By default, the owner of a bucket pays all fees that are generated for the bucket. However, you can enable pay-by-requester for a bucket to let authenticated requesters pay for the requests, data processing, and traffic generated when they access the data in the bucket. You pay only other fees, such as storage fees. You can enable pay-by-requester to share your data in a bucket without paying fees that are generated by access to the data by other requesters.
Scenarios
Share large datasets. For example, a research institute uploads a public dataset that includes postal code directories, reference data, geospatial information, or data collected by web crawlers to an OSS bucket and wants to make the dataset accessible to all customers. In addition, the research institute wants requesters to pay the request and traffic fees that are generated by their access to the dataset.
To meet this business requirement, the research institute can configure the following settings in OSS:
Set the access control list (ACL) of the bucket in which the public dataset is stored to public-read. For more information, see Bucket ACLs.
Enable pay-by-requester for the bucket.
Deliver production data to your customers or partners. For example, you want to make your production data in OSS accessible to your partners and let your partners pay the request and traffic fees when they download the production data.
To meet this business requirement, you can configure the following settings in OSS:
Set the ACL of the bucket in which the production data is stored to private. For more information, see Bucket ACLs.
Enable pay-by-requester for the bucket.
Use bucket policies to grant your partners permissions to access the production data in the bucket. For more information, see Tutorial: Authorize a RAM user in another Alibaba Cloud account by adding a bucket policy.
ImportantMake sure that you grant permissions to the RAM users of your partners to access the production data in the bucket. For the purposes of pay-by-requester, do not share the AccessKey pairs of RAM users of your Alibaba Cloud account with your partners. Otherwise, you are charged the request and traffic fees because the requesters use the RAM users of your Alibaba Cloud account to access the production data.
Request methods
Requests from anonymous users are not allowed
If you enable pay-by-requester for a bucket, anonymous users cannot access the bucket. Requesters must provide authentication information. OSS can identify requesters based on the given information. This way, the requesters are charged request and traffic fees.
If a requester uses a RAM user of an Alibaba Cloud account to request data, the Alibaba Cloud account to which the RAM user belongs is charged for the requests sent by the requester and the generated traffic.
Requests must contain the
x-oss-request-payer
headerIf you enable pay-by-requester for a bucket, requesters must specify the
x-oss-request-payer
header in the requests to the bucket and set the value of the header to requester. This confirms that the requesters understand that they are charged for the requests and traffic. Otherwise, the requests cannot be authenticated.POST, GET, and HEAD requests must contain the
x-oss-request-payer:requester
header. For more information, see Include a V4 signature in the Authorization header (recommended).Requests that use signed URLs must contain the
x-oss-request-payer=requester
header. For more information, see Include a V4 signature in the Authorization header (recommended).
Bucket owners do not need to contain the
x-oss-request-payer
header in the requests that are sent to access their buckets. Bucket owners are charged for their own requests and generated traffic.
Billing
Before pay-by-requester is enabled for a bucket, the owner of the bucket pays all fees associated with the bucket. After pay-by-requester is enabled for the bucket, billable items that apply to the bucket owner are different from those before pay-by-requester is enabled. The following table lists billable items on bucket owners and requesters after pay-by-requester is enabled.
Billing category | Billable item | Payer |
Storage usage of Standard LRS objects | Bucket owner | |
Storage usage of Standard ZRS objects | Bucket owner | |
Storage usage of IA LRS objects | Bucket owner | |
Storage usage of IA ZRS objects | Bucket owner | |
Storage usage of Archive LRS objects | Bucket owner | |
Storage usage of Archive ZRS objects | Bucket owner | |
Storage usage of Cold Archive LRS objects | Bucket owner | |
Storage usage of Deep Cold Archive LRS objects | Bucket owner | |
Storage usage of IA LRS objects that are stored for less than the minimum storage duration | Bucket owner | |
Storage usage of Archive LRS objects that are stored for less than the minimum storage duration | Bucket owner | |
Storage usage of Archive ZRS objects that are stored for less than the minimum storage duration | Bucket owner | |
Storage usage of Cold Archive objects that are stored for less than the minimum storage duration | Bucket owner | |
Storage usage of Deep Cold Archive objects that are stored for less than the minimum storage duration | Bucket owner | |
Outbound traffic over the Internet | Requester | |
Inbound traffic over the Internet | Free of charge | |
Outbound traffic over the internal network | Free of charge | |
Inbound traffic over the internal network | Free of charge | |
Origin traffic | Requester | |
CRR traffic | Bucket owner | |
Number of PUT requests | Requester | |
Number of GET requests | Requester | |
Data retrieval requests | Bucket owner | |
Scanned data capacity for SelectObject | Bucket owner | |
Retrieval of IA objects | Requester | |
Retrieval of Archive objects | Requester | |
Retrieval of Archived objects for which real-time access is enabled | Bucket owner | |
Retrieval of Cold Archive objects | Bucket owner | |
Retrieval of Deep Cold Archive objects | Bucket owner | |
Object tagging | Bucket owner | |
AccM2MIn | Bucket owner | |
AccM2MOut | Bucket owner | |
AccM2OIn | Bucket owner | |
AccM2OOut | Bucket owner | |
AccO2MIn | Bucket owner | |
AccO2MOut | Bucket owner | |
AccO2OIn | Bucket owner | |
AccO2OOut | Bucket owner | |
Temporary replica (LRS) capacity | Bucket owner | |
Reserved OSS DDoS protection instances | Bucket owner | |
Remaining duration of OSS DDoS protection instances released within the minimum usage duration | Bucket owner | |
Traffic protected by OSS DDoS protection instances | Bucket owner | |
API requests protected by OSS DDoS protection instances | Bucket owner | |
Metadata management | In public preview and free of charge | |
Bucket query | In public preview and free of charge | |
RTC-enabled CRR tasks | Bucket owner |
*1 If requesters do not include the x-oss-request-payer:requester
header in the GET, HEAD, or POST request, the bucket owner is charged for PUT and GET requests.