13.1.2. Create the TempURL

After the metadata is set, you must create an HMAC-SHA1 (RFC 2104) signature. When you generate the TempURL, you determine which method of access you will grant users, GET or PUT. You also determine the path to the object to which you are granting access. Lastly, you set the time for your TempURL to expire in UNIX epoch notation.

In the following examples, a TempURL that will be available for 60 seconds is generated for the my_cat.jpg object. The key in the examples is the value of X-Account-Meta-Temp-Url-Key.


Example 13.2. Create TempURL (in Python)

  import hmac
  from hashlib import sha1
  from sys import argv
  from time import time

  if len(argv) != 5:
    print 'Syntax: <method> <url> <seconds> <key>'
    print 'Example: GET https://storage101.dfw1.clouddrive.com/v1/' \
        'MossoCloudFS_12345678-9abc-def0-1234-56789abcdef0/' \
        'container/my_cat.jpg 60 my_shared_secret_key'
    method, url, seconds, key = argv[1:]
    method = method.upper()
    base_url, object_path = url.split('/v1/')
    object_path = '/v1/' + object_path
    seconds = int(seconds)
    expires = int(time() + seconds)
    hmac_body = '%s\n%s\n%s' % (method, expires, object_path)
    sig = hmac.new(key, hmac_body, sha1).hexdigest()
    print '%s%s?temp_url_sig=%s;temp_url_expires=%s' % \
        (base_url, object_path, sig, expires)

Be certain to use the full URL to the object, just as you would with a normal request.

In this example, the signature might be da39a3ee5e6b4b0d3255bfef95601890afd80709 and the expire time might translate to 1323479485 because the signature and expire time completely depend on the time when the code runs. On your website, you would provide a link to the following URL:


If you do not provide users with the exact TempURL, they get a 401 (Unauthorized) status code. HEAD queries are allowed if GET or PUT operations are allowed.


Example 13.3. Create TempURL (in PHP)

  if ($argc != 5) {
      echo "Syntax: <method> <url> <seconds> <key>";
      echo "Example: GET https://storage101.dfw1.clouddrive.com/v1/" .
           "MossoCloudFS_12345678-9abc-def0-1234-56789abcdef0/" .
           "container/my_cat.jpg 60 my_shared_secret_key";
  } else {
    $method = $argv[1];
    $url = $argv[2];
    $seconds = $argv[3];
    $key = $argv[4];
    $method = strtoupper($method);
    list($base_url, $object_path) =  split("/v1/", $url);
    $object_path = "/v1/$object_path";
    $seconds = (int)$seconds;
    $expires = (int)(time() + $seconds);
    $hmac_body = "$method\n$expires\n$object_path";
    $sig = hash_hmac("sha1", $hmac_body, $key);
    echo "$base_url$object_path?" .


Example 13.4. Create TempURL (in Ruby)

  require "openssl"

  unless ARGV.length == 4
      puts "Syntax: <method> <url> <seconds> <key>"
      puts ("Example: GET https://storage101.dfw1.clouddrive.com/v1/" +
          "MossoCloudFS_12345678-9abc-def0-1234-56789abcdef0/" +
          "container/path/to/object.file 60 my_shared_secret_key")
      method, url, seconds, key = ARGV
      method = method.upcase
      base_url, object_path = url.split(/\/v1\//)
      object_path = '/v1/' + object_path
      seconds = seconds.to_i
      expires = (Time.now + seconds).to_i
      hmac_body = "#{method}\n#{expires}\n#{object_path}"
      sig = OpenSSL::HMAC.hexdigest("sha1", key, hmac_body)
      puts ("#{base_url}#{object_path}?" +

loading table of contents...