doc-exports/docs/obs/s3api/en-us_topic_0125560420.html

<a name="EN-US_TOPIC_0125560420"></a><a name="EN-US_TOPIC_0125560420"></a>

<h1 class="topictitle1">V4 Temporarily Authorized Request</h1>
<div id="body40905261"><p id="EN-US_TOPIC_0125560420__p3011995">The authentication information in V4 temporarily authorized requests is delivered using the query parameters. The URL of V4 temporary authentication has six mandatory query parameters unlike V2 authentication. The following is an example of a V4 temporarily authorized request.</p>
<pre class="screen" id="EN-US_TOPIC_0125560420__screen27107960">https://bucketname.obs.example.com/test.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=AKIAIOSFODNN7EXAMPLE%2F20150524%2Fregion-1%2Fs3%2Faws4_request&amp;X-Amz-Date=20150524T000000Z&amp;X-Amz-Expires=86400&amp;X-Amz-SignedHeaders=host&amp;X-Amz-Signature=&lt;signature-value&gt;</pre>
<p id="EN-US_TOPIC_0125560420__p42645048"><a href="#EN-US_TOPIC_0125560420__table43771375">Table 1</a> lists the six mandatory query parameters.</p>

<div class="tablenoborder"><a name="EN-US_TOPIC_0125560420__table43771375"></a><a name="table43771375"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0125560420__table43771375" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Six mandatory query parameters</caption><thead align="left"><tr id="EN-US_TOPIC_0125560420__row17706563"><th align="left" class="cellrowborder" valign="top" width="35.9%" id="mcps1.3.4.2.3.1.1"><p id="EN-US_TOPIC_0125560420__p24945537">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="64.1%" id="mcps1.3.4.2.3.1.2"><p id="EN-US_TOPIC_0125560420__p7322627">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0125560420__row56261938"><td class="cellrowborder" valign="top" width="35.9%" headers="mcps1.3.4.2.3.1.1 "><p id="EN-US_TOPIC_0125560420__p60923125">X-Amz-Algorithm</p>
</td>
<td class="cellrowborder" valign="top" width="64.1%" headers="mcps1.3.4.2.3.1.2 "><p id="EN-US_TOPIC_0125560420__p35826101">Indicates the AWS signature algorithm.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560420__row16233049"><td class="cellrowborder" valign="top" width="35.9%" headers="mcps1.3.4.2.3.1.1 "><p id="EN-US_TOPIC_0125560420__p39808586">X-Amz-Credential</p>
</td>
<td class="cellrowborder" valign="top" width="64.1%" headers="mcps1.3.4.2.3.1.2 "><p id="EN-US_TOPIC_0125560420__p3269999">In addition to the <strong id="EN-US_TOPIC_0125560420__b41961348185112">access key ID</strong>, region and service information must be provided. The information must be the same as that used to calculate the <strong id="EN-US_TOPIC_0125560420__b63543344">Signing Key</strong>. The value of this parameter is expressed in the following format:</p>
<p id="EN-US_TOPIC_0125560420__p35019191">&lt;your-access-key-id&gt;/&lt;date&gt;/&lt;AWS-region&gt;/&lt;AWS-service&gt;/aws4_request.OBS region</p>
<p id="EN-US_TOPIC_0125560420__p46737271">The value is the same as that used for common authentication.</p>
<p id="EN-US_TOPIC_0125560420__p17982255">Example:</p>
<p id="EN-US_TOPIC_0125560420__p27622569">AKIAIOSFODNN7EXAMPLE/20150721/region-1/s3/aws4_request</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560420__row22835632"><td class="cellrowborder" valign="top" width="35.9%" headers="mcps1.3.4.2.3.1.1 "><p id="EN-US_TOPIC_0125560420__p37746932">X-Amz-Date</p>
</td>
<td class="cellrowborder" valign="top" width="64.1%" headers="mcps1.3.4.2.3.1.2 "><p id="EN-US_TOPIC_0125560420__p37602652">Indicates the request generation time. It is in the ISO 8601 format. The value must be the same as that used for signature calculation.</p>
<p id="EN-US_TOPIC_0125560420__p2879553">Example:</p>
<p id="EN-US_TOPIC_0125560420__p25915985">20150721T201207Z</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560420__row18820026"><td class="cellrowborder" valign="top" width="35.9%" headers="mcps1.3.4.2.3.1.1 "><p id="EN-US_TOPIC_0125560420__p48027136">X-Amz-Expires</p>
</td>
<td class="cellrowborder" valign="top" width="64.1%" headers="mcps1.3.4.2.3.1.2 "><p id="EN-US_TOPIC_0125560420__p64992778">Indicates the URL expiration time. The value is an integer expressed in seconds such as 86,400 seconds (24 hours). It ranges from 1 to 604,800 (7 days). The maximum validity period of the URL is 7 days because the validity period for <strong id="EN-US_TOPIC_0125560420__b1072915419511">Signing Key</strong> calculation is 7 days.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560420__row29923648"><td class="cellrowborder" valign="top" width="35.9%" headers="mcps1.3.4.2.3.1.1 "><p id="EN-US_TOPIC_0125560420__p7896460">X-Amz-SignedHeaders</p>
</td>
<td class="cellrowborder" valign="top" width="64.1%" headers="mcps1.3.4.2.3.1.2 "><p id="EN-US_TOPIC_0125560420__p35633491">Indicates the header list for signature calculation. The HTTP host header is mandatory. All headers that start with <strong id="EN-US_TOPIC_0125560420__b52265969">x-amz-*</strong> must be used to calculate signatures and contained in the header list. All request headers must be included to ensure security.</p>
<div class="warning" id="EN-US_TOPIC_0125560420__note3414026722559"><span class="warningtitle"> WARNING: </span><div class="warningbody"><p id="EN-US_TOPIC_0125560420__p3882695522559">If headers contain <em id="EN-US_TOPIC_0125560420__i12139152853210">gzip</em>, <em id="EN-US_TOPIC_0125560420__i213982814328">no-cache</em>, <em id="EN-US_TOPIC_0125560420__i15139172813329">chunked</em>, <em id="EN-US_TOPIC_0125560420__i1139152813322">identity</em>, <em id="EN-US_TOPIC_0125560420__i5139152812323">keep-alive</em>, <em id="EN-US_TOPIC_0125560420__i171391928143218">bytes</em>, and <em id="EN-US_TOPIC_0125560420__i3139142818326">close</em>, please use lowercase letters. Otherwise, you will receive a <strong id="EN-US_TOPIC_0125560420__b9182141414523">SignatureDoesNotMatch</strong> error response.</p>
</div></div>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560420__row631679"><td class="cellrowborder" valign="top" width="35.9%" headers="mcps1.3.4.2.3.1.1 "><p id="EN-US_TOPIC_0125560420__p51166072">X-Amz-Signature</p>
</td>
<td class="cellrowborder" valign="top" width="64.1%" headers="mcps1.3.4.2.3.1.2 "><p id="EN-US_TOPIC_0125560420__p50811173">Indicates the signature of a request.</p>
<p id="EN-US_TOPIC_0125560420__p54647379">Example:</p>
<p id="EN-US_TOPIC_0125560420__p22064367">733255ef022bec3f2a8701cd61d4b371f3f28c9f193a1f02279211d48d5193d7</p>
</td>
</tr>
</tbody>
</table>
</div>
<p id="EN-US_TOPIC_0125560420__p31696882"></p>
<p id="EN-US_TOPIC_0125560420__p30089393155632"><a href="#EN-US_TOPIC_0125560420__fig11837114385216">Figure 1</a> shows the signature computing process of V4 temporarily authorized requests.</p>
<div class="fignone" id="EN-US_TOPIC_0125560420__fig11837114385216"><a name="EN-US_TOPIC_0125560420__fig11837114385216"></a><a name="fig11837114385216"></a><span class="figcap"><b>Figure 1 </b>Signature calculation process of V4 temporarily authorized requests</span><br><span><img id="EN-US_TOPIC_0125560420__image188374437521" src="en-us_image_0125560454.png" title="Click to enlarge" class="imgResize"></span></div>
<p id="EN-US_TOPIC_0125560420__p59984603">The signature calculation process of V4 temporarily authorized requests is the same as that of V4 common requests. The only difference lies in the <strong id="EN-US_TOPIC_0125560420__b45905321">Hashed Payload</strong> value that is used to calculate the signature of <strong id="EN-US_TOPIC_0125560420__b10494712">Canonical Request</strong>. The <strong id="EN-US_TOPIC_0125560420__b27343545">Hashed Payload</strong> value is the fixed character string: <strong id="EN-US_TOPIC_0125560420__b22285507203537">UNSIGNED-PAYLOAD</strong>.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0125560435.html">Authenticating a Request</a></div>
</div>
</div>


<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>