Help Center/ Object Storage Service/ User Guide/ Object Management/ Upload/ Authorizing a Third Party to Upload Objects
Updated on 2024-10-24 GMT+08:00

Authorizing a Third Party to Upload Objects

Scenarios

If a third-party user does not have the upload permission, you can grant temporary permissions to them for accessing OBS and uploading objects within a validity period. For example, some companies have user management systems that manage app users and local users. These users do not have IAM user permissions, so you can grant temporary permissions to allow these users to temporarily access OBS.

Use either of the following methods:

  • Temporary security credentials
  • A temporary URL

Important Notes

Method

Description

Temporary security credentials

The validity period of temporary security credentials is from 15 minutes to 24 hours.

When obtaining temporary security credentials, you can send the policy parameter to request for the least temporary permissions that can be granted to IAM users.

Temporary URL

Only the bucket owner can grant a temporary URL to others. If the owner changes the validity period of a URL, OBS obtains the authentication information again to generate a new URL.

The obs:PutObject permission is required for uploading an object using a temporary URL.

Using Temporary Security Credentials to Grant Upload Permissions

You can assign temporary security credentials (including an AK, an SK, and a security token) to a third-party application or an IAM user, so that they can access OBS only for a specified period of time.

The temporary AK/SK and the security token must be used together to call an API for authentication and the x-obs-security-token field must be added to the request header.

For details, see Accessing OBS Using Temporary Access Keys.

Using a Temporary URL to Grant Upload Permissions

ObsClient allows you to create a URL with Query parameters that carry authentication information by specifying the security credentials, request method, and request parameters. You can share this URL with other users for them to make a temporary access. You need to specify the validity period of the temporary URL to restrict the allowed access duration.

Temporary URLs allow third-party users to upload objects without security credentials or authorization. OBS stores the objects uploaded by third-party users in a specified bucket.

For details, see Accessing OBS Using a Temporary URL.