Using a Temporary URL for Authorized Access
If you have any questions during development, post them on the Issues page of GitHub. For details about parameters and usage of each API, see API Reference.
ObsClient allows you to create a URL whose Query parameters are carried with authentication information by specifying the AK and SK, HTTP method, and request parameters. You can provide other users with this URL for temporary access. When generating a URL, you need to specify the validity period of the URL to restrict the access duration of visitors.
If you want to grant other users the permission to perform other operations on buckets or objects (for example, upload or download objects), generate a URL with the corresponding request (for example, to upload an object using the URL that generates the PUT request) and provide the URL for other users.
The following table lists operations can be performed through a signed URL.
Operation |
HTTP Method |
Special Operator (Sub-resource) |
Bucket Name Required |
Object Name Required |
---|---|---|---|---|
PUT Bucket |
PUT |
N/A |
Yes |
No |
GET Buckets |
GET |
N/A |
No |
No |
DELETE Bucket |
DELETE |
N/A |
Yes |
No |
GET Objects |
GET |
N/A |
Yes |
No |
GET Object versions |
GET |
versions |
Yes |
No |
List Multipart uploads |
GET |
uploads |
Yes |
No |
Obtain Bucket Metadata |
HEAD |
N/A |
Yes |
No |
GET Bucket location |
GET |
location |
Yes |
No |
GET Bucket storageinfo |
GET |
storageinfo |
Yes |
No |
PUT Bucket quota |
PUT |
quota |
Yes |
No |
GET Bucket quota |
GET |
quota |
Yes |
No |
Set Bucket storagePolicy |
PUT |
storagePolicy |
Yes |
No |
GET Bucket storagePolicy |
GET |
storagePolicy |
Yes |
No |
PUT Bucket acl |
PUT |
acl |
Yes |
No |
GET Bucket acl |
GET |
acl |
Yes |
No |
PUT Bucket logging |
PUT |
logging |
Yes |
No |
GET Bucket logging |
GET |
logging |
Yes |
No |
PUT Bucket policy |
PUT |
policy |
Yes |
No |
GET Bucket policy |
GET |
policy |
Yes |
No |
DELETE Bucket policy |
DELETE |
policy |
Yes |
No |
PUT Bucket lifecycle |
PUT |
lifecycle |
Yes |
No |
GET Bucket lifecycle |
GET |
lifecycle |
Yes |
No |
DELETE Bucket lifecycle |
DELETE |
lifecycle |
Yes |
No |
PUT Bucket website |
PUT |
website |
Yes |
No |
GET Bucket website |
GET |
website |
Yes |
No |
DELETE Bucket website |
DELETE |
website |
Yes |
No |
PUT Bucket versioning |
PUT |
versioning |
Yes |
No |
GET Bucket versioning |
GET |
versioning |
Yes |
No |
PUT Bucket cors |
PUT |
cors |
Yes |
No |
GET Bucket cors |
GET |
cors |
Yes |
No |
DELETE Bucket cors |
DELETE |
cors |
Yes |
No |
OPTIONS Bucket |
OPTIONS |
N/A |
Yes |
No |
PUT Bucket tagging |
PUT |
tagging |
Yes |
No |
GET Bucket tagging |
GET |
tagging |
Yes |
No |
DELETE Bucket tagging |
DELETE |
tagging |
Yes |
No |
PUT Object |
PUT |
N/A |
Yes |
Yes |
GET Object |
GET |
N/A |
Yes |
Yes |
PUT Object - Copy |
PUT |
N/A |
Yes |
Yes |
DELETE Object |
DELETE |
N/A |
Yes |
Yes |
DELETE Objects |
POST |
delete |
Yes |
Yes |
Obtain Object Metadata |
HEAD |
N/A |
Yes |
Yes |
PUT Object acl |
PUT |
acl |
Yes |
Yes |
GET Object acl |
GET |
acl |
Yes |
Yes |
Initiate Multipart Upload |
POST |
uploads |
Yes |
Yes |
PUT Part |
PUT |
N/A |
Yes |
Yes |
PUT Part - Copy |
PUT |
N/A |
Yes |
Yes |
List Parts |
GET |
N/A |
Yes |
Yes |
Complete Multipart Upload |
POST |
N/A |
Yes |
Yes |
DELETE Multipart upload |
DELETE |
N/A |
Yes |
Yes |
OPTIONS Object |
OPTIONS |
N/A |
Yes |
Yes |
POST Object restore |
POST |
restore |
Yes |
Yes |
To access OBS using a temporary URL generated by the OBS PHP SDK, perform the following steps:
- Call ObsClient->createSignedUrl to generate a signed URL.
- Use any HTTP library to make an HTTP/HTTPS request to OBS.
If a CORS or signature mismatch error occurs, refer to the following steps to troubleshoot the issue:
- If CORS was not configured, you need to configure CORS rules on OBS Console. For details, see Configuring CORS.
- If the signatures do not match, check whether signature parameters are correct by referring to Authentication of Signature in a URL. For example, during an object upload, if the backend uses Content-Type to calculate the signature and generate an authorized URL, but the frontend does not pass Content-Type or passes an incorrect value when using the URL, a CORS error occurs. To resolve this issue, ensure that Content-Type fields of the frontend and backend are consistent.
The following content provides examples of accessing OBS using a temporary URL, including bucket creation, as well as object upload, download, listing, and deletion.
Creating a Bucket
// Import the dependency library. require 'vendor/autoload.php'; // Import the SDK code library during the installation with source code. // require 'obs-autoloader.php'; // Declare the namespace. use Obs\ObsClient; use GuzzleHttp\Client; use GuzzleHttp\Exception\ClientException; // Create an ObsClient instance. $obsClient = new ObsClient ( [ //Obtain an AK/SK pair using environment variables or import the AK/SK pair in other ways. Using hard coding may result in leakage. //Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/eu/usermanual-ca/ca_01_0003.html. 'key' => getenv('ACCESS_KEY_ID'), 'secret' => getenv('SECRET_ACCESS_KEY'), 'endpoint' => 'https://your-endpoint', 'signature' => 'obs' ] ); // Set the validity period of the URL to 3600 seconds. $expires = 3600; // Create a bucket. $resp = $obsClient->createSignedUrl( [ 'Method' => 'PUT', 'Bucket' => 'bucketname', 'Expires' => $expires ] ); printf("SignedUrl:%s\n", $resp ['SignedUrl']); $httpClient = new Client(['verify' => false ]); $content = '<CreateBucketConfiguration><LocationConstraint>your-location</LocationConstraint></CreateBucketConfiguration>'; $url = $resp['SignedUrl']; try{ $response = $httpClient -> request('PUT', $url, ['body' => $content, 'headers'=> $resp['ActualSignedRequestHeaders']]); printf("%s using temporary signature url:\n", 'Create bucket'); printf("\t%s successfully.\n", $url); printf("\tStatus:%d\n", $response -> getStatusCode()); printf("\tContent:%s\n", $response -> getBody() -> getContents()); $response -> getBody()-> close(); }catch (ClientException $ex){ printf("%s using temporary signature url:\n", 'Create bucket'); printf("\t%s failed!\n", $url); printf('Exception message:%s', $ex ->getMessage()); }
Uploading an Object
// Import the dependency library. require 'vendor/autoload.php'; // Import the SDK code library during the installation with source code. // require 'obs-autoloader.php'; // Declare the namespace. use Obs\ObsClient; use GuzzleHttp\Client; use GuzzleHttp\Exception\ClientException; // Create an ObsClient instance. $obsClient = new ObsClient ( [ //Obtain an AK/SK pair using environment variables or import the AK/SK pair in other ways. Using hard coding may result in leakage. //Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/eu/usermanual-ca/ca_01_0003.html. 'key' => getenv('ACCESS_KEY_ID'), 'secret' => getenv('SECRET_ACCESS_KEY'), 'endpoint' => 'https://your-endpoint', 'signature' => 'obs' ] ); // Set the validity period of the URL to 3600 seconds. $expires = 3600; // Upload an object. $resp = $obsClient->createSignedUrl( [ 'Method' => 'PUT', 'Bucket' => 'bucketname', 'Key' => 'objectname', 'Expires' => $expires ] ); printf("SignedUrl:%s\n", $resp ['SignedUrl']); $url = $resp['SignedUrl']; $httpClient = new Client(['verify' => false ]); $content = 'Hello OBS'; try{ $response = $httpClient -> request('PUT', $url, ['body' => $content, 'headers'=> $resp['ActualSignedRequestHeaders']]); printf("%s using temporary signature url:\n", 'Put object'); printf("\t%s successfully.\n", $url); printf("\tStatus:%d\n", $response -> getStatusCode()); printf("\tContent:%s\n", $response -> getBody() -> getContents()); $response -> getBody()-> close(); }catch (ClientException $ex){ printf("%s using temporary signature url:\n", 'Put object'); printf("\t%s failed!\n", $url); printf('Exception message:%s', $ex ->getMessage()); }
Downloading an Object
// Import the dependency library. require 'vendor/autoload.php'; // Import the SDK code library during the installation with source code. // require 'obs-autoloader.php'; // Declare the namespace. use Obs\ObsClient; use GuzzleHttp\Client; use GuzzleHttp\Exception\ClientException; // Create an ObsClient instance. $obsClient = new ObsClient ( [ //Obtain an AK/SK pair using environment variables or import the AK/SK pair in other ways. Using hard coding may result in leakage. //Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/eu/usermanual-ca/ca_01_0003.html. 'key' => getenv('ACCESS_KEY_ID'), 'secret' => getenv('SECRET_ACCESS_KEY'), 'endpoint' => 'https://your-endpoint', 'signature' => 'obs' ] ); // Set the validity period of the URL to 3600 seconds. $expires = 3600; // Download an object. $resp = $obsClient->createSignedUrl( [ 'Method' => 'GET', 'Bucket' => 'bucketname', 'Key' => 'objectname', 'Expires' => $expires ] ); printf("SignedUrl:%s\n", $resp ['SignedUrl']); $url = $resp['SignedUrl']; $httpClient = new Client(['verify' => false ]); try{ $response = $httpClient -> request('GET', $url, ['headers'=> $resp['ActualSignedRequestHeaders']]); printf("%s using temporary signature url:\n", 'Get object'); printf("\t%s successfully.\n", $url); printf("\tStatus:%d\n", $response -> getStatusCode()); printf("\tContent:%s\n", $response -> getBody() -> getContents()); $response -> getBody()-> close(); }catch (ClientException $ex){ printf("%s using temporary signature url:\n", 'Get object'); printf("\t%s failed!\n", $url); printf('Exception message:%s', $ex ->getMessage()); }
Listing Objects
// Import the dependency library. require 'vendor/autoload.php'; // Import the SDK code library during the installation with source code. // require 'obs-autoloader.php'; // Declare the namespace. use Obs\ObsClient; use GuzzleHttp\Client; use GuzzleHttp\Exception\ClientException; // Create an ObsClient instance. $obsClient = new ObsClient ( [ //Obtain an AK/SK pair using environment variables or import the AK/SK pair in other ways. Using hard coding may result in leakage. //Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/eu/usermanual-ca/ca_01_0003.html. 'key' => getenv('ACCESS_KEY_ID'), 'secret' => getenv('SECRET_ACCESS_KEY'), 'endpoint' => 'https://your-endpoint', 'signature' => 'obs' ] ); // Set the validity period of the URL to 3600 seconds. $expires = 3600; // List objects. $resp = $obsClient->createSignedUrl( [ 'Method' => 'GET', 'Bucket' => 'bucketname', 'Expires' => $expires ] ); printf("SignedUrl:%s\n", $resp ['SignedUrl']); $url = $resp['SignedUrl']; $httpClient = new Client(['verify' => false ]); try{ $response = $httpClient -> request('GET', $url, ['headers'=> $resp['ActualSignedRequestHeaders']]); printf("%s using temporary signature url:\n", 'List objects'); printf("\t%s successfully.\n", $url); printf("\tStatus:%d\n", $response -> getStatusCode()); printf("\tContent:%s\n", $response -> getBody() -> getContents()); $response -> getBody()-> close(); }catch (ClientException $ex){ printf("%s using temporary signature url:\n", 'List objects'); printf("\t%s failed!\n", $url); printf('Exception message:%s', $ex ->getMessage()); }
Deleting an Object
// Import the dependency library. require 'vendor/autoload.php'; // Import the SDK code library during the installation with source code. // require 'obs-autoloader.php'; // Declare the namespace. use Obs\ObsClient; use GuzzleHttp\Client; use GuzzleHttp\Exception\ClientException; // Create an ObsClient instance. $obsClient = new ObsClient ( [ //Obtain an AK/SK pair using environment variables or import the AK/SK pair in other ways. Using hard coding may result in leakage. //Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/eu/usermanual-ca/ca_01_0003.html. 'key' => getenv('ACCESS_KEY_ID'), 'secret' => getenv('SECRET_ACCESS_KEY'), 'endpoint' => 'https://your-endpoint', 'signature' => 'obs' ] ); // Set the validity period of the URL to 3600 seconds. $expires = 3600; // Delete an object. $resp = $obsClient->createSignedUrl( [ 'Method' => 'DELETE', 'Bucket' => 'bucketname', 'Key' => 'objectname', 'Expires' => $expires ] ); printf("SignedUrl:%s\n", $resp ['SignedUrl']); $url = $resp['SignedUrl']; $httpClient = new Client(['verify' => false ]); try{ $response = $httpClient -> request('DELETE', $url, ['headers'=> $resp['ActualSignedRequestHeaders']]); printf("%s using temporary signature url:\n", 'Delete object'); printf("\t%s successfully.\n", $url); printf("\tStatus:%d\n", $response -> getStatusCode()); printf("\tContent:%s\n", $response -> getBody() -> getContents()); $response -> getBody()-> close(); }catch (ClientException $ex){ printf("%s using temporary signature url:\n", 'Delete object'); printf("\t%s failed!\n", $url); printf('Exception message:%s', $ex ->getMessage()); }
Use the Method parameter to specify the HTTP request method, the Expires parameter to specify the validity period of the URL, the Headers parameter to specify the request headers, the SpecialParam parameter to specify the special operator, and the QueryParams parameter to specify the request parameters.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.