Release Notes and Announcements

Release Notes

Announcements

Product Introduction

Overview

Features

Use Cases

Strengths

Concepts

Regions and Access Endpoints

Specifications and Limits

Service Regions and Service Providers

Billing

Billing Overview

Billing Method

Billable Items

Free Tier

Billing Examples

Viewing and Downloading Bill

Payment Overdue

FAQs

Getting Started

Console

Getting Started with COSBrowser

User Guide

Creating Request

Bucket

Object

Data Management

Batch Operation

Global Acceleration

Monitoring and Alarms

Operations Center

Data Processing

Content Moderation

Smart Toolbox

Data Processing Workflow

Application Integration

User Tools

Tool Overview

Installation and Configuration of Environment

COSBrowser

COSCLI (Beta)

COSCMD

COS Migration

FTP Server

Hadoop

COSDistCp

HDFS TO COS

GooseFS-Lite

Online Tools

Diagnostic Tool

Use Cases

Overview

Access Control and Permission Management

Performance Optimization

Accessing COS with AWS S3 SDK

Data Disaster Recovery and Backup

Domain Name Management Practice

Image Processing

Audio/Video Practices

Workflow

Direct Data Upload

Content Moderation

Data Security

Data Verification

Big Data Practice

COS Cost Optimization Solutions

Using COS in the Third-party Applications

Migration Guide

Migrating Local Data to COS

Migrating Data from Third-Party Cloud Storage Service to COS

Migrating Data from URL to COS

Migrating Data Within COS

Migrating Data Between HDFS and COS

Data Lake Storage

Cloud Native Datalake Storage

Metadata Accelerator

GooseFS

Data Processing

Data Processing Overview

Image Processing

Media Processing

Content Moderation

File Processing Service

File Preview

Troubleshooting

Obtaining RequestId

Slow Upload over Public Network

403 Error for COS Access

Resource Access Error

POST Object Common Exceptions

API Documentation

Introduction

Common Request Headers

Common Response Headers

Error Codes

Request Signature

Action List

Service APIs

Bucket APIs

Object APIs

Batch Operation APIs

Data Processing APIs

Job and Workflow

Content Moderation APIs

Cloud Antivirus API

SDK Documentation

SDK Overview

Preparations

Android SDK

C SDK

C++ SDK

.NET(C#) SDK

Flutter SDK

Go SDK

iOS SDK

Java SDK

JavaScript SDK

Node.js SDK

PHP SDK

Python SDK

React Native SDK

Mini Program SDK

Error Codes

Harmony SDK

Endpoint SDK Quality Optimization

Security and Compliance

Data Disaster Recovery

Data Security

Cloud Access Management

FAQs

Common Request Headers

PDF

Mode fokus

Ukuran font

Terakhir diperbarui: 2025-11-24 17:14:27

Description
This document introduces the common request headers used when you use APIs. The headers mentioned in the following text will not be reiterated in subsequent specific API documentation.
List of Request Headers
Header Name
﻿
Description
﻿
Type
﻿
Mandatory
﻿
Authorization
Signature information that carries authentication information to verify the legitimacy of the request.
For public read objects, you do not need to carry this header. If you transmit the authentication information through request parameters, you do not need to carry this header. For details, see Request Signature.
string
Yes
For public read objects or authentication information transmitted through request parameters, this header is optional.
Content-Length
Content length of an HTTP request defined in RFC 2616, which is measured in bytes.
integer
For PUT and POST requests (excluding PUT Object requests specifying the Transfer-Encoding request header), this header is mandatory.
For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Content-Type
HTTP request content type (MIME) defined in RFC 2616， such as application/xml or image/jpeg.
string
For PUT and POST requests that contain a request body, this header is mandatory.
For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Content-MD5
Base64 encoding format of the 16-byte binary MD5 hash value of the request body content defined in RFC 1864, which is used for integrity checks to verify whether the request body has undergone changes during transmission. The final value length should be 24 characters. Ensure that the correct methods and parameters are used when writing code. For instance, ZzD3iDJdrMAAb00lgLLeig==.
string
For PUT and POST requests that have a request body (excluding POST Object), this header is mandatory.
For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Date
Current time in GMT format defined in RFC 1123, for instance, Wed, 29 May 2019 04:10:12 GMT.
string
No
Host
Requested host, formatted as <BucketName-APPID>.cos.<Region>.myqcloud.com.
string
Yes
x-cos-security-token
Security token field required when the temporary security credentials are used. For details, refer to the instructions related to temporary security credentials.
string
No
When temporary keys are used and authentication information are carried via Authorization, this header is mandatory.
Dedicated Headers for SSE
For interfaces that support server-side encryption (SSE), the following request headers are applicable based on different encryption methods. Refer to the specific interface documentation to determine the applicability of SSE. The necessity of the following headers is only for scenarios that use SSE. If the request does not support SSE interfaces or does not use SSE, there is no need to carry the following headers. For more details, refer to the SSE overview.
SSE-COS
Header Name
Description
Type
Mandatory
x-cos-server-side-encryption
SSE algorithm, which is specified as AES256 when SSE-COS is used.
string
When uploading or duplicating objects (including simple uploading/duplication and multipart uploading/duplication), carrying this header will employ SSE-COS encryption. If this header is not carried, encryption will be implemented based on the bucket encryption configuration.  This header cannot be specified when you download objects.
SSE-KMS
Header Name
Description
Type
Mandatory
x-cos-server-side-encryption
SSE algorithm, which is specified as cos/kms when SSE-KMS is used.
﻿
string
When uploading or duplicating objects (including simple uploading/duplication and multipart uploading/duplication), carrying this header will employ SSE-KMS encryption. If this header is not carried, encryption will be implemented based on the bucket encryption configuration. This header cannot be specified when you download objects.
x-cos-server-side-encryption-cos-kms-key-id
When the value of x-cos-server-side-encryption is cos/kms, this header is used to designate the user primary key CMK of KMS. If this header is not specified, the default CMK created by COS is used. For more details, refer to SSE-KMS Encryption.
﻿
string
No
x-cos-server-side-encryption-context
When the value of x-cos-server-side-encryption is cos/kms, this header is used to specify the encryption context. The value is the Base64 encoding of the JSON formatted encryption context key-value pair. For instance, eyJhIjoiYXNkZmEiLCJiIjoiMTIzMzIxIn0=.
string
No
SSE-C
Header Name
Description
Type
Mandatory
x-cos-server-side-encryption-customer-algorithm
SSE algorithm. Currently only AES256 is supported.
﻿
string
Yes
x-cos-server-side-encryption-customer-key
Base64 encoding of the SSE key. For instance, MDEyMzQ1Njc4OUFCQ0RFRjAxMjM0NTY3ODlBQkNERUY=.
string
Yes
x-cos-server-side-encryption-customer-key-MD5
MD5 hash value of the SSE key, which is encoded in Base64. For instance, U5L61r7jcwdNvT7frmUG8g==.
string
Yes
Dedicated Headers for Object Lock
For interfaces that support object lock, the following object lock headers can be used for lock adding during the object uploading process. The necessity of the following headers is only applicable to scenarios using the object lock function. For more details, refer to Object Lock Overview.
Header Name
Description
Type
Mandatory
x-cos-object-lock-retain-until-date
Sets the object lock period, which is a timestamp used for setting the specific retention period. The value is represented in accordance with the ISO8601 standard and requires the use of the UTC time. For instance, 2022-02-17T10:30:09.000Z.
string
Yes
x-cos-object-lock-mode
Sets the object lock mode. The COMPLIANCE mode is supported.
string
Yes
﻿

Bantuan dan Dukungan

Apakah halaman ini membantu?

Anda juga dapat Menghubungi Penjualan atau Mengirimkan Tiket untuk meminta bantuan.

masukan

tencent cloud

Cloud Object Storage

Common Request Headers

Description

List of Request Headers

Dedicated Headers for SSE

SSE-COS

SSE-KMS

SSE-C

Dedicated Headers for Object Lock

Bantuan dan Dukungan

Header Name	Description	Type	Mandatory
Authorization	Signature information that carries authentication information to verify the legitimacy of the request. For public read objects, you do not need to carry this header. If you transmit the authentication information through request parameters, you do not need to carry this header. For details, see Request Signature.	string	Yes For public read objects or authentication information transmitted through request parameters, this header is optional.
Content-Length	Content length of an HTTP request defined in RFC 2616, which is measured in bytes.	integer	For PUT and POST requests (excluding PUT Object requests specifying the Transfer-Encoding request header), this header is mandatory. For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Content-Type	HTTP request content type (MIME) defined in RFC 2616， such as application/xml or image/jpeg.	string	For PUT and POST requests that contain a request body, this header is mandatory. For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Content-MD5	Base64 encoding format of the 16-byte binary MD5 hash value of the request body content defined in RFC 1864, which is used for integrity checks to verify whether the request body has undergone changes during transmission. The final value length should be 24 characters. Ensure that the correct methods and parameters are used when writing code. For instance, ZzD3iDJdrMAAb00lgLLeig==.	string	For PUT and POST requests that have a request body (excluding POST Object), this header is mandatory. For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Date	Current time in GMT format defined in RFC 1123, for instance, Wed, 29 May 2019 04:10:12 GMT.	string	No
Host	Requested host, formatted as <BucketName-APPID>.cos.<Region>.myqcloud.com.	string	Yes
x-cos-security-token	Security token field required when the temporary security credentials are used. For details, refer to the instructions related to temporary security credentials.	string	No When temporary keys are used and authentication information are carried via Authorization, this header is mandatory.