Object is the basic unit of storage in COS, which can be understood as data in any format, such as images, documents, and audio/video files. Bucket is the carrier of objects. One bucket can contain any number of objects. Different storage classes can be specified for objects in COS. For more information, see Storage Class Overview.
Each object consists of an object key (ObjectKey), an object value (Value), and object metadata (Metadata).
An object in COS must contain a valid object key (ObjectKey), which is its unique identifier in a bucket.
For example, in an object's access address
examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com/folder/picture.jpg, the object key is
/) or a backslash (
The following are examples of valid object key names:
Certain characters may need to be URL- encoded or referenced in the hexadecimal format. Some of them are non-printable characters and your browser might not be able to handle them. They'd require special handling, as shown below:
|?||ASCII character range: 00-1F hexadecimal (0-31 decimal) and 7F (127 decimal)||(space)|
There are also some characters that require heavy special handling to maintain consistency across all applications, so we recommend you avoid them directly, as shown below:
The access address of an object consists of a bucket access address and an object key in the format of
<bucket domain="" name="">/<object key="">.
For example, when you upload the
exampleobject.txt object to the
examplebucket-1250000000 bucket in Guangzhou (South China), the access address for
As COS comes with no folders or directories, it will not create a
project folder for uploading the object
project/a.txt. To make it easier for you to get started, COS simulates the display mode of "folder" or "directory" in the console and graphical tools such as COSBrowser. This is implemented by creating an empty object with a key value of
project/ and displaying it as a traditional folder.
For example, when you upload the object
project/doc/a.txt through APIs or SDKs, the delimiter
/ simulates the display mode of "folder", and you can see the folders
doc in the console. The folder
doc is displayed under the folder
project and contains the file
Objects in the bucket are evenly distributed among distributed clusters. Therefore, you cannot directly get the size of all objects with a specified object key prefix. Instead, you can accumulate the size of each object to get the full size.
Deleting folders and directories is relatively complicated, as shown below:
|Deletion Means||Object or Folder Deletion||Result|
||All objects with the object key prefix
|API and SDK||Object
Metadata (or HTTP header) is a set of key-value pairs in an object. It is the string sent by the server before the server sends HTML data over HTTP protocol to the browser. Modifying the HTTP header when uploading an object can alter page response forms or communicate configuration information, such as modifying caching time.
There are two types of metadata: system metadata and user-defined metadata.
Modifying an object's HTTP header does not modify the object itself.
This refers to the attribute information of the object, such as object modification time, object size, and storage class.
|Content-Length||Length in bytes of the content of an HTTP request defined in RFC 2616|
|Last-Modified||The creation date or last modified date (whichever is later) of the object|
|x-cos-version-id||Object version ID. If versioning is enabled for a bucket, the version ID of the object will be returned to identify the historical versions of the object|
|ETag||Indicates the MD5 value of an object uploaded by calling PUT Object, or the unique ID of an object uploaded by multipart upload or a historical version of API, which cannot perform check though|
This refers to the object's custom parameters, such as Content-Type, Cache-Control, Expires, and x-cos-meta-*. For more information, see Custom Object Headers.
|Cache-Control||The caching policy as defined in RFC 2616; saved as part of object metadata|
|File name/encoding format/content type (MIME) as defined in RFC 2616; saved as part of object metadata|
|Expires||The cache expiration time as defined in RFC 2616; saved as part of object metadata|
|x-cos-acl||Defines ACL attributes of the object. Valid values: private, public-read-write, public-read. Default value: private|
|x-cos-grant-*||Grants the grantee permissions|
|x-cos-meta-*||User-defined headers; returned as part of object metadata with a size up to 2 KB|
|x-cos-storage-class||Storage class of the object; enumerated values: STANDARD, STANDARD_IA, ARCHIVE. Default value: STANDARD|
|x-cos-server-side-encryption||Specifies whether to enable server-side encryption for the object and the encryption method|
You can manage objects through the Tencent Cloud console, tools, APIs, and SDKs.
- Use simple upload for objects less than 5 GB.
- Multipart upload is limited to no more than 10,000 parts (each in 5 GB) and a maximum object size of around 48.82 TB. For more information on the use limits, see Specifications and Limits.
After an object is uploaded, you can configure it in the console. For more information, see:
COS has subresources that are associated with buckets and objects. Subresources are subordinates to objects, so they do not exist on their own. They are always associated with other entities such as objects or buckets. An access control list (ACL) is the access control information list for a specific object, which is a subresource of a COS object.
An ACL contains an authorization list that identifies authorized users and the granted permissions to implement access control on the object. When you create an object, ACL identifies the object owner who can fully control the object. You can retrieve the object ACL or replace it with a new authorization list.
To update an ACL, you can only do so by replacing it.
COS supports setting two types of permissions to objects: public permissions and user permissions.
Public permissions: Includes Inherit Permission, Private Read/Write, and Public Read/Private Write.
User permissions: A root account has all the permissions (full access) for buckets by default. In addition, you can add sub-accounts that are granted permissions to read/write data and permissions, and even full access.
Allow public access to a specified object in a Private Read/Write bucket or require authentication for a specific object in a Public Read/Write bucket.