With RESTful APIs, you can initiate anonymous HTTP requests or signed HTTP requests to COS. Anonymous requests are typically used for scenarios that require public access, such as hosting static websites; and signed requests are required in most other scenarios.
Compared with an anonymous request, a signed request carries an additional signature value. The signature is an encrypted string generated based on the key (SecretId/SecretKey) and request information. The SDK automatically calculates the signature. You only need to set the key when initializing user information and do not need to worry about signature calculation. For requests initiated through RESTful APIs, COS needs to calculate signatures based on the signature algorithm and add them to the requests.
You can log in to the CAM console and go to the Manage API Key page to get a permanent key. A permanent key consists of a SecretId and a SecretKey. It represents the permanent identity of your account and does not expire.
When using an API request, you must use a signed request for a private bucket. A signature is generated based on a permanent key and put into the
Authorization header to form a signed request. When the request is sent to COS, COS verifies whether the signature matches the request.
Because the signature generation algorithm is complex, you are advised to use an SDK to initiate a request and skip this step.
Authorizationheader. The following is an example of a
GET /<ObjectKey> HTTP/1.1 Host: <BucketName-APPID>.cos.<Region>.myqcloud.com Date: GMT Date Authorization: q-sign-algorithm=sha1&q-ak=SecretId&q-sign-time=KeyTime&q-key-time=KeyTime&q-header-list=HeaderList&q-url-param-list=UrlParamList&q-signature=Signature
The following is an example of the corresponding Java SDK code. For demos of other languages, see the corresponding quick start documentation in SDK Overview.
// 1. Initialize the user credentials (secretId, secretKey). // Log in to the [CAM console](https://console.tencentcloud.com/cam/capi) to view and manage the `SecretId` and `SecretKey` of your project. String secretId = "SECRETID"; String secretKey = "SECRETKEY"; COSCredentials cred = new BasicCOSCredentials(secretId, secretKey); // 2. Set the bucket region. For abbreviations of COS regions, please visit https://www.tencentcloud.com/document/product/436/6224?from_cn_redirect=1. // `clientConfig` contains the set methods to set region, HTTPS (HTTP by default), timeout, and proxy. For detailed usage, please see the source code or the FAQs about the SDK for Java. Region region = new Region("COS_REGION"); ClientConfig clientConfig = new ClientConfig(region); // The HTTPS protocol is recommended. // Starting from 5.6.54, HTTPS is used by default. clientConfig.setHttpProtocol(HttpProtocol.https); // 3. Generate a COS client. COSClient cosClient = new COSClient(cred, clientConfig);