tencent cloud

Feedback

Bucket Operations

Last updated: 2022-03-30 14:50:55

    Overview

    This document provides an overview of APIs and SDK sample codes related to basic bucket operations and access control lists (ACL).

    Basic Operations

    API Operation Description
    GET Service Querying a bucket list Queries the list of all buckets under a specified account
    PUT Bucket Creating a bucket Creates a bucket under a specified account
    HEAD Bucket Checking a bucket and its permissions Checks whether a bucket exists and whether you have permission to access it
    DELETE Bucket Deleting a bucket Deletes an empty bucket from a specified account

    ACL

    API Operation Description
    PUT Bucket acl Setting bucket ACL Sets the ACL for the specified bucket
    GET Bucket acl Querying bucket ACL Queries the ACL of a specified bucket

    Basic operations

    Querying the bucket list

    Description

    This API (GET Service) is used to query the list of all buckets under a requester's account or in a specified region. For more information, see GET Service.

    Sample request

    Sample 1. Listing all buckets

    cos.getService(function(err, data) {
       console.log(err || data);
    });
    

    Sample 2. Listing all buckets in a specified region

    cos.getService({
       Region: 'ap-beijing',
    }, function(err, data) {
       console.log(err || data);
    });
    

    Parameter description

    Parameter Description Type Required
    Region Bucket region. For the enumerated values, please see Regions and Access Endpoints. String No

    Callback function description

    function(err, data) { ... }
    
    Parameter                     Description Type
    err Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes. Object
    - statusCode HTTP status code, such as 200, 403, and 404 Number
    - headers Headers Object
    data Content returned when the request is successful. If the request fails, this parameter is empty. Object
    - statusCode HTTP status code, such as 200, 403, and 404 Number
    - headers Headers Object
    - Owner Object representing the bucket owner Object
    - - ID Complete ID of the bucket owner in the format: qcs::cam::uin/[OwnerUin]:uin/[OwnerUin], such as qcs::cam::uin/100000000001:uin/100000000001, where 100000000001 is the UIN String
    - - DisplayName Name of the bucket owner String
    - Buckets Bucket list Object
    - - Name Bucket name in the format of BucketName-APPID, such as examplebucket-1250000000 String
    - - Location Bucket region, such as ap-guangzhou, ap-beijing, and ap-hongkong. For more information, please see Regions and Access Endpoints. String
    - - CreationDate Time when the bucket was created, in ISO 8601 format, such as 2019-05-24T10:56:40Z string

    Creating a bucket

    Description

    This API (PUT Bucket) is used to create a bucket under a specified account.

    Sample request

    cos.putBucket({
       Bucket: 'examplebucket-1250000000',
       Region: 'ap-beijing',
       ACL: 'private',
    }, function(err, data) {
       console.log(err || data);
    });
    

    Parameter description

    Parameter Name Description Type Required
    Bucket Bucket name in the format of BucketName-APPID String Yes
    Region Bucket region. For the enumerated values, please see Regions and Access Endpoints. String Yes
    ACL Defines the access control list (ACL) attribute of the bucket. For enumerated values, such as private and public-read, see the "Preset ACLs for buckets" section in ACL Overview. Default value: private String No
    GrantRead Grants a user read permission in the format: id=" ",id=" ".
  • To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>".
  • To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
  • String No
    GrantWrite Grants a user write permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
  • To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>".
  • To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
  • String No
    GrantReadAcp Grants a user read permission for a bucket’s ACL and policies in the format: id=" ",id=" ".
  • To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>".
  • To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
  • String No
    GrantWriteAcp Grants a user write permission for a bucket's ACL and policies in the format: id=" ",id=" ".
  • To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>".
  • To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
  • String No
    GrantFullControl Grants full permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
  • To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>".
  • To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
  • String No

    Callback function description

    function(err, data) { ... }
    
    Parameter Description Type
    err Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes. Object
    - statusCode HTTP status code, such as 200, 403, and 404 Number
    - headers Headers Object
    data Content returned when the request is successful. If the request fails, this parameter is empty. Object
    - statusCode HTTP status code, such as 200, 403, and 404 Number
    - headers Headers Object

    Extracting a bucket and its permissions

    Description

    This API is used to verify whether a bucket exists and whether you have permission to access it.

    • If the bucket exists, the HTTP status code 200 will be returned.
    • If you do not have permission to access the bucket, the HTTP status code 403 will be returned.
    • If the bucket does not exist, the HTTP status code 404 will be returned.

    Sample request

    Extracting bucket information:

    cos.headBucket({
       Bucket: 'examplebucket-1250000000', /* Required */
       Region: 'ap-beijing',     /* Required */
    }, function(err, data) {
       console.log(err || data);
    });
    

    Determining whether the bucket exists:

    function doesBucketExist() {
       cos.headBucket({
           Bucket: 'examplebucket-1250000000', /* Required */
           Region: 'COS_REGION',     /* Bucket region. Required */
       }, function(err, data) {
           if (data) {
               console.log('The bucket exists.');
           } else if (err.code == 404) {
               console.log('The bucket does not exist.');
           } else if (err.code == 403) {
               console.log ('no permission to read the bucket');
           }
       });
    }
    

    Parameter description

    Parameter Description Type Required
    Bucket Bucket name in the format of BucketName-APPID String Yes
    Region Bucket region. For the enumerated values, please see Regions and Access Endpoints. String Yes

    Callback function description

    function(err, data) { ... }
    
    Parameter Description Type
    err Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes. Object
    - statusCode HTTP status code, such as 200, 403, and 404 Number
    - headers Headers Object
    data Content returned when the request is successful. If the request fails, this parameter is empty. Object
    - statusCode HTTP status code, such as 200, 403, and 404 Number
    - headers Headers Object

    Deleting a bucket

    Description

    This API is used to delete an empty bucket under a specified account. Note that if the deletion is successful, the HTTP status code 200 or 204 will be returned.

    Note:

    Before deleting a bucket, please make sure that all the data and incomplete multipart uploads in the bucket have been cleared; otherwise, the bucket cannot be deleted.

    Sample request

    cos.deleteBucket({
       Bucket: 'examplebucket-1250000000', /* Required */
       Region: 'ap-beijing'     /* Required */
    }, function(err, data) {
       console.log(err || data);
    });
    

    Parameter description

    Parameter Description Type Required
    Bucket Bucket name in the format of BucketName-APPID String Yes
    Region Bucket region. For the enumerated values, please see Regions and Access Endpoints. String Yes

    Callback function description

    function(err, data) { ... }
    
    Parameter Description Type
    err Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes. Object
    - statusCode HTTP status code, such as 200, 403, and 404 Number
    - headers Headers Object
    data Content returned when the request is successful. If the request fails, this parameter is empty. Object
    - statusCode HTTP status code, such as 200, 403, and 404 Number
    - headers Headers Object

    ACL

    Setting a bucket ACL

    Description

    This API (PUT Bucket acl) is used to set an ACL for a bucket.

    Sample request

    Set a bucket to allow public-read:

    cos.putBucketAcl({
       Bucket: 'examplebucket-1250000000', /* Required */
       Region: 'ap-beijing',                                  /* Required */
       ACL: 'public-read'
    }, function(err, data) {
       console.log(err || data);
    });
    

    Grant a user full permission for a bucket:

    cos.putBucketAcl({
       Bucket: 'examplebucket-1250000000', /* Required */
       Region: 'ap-beijing',                                  /* Required */
       GrantFullControl: 'id="qcs::cam::uin/100000000001:uin/100000000001",id="qcs::cam::uin/100000000011:uin/100000000011"' // 100000000001 is uin.
    }, function(err, data) {
       console.log(err || data);
    });
    

    Modify bucket permission with AccessControlPolicy:

    cos.putBucketAcl({
       Bucket: 'examplebucket-1250000000', /* Required */
       Region: 'ap-beijing',                                  /* Required */
       AccessControlPolicy: {
           "Owner": { // `Owner` is required in `AccessControlPolicy`.
               "ID": 'qcs::cam::uin/100000000001:uin/100000000001' // 100000000001 is the UIN of the bucket owner
           },
           "Grants": [{
               "Grantee": {
                   "ID": "qcs::cam::uin/100000000011:uin/100000000011", // 100000000011 is UIN
               },
               "Permission": "WRITE"
           }]
       }
    }, function(err, data) {
       console.log(err || data);
    });
    

    Parameter description

    Parameter Name Description Type Required
    Bucket Bucket name, formatted as BucketName-APPID String Yes
    Region Bucket region. For the enumerated values, please see Regions and Access Endpoints. String Yes
    ACL Defines the access control list (ACL) attribute of the bucket. For the enumerated values such as private and public-read, see the Preset ACLs for buckets section in ACL Overview. Default value: private String No
    GrantRead Grants a user read permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
  • To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>".
  • To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
  • String No
    GrantWrite Grants a user write permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
  • To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>".
  • To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
  • String No
    GrantReadAcp Grants a user read permission for bucket ACL and policies in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
  • To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>".
  • To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
  • String No
    GrantWriteAcp Grants a user write permission for bucket ACL and policies in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
  • To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>".
  • To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
  • String No
    GrantFullControl Grants full permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
  • To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>".
  • To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
  • String No
    AccessControlPolicy A list of all the information about the CORS configuration Object No
    - Owner Information about the bucket owner Object No
    - - ID Complete ID of the bucket owner in the format: qcs::cam::uin/[OwnerUin]:uin/[OwnerUin], such as `qcs::cam::uin/100000000001:uin/100000000001’, where 100000000001 is the uin String No
    - Grants A list of information about the grantee and granted permissions ObjectArray No
    - - Permission Permission granted. Valid values: READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL. For the enumerated values, please see the Action permissions section in ACL Overview. String No
    - - Grantee Information about the grantee Object No
    - - - ID Complete ID of the grantee in the format of qcs::cam::uin/[OwnerUin]:uin/[OwnerUin], such as qcs::cam::uin/100000000001:uin/100000000001, where 100000000001 is the uin String No
    - - - DisplayName Grantee name, which is usually the same as the string you enter for ID String No
    - - - URI Preset user groups, such as http://cam.qcloud.com/groups/global/AllUsers and http://cam.qcloud.com/groups/global/AuthenticatedUsers. For more information, please see the "Identity (Grantee)" section in ACL Overview. String No

    Callback function description

    function(err, data) { ... }
    
    Parameter Description Type
    err Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes. Object
    - statusCode HTTP status code, such as 200, 403, and 404 Number
    - headers Headers Object
    data Content returned when the request is successful. If the request fails, this parameter is empty. Object
    - statusCode HTTP status code, such as 200, 403, and 404 Number
    - headers Headers Object

    Querying a bucket ACL

    Description

    This API (GET Bucket acl) is used to query the ACL of a bucket. To call this API, you need to have permission to read the ACL of the bucket.

    Sample request

    cos.getBucketAcl({
       Bucket: 'examplebucket-1250000000', /* Required */
       Region: 'ap-beijing'     /* Required */
    }, function(err, data) {
       console.log(err || data);
    });
    

    Sample response

    {
      "GrantFullControl": "",
      "GrantWrite": "",
      "GrantRead": "",
      "GrantReadAcp": "id=\"qcs::cam::uin/100000000011:uin/100000000011\"",
      "GrantWriteAcp": "id=\"qcs::cam::uin/100000000011:uin/100000000011\"",
      "ACL": "private",
      "Owner": {
          "ID": "qcs::cam::uin/100000000001:uin/100000000001",
          "DisplayName": "qcs::cam::uin/100000000001:uin/100000000001"
      },
      "Grants": [{
          "Grantee": {
              "ID": "qcs::cam::uin/100000000011:uin/100000000011",
              "DisplayName": "qcs::cam::uin/100000000011:uin/100000000011"
          },
          "Permission": "READ"
      }],
      "statusCode": 200,
      "headers": {}
    }
    

    Parameter description

    Parameter Description Type Required
    Bucket Bucket name in the format of BucketName-APPID String Yes
    Region Bucket region. For the enumerated values, please see Regions and Access Endpoints. String Yes

    Callback function description

    function(err, data) { ... }
    
    Parameter                              Description Type
    err Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes. Object
    - statusCode HTTP status code, such as 200, 403, and 404 Number
    - headers Headers Object
    data Content returned when the request is successful. If the request fails, this parameter is empty. Object
    - statusCode HTTP status code, such as 200, 403, and 404 Number
    - headers Headers Object
    - ACL Defines the access control list (ACL) attribute of the bucket. For the enumerated values such as private and public-read, see the "Preset ACL for buckets" section in ACL Overview. Default value: private String
    - GrantRead ID information of the user granted read access String
    - GrantWrite ID information of the user granted write access String
    - GrantReadAcp ID information of the user granted read access to the ACL and Policies String
    - GrantWriteAcp ID information of the user granted write access to the ACL and Policies String
    - GrantFullControl ID information of the user granted full access String
    - Owner Bucket owner information Object
    - - DisplayName Name of the bucket owner String
    - - ID Bucket owner ID in the format: qcs::cam::uin/<owneruin>:uin/<subuin>.
    For root accounts, <OwnerUin> and <SubUin> have the same value.
    String
    - Grants A list of information about the grantee and granted permissions ObjectArray
    - - Permission Specifies the permission granted to the user. Enumerated values: READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL String
    - - Grantee Information about the grantee Object
    - - - DisplayName Grantee name String
    - - - ID Complete ID of the grantee:
  • For root accounts, the format is qcs::cam::uin/<owneruin>:uin/<owneruin>
    or qcs::cam::anyone:anyone, which indicates all users.
  • For sub-accounts, the format is qcs::cam::uin/<owneruin>:uin/<subuin>
  • String
    - - - URI Preset user groups. For more information, please see ACL Overview. Examples:
    http://cam.qcloud.com/groups/global/AllUsers
    http://cam.qcloud.com/groups/global/AuthenticatedUsers
    String

    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support