to generate a pre-signed URL for the security of your requests such as uploads and downloads. When you apply for a temporary key, follow the Principle of Least Privilege to avoid leaking resources besides your buckets and objects.
    If you need to use a permanent key to generate a pre-signed URL, you are advised to limit the permission of the permanent key to uploads and downloads only to avoid risks.

    Getting a Pre-signed Request URL

    Generating pre-signed URL

    Description

    This API is used to generate a pre-signed URL.

    Method prototype

    int cos_gen_presigned_url(const cos_request_options_t *options,
    const cos_string_t *bucket,
    const cos_string_t *object,
    const int64_t expire,
    http_method_e method,
    cos_string_t *presigned_url);

    Parameter description

    Parameter
    Description
    Type
    options
    COS request options
    Struct
    bucket
    Bucket name in the format of BucketName-APPID
    String
    object
    Object name
    String
    expire
    Validity time of the signature, in seconds
    Int
    method
    HTTP request method. Enumerated values: HTTP_GET, HTTP_HEAD, HTTP_PUT, HTTP_POST, HTTP_DELETE
    Enum
    presigned_url
    The generated pre-signed URL
    String

    Response description

    Response
    Description
    Type
    code
    Error code
    Int

    Pre-signed request samples

    You can obtain a pre-signed URL by setting a permanent or temporary key using the options parameter.
    #include "cos_http_io.h"
    #include "cos_api.h"
    #include "cos_log.h"
    
    // `endpoint` is the COS access domain name. For more information, see https://www.tencentcloud.com/document/product/436/6224.
    static char TEST_COS_ENDPOINT[] = "cos.ap-guangzhou.myqcloud.com";
    // A developer-owned secret ID/key used for the project. It can be obtained at https://console.tencentcloud.com/cam/capi.
    static char *TEST_ACCESS_KEY_ID; // Your SecretId
    static char *TEST_ACCESS_KEY_SECRET; // Your SecretKey
    // A unique user-level resource identifier for COS access. It can be obtained at https://console.tencentcloud.com/cam/capi.
    static char TEST_APPID[] = "<APPID>"; // Your APPID
    // COS bucket name, in the format of [bucket]-[appid], for example `mybucket-1253666666`. It can be obtained at https://console.tencentcloud.com/cos5/bucket.
    static char TEST_BUCKET_NAME[] = "<bucketname-appid>";
    // A unique identifier of an object stored in COS. For more information about objects and object keys, please see https://www.tencentcloud.com/document/product/436/13324.
    static char TEST_OBJECT_NAME1[] = "1.txt";
    
    void init_test_config(cos_config_t *config, int is_cname)
    {
    cos_str_set(&config->endpoint, TEST_COS_ENDPOINT);
    cos_str_set(&config->access_key_id, TEST_ACCESS_KEY_ID);
    cos_str_set(&config->access_key_secret, TEST_ACCESS_KEY_SECRET);
    cos_str_set(&config->appid, TEST_APPID);
    config->is_cname = is_cname;
    }
    
    void init_test_request_options(cos_request_options_t *options, int is_cname)
    {
    options->config = cos_config_create(options->pool);
    init_test_config(options->config, is_cname);
    options->ctl = cos_http_controller_create(options->pool, 0);
    }
    
    void test_presigned_url()
    {
    cos_pool_t *p = NULL;
    int is_cname = 0;
    cos_request_options_t *options = NULL;
    cos_string_t bucket;
    cos_string_t object;
    cos_string_t presigned_url;
    
    cos_pool_create(&p, NULL);
    options = cos_request_options_create(p);
    init_test_request_options(options, is_cname);
    cos_str_set(&bucket, TEST_BUCKET_NAME);
    cos_str_set(&object, TEST_OBJECT_NAME1);
    
    cos_gen_presigned_url(options, &bucket, &object, 300, HTTP_GET, &presigned_url);
    printf("presigned_url: %s\\n", presigned_url.data);
    
    cos_pool_destroy(p);
    
    }
    
    int main(int argc, char *argv[])
    {
    // Get SecretId and SecretKey from environment variables
    TEST_ACCESS_KEY_ID = getenv("COS_SECRETID");
    TEST_ACCESS_KEY_SECRET = getenv("COS_SECRETKEY");
    
    if (cos_http_io_initialize(NULL, 0) != COSE_OK) {
    exit(1);
    }
    
    // Set the log level. Default value: `COS_LOG_WARN`
    cos_log_set_level(COS_LOG_WARN);
    
    // Set log output. Default value: `stderr`
    cos_log_set_output(NULL);
    
    test_presigned_url();
    
    cos_http_io_deinitialize();
    
    return 0;
    }

    Securely Getting a Pre-signed Request URL

    Securely generating a pre-signed URL

    Description

    This API is used to securely generate a pre-signed URL.

    Method prototype

    int cos_gen_presigned_url_safe(const cos_request_options_t *options,
    const cos_string_t *bucket,
    const cos_string_t *object,
    const int64_t expire,
    http_method_e method,
    cos_table_t *headers,
    cos_table_t *params,
    int sign_host,
    cos_string_t *presigned_url);

    Parameter description

    Parameter
    Description
    Type
    options
    COS request options
    Struct
    bucket
    Bucket name in the format of BucketName-APPID
    String
    object
    Object name
    String
    expire
    Validity time of the signature, in seconds
    Int
    method
    HTTP request method. Enumerated values: HTTP_GET, HTTP_HEAD, HTTP_PUT, HTTP_POST, HTTP_DELETE
    Enum
    headers
    Additional headers of a COS request
    Struct
    params
    Parameters for the COS request
    Struct
    sign_host
    Whether to sign the signature to the host header. You are strongly advised to enable it for security’s sake.
    Int
    presigned_url
    The generated pre-signed URL
    String

    Response description

    Response
    Description
    Type
    code
    Error code
    Int

    Sample request 1. Generate a pre-signed URL with host in the signature

    You can obtain a pre-signed URL by setting a permanent or temporary key using the options parameter.
    #include "cos_http_io.h"
    #include "cos_api.h"
    #include "cos_log.h"
    
    // `endpoint` is the COS access domain name. For more information, see https://www.tencentcloud.com/document/product/436/6224.
    static char TEST_COS_ENDPOINT[] = "cos.ap-guangzhou.myqcloud.com";
    // A developer-owned secret ID/key used for the project. It can be obtained at https://console.tencentcloud.com/cam/capi.
    static char *TEST_ACCESS_KEY_ID; // Your SecretId
    static char *TEST_ACCESS_KEY_SECRET; // Your SecretKey
    // A unique user-level resource identifier for COS access. It can be obtained at https://console.tencentcloud.com/cam/capi.
    static char TEST_APPID[] = "<APPID>"; // Your APPID
    // COS bucket name, in the format of [bucket]-[appid], for example `mybucket-1253666666`. It can be obtained at https://console.tencentcloud.com/cos5/bucket.
    static char TEST_BUCKET_NAME[] = "<bucketname-appid>";
    // A unique identifier of an object stored in COS. For more information about objects and object keys, please see https://www.tencentcloud.com/document/product/436/13324.
    static char TEST_OBJECT_NAME1[] = "1.txt";
    
    void init_test_config(cos_config_t *config, int is_cname)
    {
    cos_str_set(&config->endpoint, TEST_COS_ENDPOINT);
    cos_str_set(&config->access_key_id, TEST_ACCESS_KEY_ID);
    cos_str_set(&config->access_key_secret, TEST_ACCESS_KEY_SECRET);
    cos_str_set(&config->appid, TEST_APPID);
    config->is_cname = is_cname;
    }
    
    void init_test_request_options(cos_request_options_t *options, int is_cname)
    {
    options->config = cos_config_create(options->pool);
    init_test_config(options->config, is_cname);
    options->ctl = cos_http_controller_create(options->pool, 0);
    }
    
    void test_safe_presigned_url()
    {
    cos_pool_t *p = NULL;
    int is_cname = 0;
    cos_request_options_t *options = NULL;
    cos_string_t bucket;
    cos_string_t object;
    cos_string_t presigned_url;
    cos_table_t *params = NULL;
    cos_table_t *headers = NULL;
    int sign_host = 1;
    
    cos_pool_create(&p, NULL);
    options = cos_request_options_create(p);
    init_test_request_options(options, is_cname);
    /* You can use a temporary key by setting `sts_token`. When you use a temporary key, you need to set `access_key_id` and `access_key_secret` to its SecretId and SecretKey */
    //cos_str_set(&options->config->sts_token, "MyTokenString");
    cos_str_set(&bucket, TEST_BUCKET_NAME);
    cos_str_set(&object, TEST_OBJECT_NAME1);
    
    // You are strongly advised to set `sign_host` to `1` to add the `host` header to the signature list by force to prevent unauthorized access.
    cos_gen_presigned_url_safe(options, &bucket, &object, 300, HTTP_GET, headers, params, sign_host, &presigned_url);
    printf("presigned_url_safe: %s\\n", presigned_url.data);
    
    cos_pool_destroy(p);
    }
    
    int main(int argc, char *argv[])
    {
    // Get SecretId and SecretKey from environment variables
    TEST_ACCESS_KEY_ID = getenv("COS_SECRETID");
    TEST_ACCESS_KEY_SECRET = getenv("COS_SECRETKEY");
    
    if (cos_http_io_initialize(NULL, 0) != COSE_OK) {
    exit(1);
    }
    
    // Set the log level. Default value: `COS_LOG_WARN`
    cos_log_set_level(COS_LOG_WARN);
    
    // Set log output. Default value: `stderr`
    cos_log_set_output(NULL);
    
    test_safe_presigned_url();
    
    cos_http_io_deinitialize();
    
    return 0;
    }

    Sample request 2. Generate the pre-signed URL with the signature containing request param and request header

    You can obtain a pre-signed URL by setting a permanent or temporary key using the options parameter.
    #include "cos_http_io.h"
    #include "cos_api.h"
    #include "cos_log.h"
    
    // `endpoint` is the COS access domain name. For more information, see https://www.tencentcloud.com/document/product/436/6224.
    static char TEST_COS_ENDPOINT[] = "cos.ap-guangzhou.myqcloud.com";
    // A developer-owned secret ID/key used for the project. It can be obtained at https://console.tencentcloud.com/cam/capi.
    static char *TEST_ACCESS_KEY_ID; // Your SecretId
    static char *TEST_ACCESS_KEY_SECRET; // Your SecretKey
    // A unique user-level resource identifier for COS access. It can be obtained at https://console.tencentcloud.com/cam/capi.
    static char TEST_APPID[] = "<APPID>"; // Your APPID
    // COS bucket name, in the format of [bucket]-[appid], for example `mybucket-1253666666`. It can be obtained at https://console.tencentcloud.com/cos5/bucket.
    static char TEST_BUCKET_NAME[] = "<bucketname-appid>";
    // A unique identifier of an object stored in COS. For more information about objects and object keys, please see https://www.tencentcloud.com/document/product/436/13324.
    static char TEST_OBJECT_NAME1[] = "1.txt";
    
    void init_test_config(cos_config_t *config, int is_cname)
    {
    cos_str_set(&config->endpoint, TEST_COS_ENDPOINT);
    cos_str_set(&config->access_key_id, TEST_ACCESS_KEY_ID);
    cos_str_set(&config->access_key_secret, TEST_ACCESS_KEY_SECRET);
    cos_str_set(&config->appid, TEST_APPID);
    config->is_cname = is_cname;
    }
    
    void init_test_request_options(cos_request_options_t *options, int is_cname)
    {
    options->config = cos_config_create(options->pool);
    init_test_config(options->config, is_cname);
    options->ctl = cos_http_controller_create(options->pool, 0);
    }
    
    void test_safe_presigned_url()
    {
    cos_pool_t *p = NULL;
    int is_cname = 0;
    cos_request_options_t *options = NULL;
    cos_string_t bucket;
    cos_string_t object;
    cos_string_t presigned_url;
    cos_table_t *params = NULL;
    cos_table_t *headers = NULL;
    int sign_host = 1;
    
    cos_pool_create(&p, NULL);
    options = cos_request_options_create(p);
    init_test_request_options(options, is_cname);
    /* You can use a temporary key by setting `sts_token`. When you use a temporary key, you need to set `access_key_id` and `access_key_secret` to its SecretId and SecretKey */
    //cos_str_set(&options->config->sts_token, "MyTokenString");
    cos_str_set(&bucket, TEST_BUCKET_NAME);
    cos_str_set(&object, TEST_OBJECT_NAME1);
    
    // Add your `params` and `headers`
    params = cos_table_make(options->pool, 0);
    //cos_table_add(params, "param1", "value");
    headers = cos_table_make(options->pool, 0);
    //cos_table_add(headers, "header1", "value");
    
    // You are strongly advised to set `sign_host` to `1` to add the `host` header to the signature list by force to prevent unauthorized access.
    cos_gen_presigned_url_safe(options, &bucket, &object, 300, HTTP_GET, headers, params, sign_host, &presigned_url);
    printf("presigned_url_safe: %s\\n", presigned_url.data);
    
    cos_pool_destroy(p);
    }
    
    int main(int argc, char *argv[])
    {
    // Get SecretId and SecretKey from environment variables
    TEST_ACCESS_KEY_ID = getenv("COS_SECRETID");
    TEST_ACCESS_KEY_SECRET = getenv("COS_SECRETKEY");
    
    if (cos_http_io_initialize(NULL, 0) != COSE_OK) {
    exit(1);
    }
    
    // Set the log level. Default value: `COS_LOG_WARN`
    cos_log_set_level(COS_LOG_WARN);
    
    // Set log output. Default value: `stderr`
    cos_log_set_output(NULL);
    
    test_safe_presigned_url();
    
    cos_http_io_deinitialize();
    
    return 0;
    }
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support