Help Center/ Object Storage Service/ SDK Reference/ Python/ Other APIs (SDK for Python)/ Generating Authentication Parameters for Browser-Based Uploads (SDK for Python)
Updated on 2024-11-26 GMT+08:00

Generating Authentication Parameters for Browser-Based Uploads (SDK for Python)

Function

This API generates parameters for authentication. The parameters can be used to perform a browser-based upload through POST operations.

There are two request parameters generated for authentication:

  • policy, which corresponds to the policy parameter in the form.
  • signature, which corresponds to the signature parameter in the form.

Restrictions

Method

ObsClient.createPostSignature(bucketName, objectKey, expires, formParams)

Request Parameters

Table 1 List of request parameters

Parameter

Type

Mandatory (Yes/No)

Description

bucketName

str

No

Explanation:

Bucket name

Restrictions:

  • A bucket name must be unique across all accounts and regions.
  • A bucket name:
    • Must be 3 to 63 characters long and start with a digit or letter. Lowercase letters, digits, hyphens (-), and periods (.) are allowed.
    • Cannot be formatted as an IP address.
    • Cannot start or end with a hyphen (-) or period (.).
    • Cannot contain two consecutive periods (..), for example, my..bucket.
    • Cannot contain periods (.) and hyphens (-) adjacent to each other, for example, my-.bucket or my.-bucket.
  • If you repeatedly create buckets of the same name in the same region, no error will be reported and the bucket attributes comply with those set in the first creation request.

Default value:

None

objectKey

str

No

Explanation:

Object name. An object is uniquely identified by an object name in a bucket. An object name is a complete path that does not contain the bucket name.

For example, if the address for accessing the object is examplebucket.obs.eu-west-101.myhuaweicloud.eu/folder/test.txt, the object name is folder/test.txt.

Value range:

The value must contain 1 to 1,024 characters.

Default value:

None

expires

int

No

Explanation:

Expiration time of authentication for a browser-based upload

Value range:

An integer greater than or equal to 0, in seconds

Default value:

300

formParams

dict

No

Explanation:

Parameters of browser-based uploads, not including key, policy, and signature.

Value range:

  • acl
  • cache-control
  • content-type
  • content-disposition
  • content-encoding
  • expires

Default value:

None

Responses

Table 2 List of returned results

Parameter

Type

Description

originPolicy

str

Explanation:

policy not encoded by Base64. This parameter can only be used for verification.

Example: {"expiration":"2023-09-12T12:52:59Z","conditions":[{"content-type":"text/plain"},{"bucket":"examplebucket"},{"key":"example/objectname"},]}"

Default value:

None

policy

str

Explanation:

Base64-encoded value of policy in the form

Example: eyJleHBpcmF0aW9uIjoiMjAyMy0wOS0xMlQxMjo1Mjo1OVoiLCJjb25kaXRpb25zIjpbeyJjb250ZW50LXR5cGUiOiJ0ZXh0L3BsYWluIn0seyJidWNrZXQiOiJleGFtcGxlYnVja2V0In0seyJrZXkiOiJleGFtcGxlL29iamVjdG5hbWUifSxdfQ==

Default value:

None

signature

str

Explanation:

signature in the form

Example: g0jQr4v9VWd1Q2FOFDG6LGfV9Cw=

Default value:

None

Code Examples

This example generates authentication parameters policy and signature for a browser-based upload.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
from obs import ObsClient
import os
import traceback

# Obtain an AK and SK pair using environment variables or import the AK and SK pair in other ways. Using hard coding may result in leakage.
# Obtain an AK and SK pair on the management console. For details, see https://support.huaweicloud.com/eu/usermanual-ca/ca_01_0003.html.
ak = os.getenv("AccessKeyID")
sk = os.getenv("SecretAccessKey")
# (Optional) If you use a temporary AK and SK pair and a security token to access OBS, obtain them from environment variables.
# security_token = os.getenv("SecurityToken")
# Set server to the endpoint corresponding to the bucket. EU-Dublin is used here as an example. Replace it with the one in use.
server = "https://obs.eu-west-101.myhuaweicloud.eu" 

# Create an obsClient instance.
# If you use a temporary AK and SK pair and a security token to access OBS, you must specify security_token when creating an instance.
obsClient = ObsClient(access_key_id=ak, secret_access_key=sk, server=server)
try:
    bucketName = "examplebucket"
    objectKey = "objectname"
    # Configure the validity period (in seconds) for a browser-based upload request. 3600 is used as an example.
    expires = 3600
    # Specify parameters for a browser-based upload except key, policy, and signature. In this example, x-obs-acl is set to private and content-type is set to text/plain.
    formParams = {'x-obs-acl': 'private', 'content-type': 'text/plain'}
    # Create parameters for a browser-based upload.
    resp = obsClient.createPostSignature(bucketName, objectKey, expires, formParams)

    print('originPolicy:', resp.originPolicy)
    print('policy:', resp.policy)
    print('signature:', resp.signature)
except:
    print(traceback.format_exc())