We frequently update our products, and Cloud Files is no exception. In this series of technical posts, we’ll dig into how developers using the Cloud Files API can leverage new capabilities in Rackspace Cloud Files.
The Temporary URL feature (TempURL) allows you to create limited-time Internet addresses which allow you to grant limited access to your Cloud Files account. Using TempURL, you may allow others to retrieve or put objects in your Cloud Files account for as long or as short a time as you wish. Access to the TempURL is independent of whether or not your account is CDN-enabled. Even if you don’t CDN-enable a directory, you can still grant temporary public access through a TempURL.
This feature is useful if you want to allow a limited audience to download a file from your Cloud Files account or website. You can give out the TempURL and know that after a specified time, no one will be able to access your object through the address. Or, if you want to allow your audience to upload objects into your Cloud Files account, you can give out a TempURL. After the specified time expires, no one will be able to upload to the address.
You may create multiple TempURLs for a single object in Cloud Files for the use case where you might have multiple customers paying for and downloading a specific file. Additionally, you need not worry about time running out when someone downloads a large object. If the time expires while a file is being retrieved, the download will continue until it is finished. Only the link will expire.
To create a Temporary URL, you must first set the metadata header X-Account-Meta-Temp-URL-Key on your Cloud Files account to a key that only you know. This key can be any arbitrary sequence as it is for encoding your account.
Once the key is set, you may not change it while you still want others to be able to access your TempURL. If you change it, the TempURL becomes invalid (within 60 seconds, which is the cache time for a key) and others will not be allowed to access it.
Set Account Metadata Key for Public Access
POST /<api version>/<account> HTTP/1.1 Host: storage.clouddrive.com X-Auth-Token: eaaafd18-0fed-4b3a-81b4-663c99ec1cbb X-Account-Meta-Temp-Url-Key: <your key>
Any 2xx response indicates success.
Create The TempURL
When you create a TempURL, Cloud Files validates a GET- or PUT-accessible URL which is time-limited.
After the metadata is set, you must create an HMAC-SHA1 (RFC 2104) signature. When you generate the TempURL, you determine which method of access you will grant users; GET or PUT. You also determine the path to the object or container you are granting access to. If you allow PUT access to your Cloud Files account, you must indicate the object prefix that will be used for each file uploaded. Lastly, set the time in UNIX epoch notation, which is when the TempURL expires.
In the Python example below, a URL is generated for an object (my_cat.jpg), which will be available for 60 seconds.
import hmac from hashlib import sha1 from time import time method = 'GET' expires = int(time() + 60) path = '/v1/AUTH_account/container/my_cat.jpg' key = 'mykey' hmac_body = '%s\n%s\n%s' % (method, expires, path) sig = hmac.new(key, hmac_body, sha1).hexdigest()
Be certain to use the full path, from the /v1/ onward.
In this example, the signature becomes da39a3ee5e6b4b0d3255bfef95601890afd80709 and expires is 1323479485. On your website, you would provide a link to the below URL:
https://storage.clouddrive.com/v1/AUTH_account/container/my_cat.jpg? temp_url_sig=da39a3ee5e6b4b0d3255bfef95601890afd80709& temp_url_expires=1323479485
If you do not provide users with the exact TempURL, they will get 401 (Unauthorized) status errors. HEAD queries are allowed if GET or PUT are allowed.
This is just one of many new features in Rackspace Cloud Files that developers can take advantage of. Cloud Files customers are urged to try out this new feature in their next API project or add it to a current application. If you’re not yet using Cloud Files, sign up for an account and check it out. And now, using Cloud Files is more affordable since we reduced the cost of Cloud Files by 33 percent.