CDNetworks ドキュメントセンター Object Storage API Include Signatures in Authorization Header

Include Signatures in Authorization Header

最終更新日:2022-04-15 16:20:52

Assuming that you want to send a HTTP request from your client to OS, without any signing information. The request is as follows:

DELETE /mine-type.mp4 HTTP/1.1
Host: wcstest-r9-private.s3-cn-south-1.wcsapi.com
Range:0-9
x-wos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-wos-date:20201103T104419Z

After completing the signing steps, you can add the authentication information to the request with an Authorization header, which includes:

  • Algorithm you used for signing (WOS-HMAC-SHA256)
  • Credential scope (with your access key ID)
  • List of signed headers
  • Calculated signature.

The request looks like:

DELETE /mine-type.mp4 HTTP/1.1
Host: wcstest-r9-private.s3-cn-south-1.wcsapi.com
Authorization: WOS-HMAC-SHA256 Credential=2cd1baf7681435ce4a298e9df3eb36958e725394/20201103/cn-south-1/wos/wos_request, SignedHeaders=host;x-wos-content-sha256;x-wos-date, Signature=0243fe336dc075f95add64c5fe980ae6fd0446b243e0f301e4ad75d32d96dc6a
Range:0-9
x-wos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-wos-date:20201103T104419Z

Example 1 DeleteObject

The data used in the example is as follows:

AccessKeyId: 2cd1baf7681435ce4a298e9df3eb36958e725394
SecretKey: 968d43bc594af8622923d0681ddc367b35a8b23b
Request timestamp: 20201103T104419Z
Bucket name is: wcstest-r9-private
Storage area: cn-south-1

Assuming that the file /mine-type.mp4 is deleted from wcstest-r9-private, the request is as follows:

DELETE /mine-type.mp4 HTTP/1.1
Host: wcstest-r9-private.s3-cn-south-1.wcsapi.com
Authorization: <Authorization>
Range:0-9
x-wos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-wos-date:20201103T104419Z

Note: Because the download request does not need to provide the body content, the value of x-wos-content-sha256 is the hash value of the empty request body.

The steps to calculate the Signature and construct the Authorization header are as follows:

  1. CanonicalRequest
DELETE
/mine-type.mp4
 
host:wsmooc.avinfo.cloudv.haplat.net
x-wos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-wos-date:20201103T104419Z
 
host;x-wos-content-sha256;x-wos-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Note: The CanonicalQueryString requested by DeleteObject is empty, so the third line is a blank line.

  1. StringToSign
WOS-HMAC-SHA256
20201103T104419Z
20201103/cn-south-1/wos/wos_request
55f35c488a08877ce1bec27b2d852b4d242a135df3e9bc3bd60be027df455216

  1. SigningKey
SingingKey = HMAC-SHA256(HMAC-SHA256(HMAC-SHA256(HMAC-SHA256("WOS" + "EfxET06Dvb2cahG8OBtZH9WRqkB3EXAMPLEKEY","20201103"),"cn-south-1"),"wos"),"wos_request")

  1. Signature
0243fe336dc075f95add64c5fe980ae6fd0446b243e0f301e4ad75d32d96dc6a

  1. Authorization header
WOS-HMAC-SHA256 Credential=2cd1baf7681435ce4a298e9df3eb36958e725394/20201103/cn-south-1/wos/wos_request, SignedHeaders=host;x-wos-content-sha256;x-wos-date, Signature=0243fe336dc075f95add64c5fe980ae6fd0446b243e0f301e4ad75d32d96dc6a

Example 2 GetAvinfo

The data used in the example is as follows:

  • AccessKeyId: AKLTAIHGXsvVYxTEXAMPLE
  • SecretKey: EfxET06Dvb2cahG8OBtZH9WRqkB3EXAMPLEKEY
  • Request timestamp: 20201103T104419Z
  • The space name is: wsmooc
  • Storage area: cn-east-2

Assuming that the avinfo information of /video/20201029/0f3de4278bd6438eb871a6daa43c6305/5555555582qq77n8555602653pp77282_b67923f7d7b2459091621637b1808ab3.mp4 is obtained from wsmooc, the request is as follows:

GET /video/20201029/0f3de4278bd6438eb871a6daa43c6305/5555555582qq77n8555602653pp77282_b67923f7d7b2459091621637b1808ab3.mp4?avinfo HTTP/1.1
Host: wsmooc.avinfo.cloudv.haplat.net
Authorization: <Authorization>
x-wos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-wos-date:20201103T104419Z

Note: Because the download request does not need to provide the body content, the value of x-wos-content-sha256 is the hash value of the empty request body.

The steps to calculate the Signature and construct the Authorization header are as follows:

  1. CanonicalRequest
GET
/video/20201029/0f3de4278bd6438eb871a6daa43c6305/5555555582qq77n8555602653pp77282_b67923f7d7b2459091621637b1808ab3.mp4
avinfo=
host:wsmooc.avinfo.cloudv.haplat.net
x-wos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-wos-date:20201103T104419Z
 
host;x-wos-content-sha256;x-wos-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

  1. StringToSign
WOS-HMAC-SHA256
20201103T104419Z
20201103/cn-east-2/wos/wos_request
0788dd8e9b3a088477031b2127ac05bfcf960229a636adb54cb387df1e1cb096

  1. SigningKey
SingingKey = HMAC-SHA256(HMAC-SHA256(HMAC-SHA256(HMAC-SHA256("WOS" + "EfxET06Dvb2cahG8OBtZH9WRqkB3EXAMPLEKEY","20201103"),"cn-east-2"),"wos"),"wos_request")

  1. Signature
335265293972c56fa6e0c4453a86c7aa32610e6a6d6809dac4e9fb64700296ed


  1. Authorization header
WOS-HMAC-SHA256 Credential=AKLTAIHGXsvVYxTEXAMPLE/20201103/cn-east-2/wos/wos_request, SignedHeaders=host;x-wos-content-sha256;x-wos-date, Signature=335265293972c56fa6e0c4453a86c7aa32610e6a6d6809dac4e9fb64700296ed