Authorizing a Third Party to Upload Objects

Scenarios

If a third-party user does not have the upload permission, you can grant temporary permissions to them for accessing OBS and uploading objects within a validity period. For example, some companies have user management systems that manage app users and local users. These users do not have IAM user permissions, so you can grant temporary permissions to allow these users to temporarily access OBS.

Use either of the following methods:

• Temporary security credentials
• A temporary URL

Important Notes

Using Temporary Security Credentials to Grant Upload Permissions

You can assign temporary security credentials (including an AK, an SK, and a security token) to a third-party application or an IAM user, so that they can access OBS only for a specified period of time.

The temporary AK/SK and the security token must be used together to call an API for authentication and the x-obs-security-token field must be added to the request header.

For details, see Accessing OBS Using Temporary Access Keys.

Using a Temporary URL to Grant Upload Permissions

ObsClient allows you to create a URL with Query parameters that carry authentication information by specifying the security credentials, request method, and request parameters. You can share this URL with other users for them to make a temporary access. You need to specify the validity period of the temporary URL to restrict the allowed access duration.

Temporary URLs allow third-party users to upload objects without security credentials or authorization. OBS stores the objects uploaded by third-party users in a specified bucket.

For details, see Accessing OBS Using a Temporary URL.