Signing Requests

Requests made to ACRCloud must be signed – they must include information that ACRCloud can use to authenticate the request. Requests are signed using the account access key and account access secret which can found within the users account.

Create a String to Sign

Using content from the request (the algorithm, access_key, HTTP Method, request URI,  timestamp), you create a string to sign.

The following is the string-to-sign format that ACRCloud uses to calculate a signature. For signatures to match, you must create a string in this format:


  • HTTPMethod is one of the HTTP methods, for example GET, PUT, HEAD, and DELETE.
  • HTTPURI is the URI-encoded version of the absolute path component of the URI—everything starting with the “/” that follows the domain name and up to the end of the string or to the question mark character (‘?’) if you have query string parameters. For example, in the URI

    /v1/audios is the absolute path. In the absolute path, you don’t encode the “/”.
  • AccessKey is generated from your account settings.
  • Signature-Version is the version of the algorithm to calculate the signature. The current version is 1, using the HMAC-SHA1 algorithm
  • Timestamp is the time since the Epoch (e.g. 00:00:00 UTC, January 1, 1970).

Example:String to Sign

If you want upload a audio file to ACRCloud, the request url is:

and the string-to-sign is

Create Signature

You calculate the signature by performing a keyed hash operation on the string-to-sign, using the secret key as the hash key. Finally, you add the signature to the header or in the query string of the request.

Examples: Signature Calculations

Python example

PHP example

Request Header With Signature Content

You should put the signature content in the HTTP Request Header.