Skip to main content

Overview

Temporary URLs (TempURLs) let you share individual objects from Xloud Object Storage with anyone — no Xloud account required — for a limited time window. The URL is cryptographically signed with an HMAC-SHA256 digest, so it cannot be guessed or extended. When the expiry time passes, the URL stops working automatically. Common use cases: pre-signed download links for customers, time-limited file sharing with external partners, secure upload URLs for untrusted clients, and CI/CD artifact distribution.
Prerequisites
  • Object Storage access with at least project member role
  • The python-swiftclient package installed (pip install python-swiftclient) or the openstack CLI
  • A Temporary URL key set on your account

Set a Temporary URL Key

Before generating TempURLs, set a secret key on your account. This key signs all TempURLs — keep it confidential.
Set account-level TempURL key
swift post -m "Temp-URL-Key: $(openssl rand -hex 32)"
Verify the key is set
swift stat | grep Temp-URL-Key
You can set a second key (Temp-URL-Key-2) to enable key rotation without invalidating existing URLs.

Generate a Temporary URL

The swift-temp-url command generates signed URLs directly:
Generate a 24-hour download URL
swift-temp-url GET 86400 \
  /v1/AUTH_<project-id>/my-container/my-file.zip \
  <your-tempurl-key>
This outputs a path like:
/v1/AUTH_abc123/my-container/my-file.zip?temp_url_sig=abc...&temp_url_expires=1742000000
Prepend your Swift endpoint to get the full URL:
Full shareable URL
echo "https://object.<your-domain>$(swift-temp-url GET 86400 /v1/AUTH_<project-id>/my-container/my-file.zip <key>)"

Upload-Only Temporary URLs

Generate a PUT TempURL to allow a client to upload a file to a specific object path without any read access:
Generate a 1-hour upload URL
swift-temp-url PUT 3600 \
  /v1/AUTH_<project-id>/uploads/submission.zip \
  <your-tempurl-key>
The client uploads with:
Client-side upload with TempURL
curl -X PUT \
  "https://object.<your-domain>/v1/AUTH_.../uploads/submission.zip?temp_url_sig=...&temp_url_expires=..." \
  --upload-file /local/path/submission.zip
PUT TempURLs allow anyone with the URL to overwrite the target object. Scope them to a unique object path and keep expiry windows short (minutes, not hours) for uploads.

URL Parameters Reference

ParameterDescription
temp_url_sigHMAC-SHA256 signature over method, expiry, and path
temp_url_expiresUnix timestamp after which the URL is invalid
temp_url_prefix(Optional) Restrict the URL to a path prefix instead of a single object
temp_url_ip_range(Optional) Restrict URL use to a specific IP or CIDR range
filename(Optional) Override the Content-Disposition filename in the browser download
Force a browser download filename
# Append &filename=report-q1.pdf to the TempURL
"https://object.<your-domain>/...?temp_url_sig=...&temp_url_expires=...&filename=report-q1.pdf"

Key Rotation

Rotate TempURL keys without immediately breaking existing URLs by using both key slots:

Set new key in slot 2

Add new key to slot 2
swift post -m "Temp-URL-Key-2: $(openssl rand -hex 32)"
Existing URLs signed with key 1 remain valid.

Migrate to new key

Update all URL generation processes to use the new key value from slot 2.

Replace old key

Once all old URLs have expired, move the new key to slot 1 and clear slot 2:
Promote new key to slot 1
NEW_KEY="your-new-key"
swift post -m "Temp-URL-Key: ${NEW_KEY}"
swift post -m "Temp-URL-Key-2:"

Security Considerations

Set the minimum expiry needed for the use case. Downloads that should complete in minutes should not have 24-hour URLs. An attacker who intercepts a URL has access until expiry.
The temp_url_ip_range parameter restricts URL use to a specific source IP or CIDR:
Restrict to a single IP
# Add to the signed path parameters before generating
swift-temp-url GET 3600 \
  "/v1/AUTH_.../sensitive.zip?temp_url_ip_range=203.0.113.5" \
  <key>
The TempURL key signs all URLs for your account. Treat it like a password. Do not embed it in client-side code, public repositories, or logs. Rotate it if exposure is suspected.

Next Steps

Access Control

Container ACLs and account-level access policies for permanent access grants

Object Versioning

Retain previous versions of objects to recover from accidental overwrites

Large Objects

Upload objects larger than 5 GB using multi-part Static or Dynamic Large Objects

Object Storage Security

Server-side encryption, TLS, and hardening guidance for object storage