Expand description
Utilities for signing and verifying pre-signed URLs.
A pre-signed URL lets a client that owns an Ed25519 keypair hand out a time-limited URL that authorizes a specific request.
Experimental: pre-signed URLs are an experimental feature and this API may change in a future release.
Example:
GET /v1/objects/<usecase>/<scopes>/<key>
?os_timestamp=2026-04-20T13:37:00.00Z
&os_duration=3600
&os_kid=relay
&os_sig=<signature>The signature covers a canonical form of the request.
§Canonical form
The canonical form is comprised of three newline-separated components:
<normalized method>\n
<path>\n
<canonical query string>- normalized method: the uppercase HTTP method, with
HEADmapped toGET; - path: the request path, included verbatim as transmitted/received on the wire;
- canonical query string: every query parameter except
os_sig, with keys lowercased, sorted lexicographically by name and value, joined with&.
Structs§
- Canonical
Request - The canonical form of a request to be signed or verified.
- Dalek
Signing Key - ed25519 signing key which can be used to produce signatures.
- Dalek
Verifying Key - An ed25519 public key.
Enums§
- Error
- Errors returned when verifying a pre-signed request signature.
Constants§
- PARAM_
DURATION - Query parameter carrying the validity duration, in seconds.
- PARAM_
KID - Query parameter naming the key ID used to sign the request.
- PARAM_
SIG - Query parameter carrying the base64url-encoded signature.
- PARAM_
TIMESTAMP - Query parameter carrying the time at which the request was signed.
Type Aliases§
- Signing
Key - An Ed25519 signing key.
- Verifying
Key - An Ed25519 verifying key.