- Release Notes
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Bucket Management
- Bucket Overview
- Creating Buckets
- Deleting Buckets
- Querying Buckets
- Empty Buckets
- Setting Access Permission
- Setting Bucket Encryption
- Setting Hotlink Protection
- Setting Origin-Pull
- Setting Cross-Origin Access
- Setting Versioning
- Setting up a Static Website
- Setting Lifecycle
- Setting Logging
- Accessing Bucket List Using Sub-Account
- Adding Bucket Policies
- Setting INTELLIGENT TIERING
- Enabling Inventory
- Domain Name Management
- Setting Bucket Tags
- Setting Cross-Bucket Replication
- Enabling Global Acceleration
- Object Management
- Uploading Objects
- Downloading Objects
- Copying Objects
- Viewing Object Information
- Searching for Objects
- Sorting and Filtering Objects
- Direct Upload Archiving
- Modifying Storage Class
- Deleting File Fragments
- Setting Object Access Permission
- Setting Object Encryption
- Custom Headers
- Deleting Objects
- Restoring an Archived Object
- Folder Management
- Data Extraction
- Setting Object Tags
- Batch Operation
- Monitoring Reports
- Data Processing
- Application Integration
- User Tools
- GooseFS
- Best Practice
- Overview
- Access Control and Permission Management
- ACL Practices
- Cloud Access Management Practices
- Granting Sub-accounts Access to COS
- Cases of Permission Setting
- Working with COS API Access Policies
- Temporary Key Security Guide for Frontend Direct Upload to COS
- Generating and Using Temporary Keys
- Grant Sub-account Permissions to Pull Tag List
- Granting Sub-account Under One Root Account Permission to Manipulate Buckets Under Another Root Account
- Performance Optimization
- Data Migration
- Accessing COS Using the AWS S3 SDK
- Data Disaster Recovery and Backup
- Direct Data Upload
- Domain Name Management Practice
- Data Security
- Data Verification
- Big Data Practice
- Using COS in the Third-party Applications
- Introduction to COS Data Security Solution
- Developer Guide
- Creating Request
- Bucket
- Object
- Data Management
- Data Disaster Recovery
- Data Security
- Cloud Access Management (CAM)
- Batch Processing
- Monitoring and Alarms
- Global Acceleration
- Data Processing
- Troubleshooting
- API Documentation
- Introduction
- Common Request Headers
- Common Response Headers
- Error Codes
- Request Signature
- Operation List
- Service APIs
- Bucket APIs
- Basic Operations
- Access Control List (acl)
- Cross-Origin Resource Sharing (cors)
- Lifecycle
- Bucket Policy (policy)
- Hotlink Protection (referer)
- Tag (tagging)
- Static Website (website)
- Intelligent Tiering
- Bucket inventory(inventory)
- Versioning
- Cross-Bucket Replication(replication)
- Log Management(logging)
- Global Acceleration (Accelerate)
- Bucket Encryption (encryption)
- Object APIs
- Batch Operation APIs
- Data Processing APIs
- SDK Documentation
- SDK Overview
- Preparations
- Android SDK
- Object Operations
- Uploading and Copying Objects
- Downloading Objects
- Listing Objects
- Deleting an Object
- Restoring an Archived Object
- Querying Object Metadata
- Generating a Pre-signed Link
- Configuring Preflight Requests for Cross-origin Access
- Moving an Object
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Getting Started
- Quick Experience
- Bucket Operations
- Remote Disaster Recovery
- Data Management
- Cloud Access Management
- Setting Custom Headers
- Setting Access Domain Names
- Image Processing
- Troubleshooting
- Object Operations
- C SDK
- C++ SDK
- .NET(C#) SDK
- Getting Started
- Bucket Operations
- Object Operations
- Uploading and Copying Objects
- Moving an Object
- Downloading Objects
- Listing Objects
- Deleting Objects
- Restoring Archived Objects
- Querying Object Metadata
- Generating Pre-Signed URLs
- Configuring Preflight Requests for Cross-Origin Access
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Setting Custom Headers
- Setting Access Endpoints
- Troubleshooting
- Go SDK
- iOS SDK
- Java SDK
- JavaScript SDK
- Node.js SDK
- PHP SDK
- Python SDK
- Mini Program SDK
- Error Codes
- FAQs
- Service Level Agreement
- Glossary
- Release Notes
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Bucket Management
- Bucket Overview
- Creating Buckets
- Deleting Buckets
- Querying Buckets
- Empty Buckets
- Setting Access Permission
- Setting Bucket Encryption
- Setting Hotlink Protection
- Setting Origin-Pull
- Setting Cross-Origin Access
- Setting Versioning
- Setting up a Static Website
- Setting Lifecycle
- Setting Logging
- Accessing Bucket List Using Sub-Account
- Adding Bucket Policies
- Setting INTELLIGENT TIERING
- Enabling Inventory
- Domain Name Management
- Setting Bucket Tags
- Setting Cross-Bucket Replication
- Enabling Global Acceleration
- Object Management
- Uploading Objects
- Downloading Objects
- Copying Objects
- Viewing Object Information
- Searching for Objects
- Sorting and Filtering Objects
- Direct Upload Archiving
- Modifying Storage Class
- Deleting File Fragments
- Setting Object Access Permission
- Setting Object Encryption
- Custom Headers
- Deleting Objects
- Restoring an Archived Object
- Folder Management
- Data Extraction
- Setting Object Tags
- Batch Operation
- Monitoring Reports
- Data Processing
- Application Integration
- User Tools
- GooseFS
- Best Practice
- Overview
- Access Control and Permission Management
- ACL Practices
- Cloud Access Management Practices
- Granting Sub-accounts Access to COS
- Cases of Permission Setting
- Working with COS API Access Policies
- Temporary Key Security Guide for Frontend Direct Upload to COS
- Generating and Using Temporary Keys
- Grant Sub-account Permissions to Pull Tag List
- Granting Sub-account Under One Root Account Permission to Manipulate Buckets Under Another Root Account
- Performance Optimization
- Data Migration
- Accessing COS Using the AWS S3 SDK
- Data Disaster Recovery and Backup
- Direct Data Upload
- Domain Name Management Practice
- Data Security
- Data Verification
- Big Data Practice
- Using COS in the Third-party Applications
- Introduction to COS Data Security Solution
- Developer Guide
- Creating Request
- Bucket
- Object
- Data Management
- Data Disaster Recovery
- Data Security
- Cloud Access Management (CAM)
- Batch Processing
- Monitoring and Alarms
- Global Acceleration
- Data Processing
- Troubleshooting
- API Documentation
- Introduction
- Common Request Headers
- Common Response Headers
- Error Codes
- Request Signature
- Operation List
- Service APIs
- Bucket APIs
- Basic Operations
- Access Control List (acl)
- Cross-Origin Resource Sharing (cors)
- Lifecycle
- Bucket Policy (policy)
- Hotlink Protection (referer)
- Tag (tagging)
- Static Website (website)
- Intelligent Tiering
- Bucket inventory(inventory)
- Versioning
- Cross-Bucket Replication(replication)
- Log Management(logging)
- Global Acceleration (Accelerate)
- Bucket Encryption (encryption)
- Object APIs
- Batch Operation APIs
- Data Processing APIs
- SDK Documentation
- SDK Overview
- Preparations
- Android SDK
- Object Operations
- Uploading and Copying Objects
- Downloading Objects
- Listing Objects
- Deleting an Object
- Restoring an Archived Object
- Querying Object Metadata
- Generating a Pre-signed Link
- Configuring Preflight Requests for Cross-origin Access
- Moving an Object
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Getting Started
- Quick Experience
- Bucket Operations
- Remote Disaster Recovery
- Data Management
- Cloud Access Management
- Setting Custom Headers
- Setting Access Domain Names
- Image Processing
- Troubleshooting
- Object Operations
- C SDK
- C++ SDK
- .NET(C#) SDK
- Getting Started
- Bucket Operations
- Object Operations
- Uploading and Copying Objects
- Moving an Object
- Downloading Objects
- Listing Objects
- Deleting Objects
- Restoring Archived Objects
- Querying Object Metadata
- Generating Pre-Signed URLs
- Configuring Preflight Requests for Cross-Origin Access
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Setting Custom Headers
- Setting Access Endpoints
- Troubleshooting
- Go SDK
- iOS SDK
- Java SDK
- JavaScript SDK
- Node.js SDK
- PHP SDK
- Python SDK
- Mini Program SDK
- Error Codes
- FAQs
- Service Level Agreement
- Glossary
Introduction
This document provides an overview of APIs and SDK sample codes related to basic bucket operations and access control lists (ACL).
Basic Operations
| API | Operation | Description |
|---|---|---|
| GET Service | Querying a bucket list | Queries the list of all buckets under a specified account |
| PUT Bucket | Creating a bucket | Creates a bucket under a specified account |
| HEAD Bucket | Checking a bucket and its permissions | Checks whether a bucket exists and you have permission to access it |
| DELETE Bucket | Deletes a bucket | Deletes an empty bucket under a specified account |
ACL
| API | Operation | Description |
|---|---|---|
| PUT Bucket acl | Setting a bucket ACL | Sets the ACL for a specified bucket |
| GET Bucket acl | Querying a bucket ACL | Queries the ACL of a specified bucket |
Basic operations
Querying a bucket list
Feature description
This API is used to query the list of all buckets under a specified account.
Method prototype
func (s *ServiceService) Get(ctx context.Context) (*ServiceGetResult, *Response, error)Sample request
s, _, err := c.Service.Get(context.Background())
if err != nil {
panic(err)
}Response description
The result of the request is returned through GetServiceResult.
type ServiceGetResult struct {
Owner *Owner
'Bucket' => $bucket
}
type Owner struct {
ID string
DisplayName string
}
type Bucket struct {
Name string
Region string
CreationDate string
} | Parameter Name | Description | Type |
|---|---|---|
| ID | ID of the bucket owner | string |
| DisplayName | Name of the bucket owner | string |
| Name | Bucket name | string |
| Region | Bucket region | string |
| CreationDate | Time when the bucket was created, in ISO8601 format, such as 2016-11-09T08:46:32.000Z | string |
Creating a bucket
Feature description
This API is used to create a bucket under a specified account.
Method prototype
func (s *BucketService) Put(ctx context.Context, opt *BucketPutOptions) (*Response, error)Sample request
opt := &cos.BucketGetOptions{
XCosACL: "private",
}
_, err := c.Bucket.Put(context.Background(), nil)
if err != nil {
panic(err)
}Parameter description
type BucketPutOptions struct {
XCosACL string
XCosGrantRead string
XCosGrantWrite string
XCosGrantFullControl string
}| Parameter Name | Description | Type | Required |
|---|---|---|---|
| XCosACL | Sets the bucket ACL, such as private, public-read, and public-read-write. | string | No |
| XCosGrantFullControl | Grants a specified account read and write permission for a bucket. Format: id=" ",id=" ". To authorize a sub-account, id="qcs::cam::uin/{OwnerUin}:uin/{SubUin}"; To authorize a root account, id="qcs::cam::uin/{OwnerUin}:uin/{OwnerUin}". For example: id="qcs::cam::uin/123:uin/456",id="qcs::cam::uin/123:uin/123" |
string | No |
| XCosGrantRead | Grants a specified account read permission for a bucket. Format: id=" ",id=" ". To authorize a sub-account, id="qcs::cam::uin/{OwnerUin}:uin/{SubUin}"; To authorize a root account, id="qcs::cam::uin/{OwnerUin}:uin/{OwnerUin}". For example: id="qcs::cam::uin/123:uin/456",id="qcs::cam::uin/123:uin/123" |
string | No |
| XCosGrantWrite | Grants a specified account write permission for a bucket. Format: id=" ",id=" ". To authorize a sub-account, id="qcs::cam::uin/{OwnerUin}:uin/{SubUin}"; To authorize a root account, id="qcs::cam::uin/{OwnerUin}:uin/{OwnerUin}". For example: id="qcs::cam::uin/123:uin/456",id="qcs::cam::uin/123:uin/123" |
string | No |
Checking a bucket and its permissions
Feature description
This API is used to verify whether a bucket exists and you have the permission to access it.
Method prototype
func (s *BucketService) Head(ctx context.Context) (*Response, error)Sample request
_, err := client.Bucket.Head(context.Background())
if err != nil {
panic(err)
}Deleting a bucket
Feature description
This API is used to delete an empty bucket under a specified account.
Method prototype
func (s *BucketService) Delete(ctx context.Context) (*Response, error)Sample request
_, err := client.Bucket.Delete(context.Background())
if err != nil {
panic(err)
}ACL
Setting a bucket ACL
Feature description
This API is used to set the access control list (ACL) of a specified bucket.
Method prototype
func (s *BucketService) PutACL(ctx context.Context, opt *BucketPutACLOptions) (*Response, error)Sample request
// 1. Configure the bucket ACL through the request header
opt := &cos.BucketGetOptions{
Header: &cos.ACLHeaderOptions{
// private,public-read,public-read-write
XCosACL: "private",
},
}
_, err := c.Bucket.Put(context.Background(), nil)
if err != nil {
panic(err)
}
// 2. Configure the bucket ACL through the request body
opt := &cos.BucketGetOptions{
Body: &cos.ACLXml{
Owner: &cos.Owner{
"ID": "qcs::cam::uin/100000000001:uin/100000000001",
},
AccessControlList: []cos.ACLGrant{
{
Grantee: &cos.ACLGrantee{
'Type': 'CanonicalUser'|'Group',
Type: "RootAccount",
"ID": "qcs::cam::uin/100000000001:uin/100000000001",
},
'Permission': 'FULL_CONTROL'|'WRITE'|'READ'
Permission: "FULL_CONTROL",
},
},
},
}
_, err := c.Bucket.Put(context.Background(), nil)
if err != nil {
panic(err)
}Parameter description
type ACLHeaderOptions struct {
XCosACL string
XCosGrantRead string
XCosGrantWrite string
XCosGrantFullControl string
}| Parameter Name | Description | Type | Required |
|---|---|---|---|
| XCosACL | Sets the bucket ACL, such as private, public-read, and public-read-write. | string | No |
| XCosGrantFullControl | Grants a specified account read and write permission for a bucket. Format: id=" ",id=" ". To authorize a sub-account, id="qcs::cam::uin/{OwnerUin}:uin/{SubUin}"; To authorize a root account, id="qcs::cam::uin/{OwnerUin}:uin/{OwnerUin}". For example: id="qcs::cam::uin/123:uin/456",id="qcs::cam::uin/123:uin/123" |
string | No |
| XCosGrantRead | Grants a specified account read permission for a bucket. Format: id=" ",id=" ". To authorize a sub-account, id="qcs::cam::uin/{OwnerUin}:uin/{SubUin}"; To authorize a root account, id="qcs::cam::uin/{OwnerUin}:uin/{OwnerUin}". For example: id="qcs::cam::uin/123:uin/456",id="qcs::cam::uin/123:uin/123" |
string | No |
| XCosGrantWrite | Grants a specified account write permission for a bucket. Format: id=" ",id=" ". To authorize a sub-account, id="qcs::cam::uin/{OwnerUin}:uin/{SubUin}"; To authorize a root account, id="qcs::cam::uin/{OwnerUin}:uin/{OwnerUin}". For example: id="qcs::cam::uin/123:uin/456",id="qcs::cam::uin/123:uin/123" |
string | No |
| ACLXML | Grants a specified account access permission for a bucket. For more information on the format, see the response description of Get Bucket acl. |
struct | No |
Querying a bucket ACL
Feature description
This API is used to query the ACL of a specified bucket.
Method prototype
func (s *BucketService) GetACL(ctx context.Context) (*BucketGetACLResult, *Response, error)Sample request
_, _, err := client.Bucket.GetACL(context.Background())
if err != nil {
panic(err)
}Response description
The result of the request is returned through GetBucketACLResult.
type ACLXml struct {
Owner *Owner
AccessControlList []ACLGrant
}
type Owner struct {
ID string
DisplayName string
}
type ACLGrant struct {
Grantee *ACLGrantee
Permission string
}
type ACLGrantee struct {
Type string
ID string
DisplayName string
UIN string
}| Parameter Name | Description | Type |
|---|---|---|
| Owner | Information on the bucket owner, including DisplayName and ID | struct |
| AccessControlList | Information on the authorized user granted with bucket permissions, including Grantee and Permission | struct |
| Grantee | Information on the authorized user, including DisplayName, Type, ID and UIN | struct |
| Type | Type of authorized user: CanonicalUser or Group | string |
| ID | ID of the authorized user when the type is CanonicalUser | string |
| DisplayName | Name of the authorized user | string |
| UIN | UIN of the authorized user when the type is group | string |
| Permission | Bucket permission granted to the authorized user. Available values: FULL_CONTROL (read and write permission), WRITE (write permission), and READ (read permission) | string |
Yes
No
Was this page helpful?