- Release Notes
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Bucket Management
- Bucket Overview
- Creating Buckets
- Deleting Buckets
- Querying Buckets
- Empty Buckets
- Setting Access Permission
- Setting Bucket Encryption
- Setting Hotlink Protection
- Setting Origin-Pull
- Setting Cross-Origin Access
- Setting Versioning
- Setting up a Static Website
- Setting Lifecycle
- Setting Logging
- Accessing Bucket List Using Sub-Account
- Adding Bucket Policies
- Setting INTELLIGENT TIERING
- Enabling Inventory
- Domain Name Management
- Setting Bucket Tags
- Setting Cross-Bucket Replication
- Enabling Global Acceleration
- Object Management
- Uploading Objects
- Downloading Objects
- Copying Objects
- Viewing Object Information
- Searching for Objects
- Sorting and Filtering Objects
- Direct Upload Archiving
- Modifying Storage Class
- Deleting File Fragments
- Setting Object Access Permission
- Setting Object Encryption
- Custom Headers
- Deleting Objects
- Restoring an Archived Object
- Folder Management
- Data Extraction
- Setting Object Tags
- Batch Operation
- Monitoring Reports
- Data Processing
- Application Integration
- User Tools
- GooseFS
- Best Practice
- Overview
- Access Control and Permission Management
- ACL Practices
- Cloud Access Management Practices
- Granting Sub-accounts Access to COS
- Cases of Permission Setting
- Working with COS API Access Policies
- Temporary Key Security Guide for Frontend Direct Upload to COS
- Generating and Using Temporary Keys
- Grant Sub-account Permissions to Pull Tag List
- Granting Sub-account Under One Root Account Permission to Manipulate Buckets Under Another Root Account
- Performance Optimization
- Data Migration
- Accessing COS Using the AWS S3 SDK
- Data Disaster Recovery and Backup
- Direct Data Upload
- Domain Name Management Practice
- Data Security
- Data Verification
- Big Data Practice
- Using COS in the Third-party Applications
- Introduction to COS Data Security Solution
- Developer Guide
- Creating Request
- Bucket
- Object
- Data Management
- Data Disaster Recovery
- Data Security
- Cloud Access Management (CAM)
- Batch Processing
- Monitoring and Alarms
- Global Acceleration
- Data Processing
- Troubleshooting
- API Documentation
- Introduction
- Common Request Headers
- Common Response Headers
- Error Codes
- Request Signature
- Operation List
- Service APIs
- Bucket APIs
- Basic Operations
- Access Control List (acl)
- Cross-Origin Resource Sharing (cors)
- Lifecycle
- Bucket Policy (policy)
- Hotlink Protection (referer)
- Tag (tagging)
- Static Website (website)
- Intelligent Tiering
- Bucket inventory(inventory)
- Versioning
- Cross-Bucket Replication(replication)
- Log Management(logging)
- Global Acceleration (Accelerate)
- Bucket Encryption (encryption)
- Object APIs
- Batch Operation APIs
- Data Processing APIs
- SDK Documentation
- SDK Overview
- Preparations
- Android SDK
- Object Operations
- Uploading and Copying Objects
- Downloading Objects
- Listing Objects
- Deleting an Object
- Restoring an Archived Object
- Querying Object Metadata
- Generating a Pre-signed Link
- Configuring Preflight Requests for Cross-origin Access
- Moving an Object
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Getting Started
- Quick Experience
- Bucket Operations
- Remote Disaster Recovery
- Data Management
- Cloud Access Management
- Setting Custom Headers
- Setting Access Domain Names
- Image Processing
- Troubleshooting
- Object Operations
- C SDK
- C++ SDK
- .NET(C#) SDK
- Getting Started
- Bucket Operations
- Object Operations
- Uploading and Copying Objects
- Moving an Object
- Downloading Objects
- Listing Objects
- Deleting Objects
- Restoring Archived Objects
- Querying Object Metadata
- Generating Pre-Signed URLs
- Configuring Preflight Requests for Cross-Origin Access
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Setting Custom Headers
- Setting Access Endpoints
- Troubleshooting
- Go SDK
- iOS SDK
- Java SDK
- JavaScript SDK
- Node.js SDK
- PHP SDK
- Python SDK
- Mini Program SDK
- Error Codes
- FAQs
- Service Level Agreement
- Glossary
- Release Notes
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Bucket Management
- Bucket Overview
- Creating Buckets
- Deleting Buckets
- Querying Buckets
- Empty Buckets
- Setting Access Permission
- Setting Bucket Encryption
- Setting Hotlink Protection
- Setting Origin-Pull
- Setting Cross-Origin Access
- Setting Versioning
- Setting up a Static Website
- Setting Lifecycle
- Setting Logging
- Accessing Bucket List Using Sub-Account
- Adding Bucket Policies
- Setting INTELLIGENT TIERING
- Enabling Inventory
- Domain Name Management
- Setting Bucket Tags
- Setting Cross-Bucket Replication
- Enabling Global Acceleration
- Object Management
- Uploading Objects
- Downloading Objects
- Copying Objects
- Viewing Object Information
- Searching for Objects
- Sorting and Filtering Objects
- Direct Upload Archiving
- Modifying Storage Class
- Deleting File Fragments
- Setting Object Access Permission
- Setting Object Encryption
- Custom Headers
- Deleting Objects
- Restoring an Archived Object
- Folder Management
- Data Extraction
- Setting Object Tags
- Batch Operation
- Monitoring Reports
- Data Processing
- Application Integration
- User Tools
- GooseFS
- Best Practice
- Overview
- Access Control and Permission Management
- ACL Practices
- Cloud Access Management Practices
- Granting Sub-accounts Access to COS
- Cases of Permission Setting
- Working with COS API Access Policies
- Temporary Key Security Guide for Frontend Direct Upload to COS
- Generating and Using Temporary Keys
- Grant Sub-account Permissions to Pull Tag List
- Granting Sub-account Under One Root Account Permission to Manipulate Buckets Under Another Root Account
- Performance Optimization
- Data Migration
- Accessing COS Using the AWS S3 SDK
- Data Disaster Recovery and Backup
- Direct Data Upload
- Domain Name Management Practice
- Data Security
- Data Verification
- Big Data Practice
- Using COS in the Third-party Applications
- Introduction to COS Data Security Solution
- Developer Guide
- Creating Request
- Bucket
- Object
- Data Management
- Data Disaster Recovery
- Data Security
- Cloud Access Management (CAM)
- Batch Processing
- Monitoring and Alarms
- Global Acceleration
- Data Processing
- Troubleshooting
- API Documentation
- Introduction
- Common Request Headers
- Common Response Headers
- Error Codes
- Request Signature
- Operation List
- Service APIs
- Bucket APIs
- Basic Operations
- Access Control List (acl)
- Cross-Origin Resource Sharing (cors)
- Lifecycle
- Bucket Policy (policy)
- Hotlink Protection (referer)
- Tag (tagging)
- Static Website (website)
- Intelligent Tiering
- Bucket inventory(inventory)
- Versioning
- Cross-Bucket Replication(replication)
- Log Management(logging)
- Global Acceleration (Accelerate)
- Bucket Encryption (encryption)
- Object APIs
- Batch Operation APIs
- Data Processing APIs
- SDK Documentation
- SDK Overview
- Preparations
- Android SDK
- Object Operations
- Uploading and Copying Objects
- Downloading Objects
- Listing Objects
- Deleting an Object
- Restoring an Archived Object
- Querying Object Metadata
- Generating a Pre-signed Link
- Configuring Preflight Requests for Cross-origin Access
- Moving an Object
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Getting Started
- Quick Experience
- Bucket Operations
- Remote Disaster Recovery
- Data Management
- Cloud Access Management
- Setting Custom Headers
- Setting Access Domain Names
- Image Processing
- Troubleshooting
- Object Operations
- C SDK
- C++ SDK
- .NET(C#) SDK
- Getting Started
- Bucket Operations
- Object Operations
- Uploading and Copying Objects
- Moving an Object
- Downloading Objects
- Listing Objects
- Deleting Objects
- Restoring Archived Objects
- Querying Object Metadata
- Generating Pre-Signed URLs
- Configuring Preflight Requests for Cross-Origin Access
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Setting Custom Headers
- Setting Access Endpoints
- Troubleshooting
- Go SDK
- iOS SDK
- Java SDK
- JavaScript SDK
- Node.js SDK
- PHP SDK
- Python SDK
- Mini Program SDK
- Error Codes
- FAQs
- Service Level Agreement
- Glossary
Overview
This document provides an overview of APIs and SDK sample codes related to basic bucket operations and access control lists (ACL).
Basic operations
| API | Operation | Description |
|---|---|---|
| HEAD Bucket | Retrieving information on a bucket and its permission | Checks whether a bucket exists and if you have the permission to access it |
| DELETE Bucket | Deleting a bucket | Deletes an empty bucket under a specified account |
ACL
| API | Operation | Description |
|---|---|---|
| PUT Bucket acl | Setting bucket ACL | Sets the ACL of a specified bucket |
| GET Bucket acl | Querying bucket ACL | Queries the ACL of a specified bucket |
Basic operations
Retrieving information on a bucket and its permissions
Feature description
This API is used to verify whether a bucket exists and if you have the permission to access it.
- HTTP status code
200will be returned if the bucket exists and you have access permission. - HTTP status code
403will be returned if you do not have permission to access the bucket. - HTTP status code
404will be returned if the bucket does not exist.
Use case
cos.headBucket({
Bucket: 'examplebucket-1250000000', /*Required*/
Region: 'COS_REGION', /* Bucket region. Required */
},function (err,data) {
console.log(err || data);
});
Parameter description
| Parameter Name | Description | Type | Required |
|---|---|---|---|
| Bucket | Bucket name in the format: BucketName-APPID |
String | Yes |
| Region | Bucket region. For the enumerated values, see Regions and Access Domain Names | String | Yes |
Callback function description
},function (err,data) {
| Parameter | Description | Type |
|---|---|---|
| err | Object returned when an error (network error or service error) occurs. If the request is successful, this is null. For more information, see Error Codes | Object |
| - statusCode | HTTP status code returned by the request, such as 200, 403, and 404 |
Number |
| - headers | Header information returned by the request | Object |
| data | Object returned when the request is successful. If the request fails, this is null | Object |
| - statusCode | HTTP status code returned by the request, such as 200, 403, and 404 |
Number |
| - headers | Header information returned by the request | Object |
Deleting a bucket
Feature description
This API is used to delete an empty bucket under a specified account. Note that if the deletion is successful, the returned HTTP status code will be 200 or 204.
Before deleting a bucket, please make sure that all the data and incomplete multipart uploads in the bucket have been deleted; otherwise, the bucket cannot be deleted.
Use case
cos.deleteBucket({
Bucket: 'examplebucket-1250000000', /*Required*/
Region: 'COS_REGION', /* Bucket region. Required */
},function (err,data) {
console.log(err || data);
});
Parameter description
| Parameter Name | Description | Type | Required |
|---|---|---|---|
| Bucket | Bucket name in the format: BucketName-APPID |
String | Yes |
| Region | Bucket region. For the enumerated values, see Regions and Access Domain Names | String | Yes |
Callback function description
},function (err,data) {
| Parameter | Description | Type |
|---|---|---|
| err | Object returned when an error (network error or service error) occurs. If the request is successful, this is null. For more information, see Error Codes | Object |
| - statusCode | HTTP status code returned by the request, such as 200, 403, and 404 |
Number |
| - headers | Header information returned by the request | Object |
| data | Object returned when the request is successful. If the request fails, this is null | Object |
| - statusCode | HTTP status code returned by the request, such as 200, 403, and 404 |
Number |
| - headers | Header information returned by the request | Object |
ACL
Setting bucket ACL
Feature description
This API is used to set the access control list ( ACL) for a specified bucket.
Use case
Set a bucket to allow public-read:
cos.putBucketAcl({
Bucket: 'examplebucket-1250000000', /*Required*/
Region: 'COS_REGION', /* Bucket region. Required */
ACL: 'public-read'
},function (err,data) {
console.log(err || data);
});
Grant a user full access to a bucket:
cos.putBucketAcl({
Bucket: 'examplebucket-1250000000', /*Required*/
Region: 'COS_REGION', /* Bucket region. Required */
GrantFullControl: 'id="qcs::cam::uin/100000000001:uin/100000000001",id="qcs::cam::uin/100000000011:uin/100000000011"' // 100000000001 is UIN
},function (err,data) {
console.log(err || data);
});
Modify bucket permission with AccessControlPolicy:
cos.putBucketAcl({
Bucket: 'examplebucket-1250000000', /*Required*/
Region: 'COS_REGION', /* Bucket region. Required */
AccessControlPolicy={
"Owner": { // `Owner` is required in `AccessControlPolicy`
"ID": 'qcs::cam::uin/100000000001:uin/100000000001' // 100000000001 is the UIN of the bucket owner
},
"Grants": [{
'Grantee': {
"ID": "qcs::cam::uin/100000000011:uin/100000000011", // 100000000011 is UIN
},
"Permission": "WRITE"
}]
}
},function (err,data) {
console.log(err || data);
});
Parameter description
| Parameter Name | Description | Type | Required |
|---|---|---|---|
| Bucket | Bucket name in the format: BucketName-APPID |
String | Yes |
| Region | Bucket region. For the enumerated values, see Regions and Access Domain Names | String | Yes |
| x-cos-acl | Defines the access control list (ACL) attribute of the bucket. For the enumerated values such as private and public-read, see the Preset ACLs for buckets section in ACL Overview. Default value: private |
Enum | No |
| GrantRead | Grants a user read access in the format: id="[OwnerUin]". Use a comma (,) to separate multiple users. To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".Examples: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"' |
String | No |
| GrantWrite | Grants a user write access in the format: id="[OwnerUin]". Use a comma (,) to separate multiple users. To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".Examples: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"' |
String | No |
| GrantReadAcp | Grants read access to ACL and policies in the format: id=" ",id=" ".To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".Examples: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"' |
String | No |
| GrantWriteAcp | Grants write access to ACL and policies in the format: id=" ",id=" ".To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".Examples: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"' |
String | No |
| GrantFullControl | Grants full access in the format: id="[OwnerUin]". Use a comma (,) to separate multiple users. To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".Examples: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"' |
String | No |
| AccessControlPolicy | List of all the information on CORS configuration | Object | No |
| - Owner | Object representing the bucket owner | Object | No |
| - - ID | Complete ID of the bucket owner in the format: qcs::cam::uin/[OwnerUin]:uin/[OwnerUin],such as `qcs::cam::uin/100000000001:uin/100000000001’, where 100000000001 is uin |
String | No |
| - Grants | List of information on the authorized user and granted permissions | ObjectArray | No |
| - - Permission | Permissions information. Valid values: READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL. For details on the enumerated values, see the Action permissions section in ACL Overview. |
String | No |
| - - Grantee | Authorized user’s information | Object | No |
| - - - ID | Complete ID of the grantee in the format: qcs::cam::uin/[OwnerUin]:uin/[OwnerUin]such as qcs::cam::uin/100000000001:uin/100000000001, where 100000000001 is uin |
String | No |
| - - - DisplayName | String representing the username, which is usually the same as the string you enter for ID |
String | No |
| - - - URI | Preset user groups. For more information, see the Identity (Grantee) section in ACL Overview, such as http://cam.qcloud.com/groups/global/AllUsers or http://cam.qcloud.com/groups/global/AuthenticatedUsers |
String | No |
Callback function description
},function (err,data) {
| Parameter Name | Description | Type |
|---|---|---|
| err | Object returned when an error (network error or service error) occurs. If the request is successful, this is null. For more information, see Error Codes | Object |
| - statusCode | HTTP status code returned by the request, such as 200, 403, and 404 |
Number |
| - headers | Header information returned by the request | Object |
| data | Object returned when the request is successful. If the request fails, this is null | Object |
| - statusCode | HTTP status code returned by the request, such as 200, 403, and 404 |
Number |
| - headers | Header information returned by the request | Object |
Querying bucket ACL
Feature description
This API is used to query the ACL of a specified bucket. To make this request, you need to have permission to access the ACL of the bucket.
Use case
cos.getBucketAcl({
Bucket: 'examplebucket-1250000000', /*Required*/
Region: 'COS_REGION', /* Bucket region. Required */
},function (err,data) {
console.log(err || data);
});
Sample Response
{
"GrantFullControl": "",
"GrantWrite": "",
"GrantRead": "",
"GrantReadAcp": "id=\"qcs::cam::uin/100000000011:uin/100000000011\"",
"GrantWriteAcp": "id=\"qcs::cam::uin/100000000011:uin/100000000011\"",
"ACL": "private",
'Owner': {
"ID": "qcs::cam::uin/100000000001:uin/100000000001",
[DisplayName] => qcs::cam::uin/100000000001:uin/100000000001
},
"Grants": [{
'Grantee': {
"ID": "qcs::cam::uin/100000000001:uin/100000000001",
[DisplayName] => qcs::cam::uin/100000000001:uin/100000000001
},
"Permission": "READ"
}],
"statusCode": 200,
"headers": {}
}
Parameter description
| Parameter Name | Description | Type | Required |
|---|---|---|---|
| Bucket | Bucket name in the format: BucketName-APPID |
String | Yes |
| Region | Bucket region. For the enumerated values, see Regions and Access Domain Names | String | Yes |
Callback function description
},function (err,data) {
| Parameter Name | Description | Type |
|---|---|---|
| err | Object returned when an error (network error or service error) occurs. If the request is successful, this is null. For more information, see Error Codes | Object |
| - statusCode | HTTP status code returned by the request, such as 200, 403, and 404 |
Number |
| - headers | Header information returned by the request | Object |
| data | Data returned when the request is successful. If the request fails, this is null. | Object |
| - statusCode | HTTP status code returned by the request, such as 200, 403, and 404 |
Number |
| - headers | Header information returned by the request | Object |
| x-cos-acl | Defines the access control list (ACL) attribute of the bucket. For the enumerated values such as private and public-read, see the Preset ACLs for buckets section in ACL Overview. Default value: private |
Enum |
| - GrantRead | ID information of the user granted read access | String |
| - GrantWrite | ID information of the user granted write access | String |
| - GrantReadAcp | ID information of the user granted read access to the ACL and Policies | String |
| - GrantWriteAcp | ID information of the user granted write access to the ACL and Policies | String |
| - GrantFullControl | ID information of the user granted full access | String |
| - Owner | Bucket owner information | Object |
| - - DisplayName | Bucket owner username | String |
| - - ID | Bucket owner ID in the format: qcs::cam::uin/<OwnerUin>:uin/<SubUin>. For root accounts, <OwnerUin> and <SubUin> have the same value. |
String |
| - Grants | List of information on the authorized user and granted permissions | ObjectArray |
| - - Permission | Specifies the permission granted to the user. Enumerated values: READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL |
String |
| - - Grantee | Grantee Information | Object |
| - - - DisplayName | Authorized user’s username | String |
| - - - ID | User ID of the authorized user For root accounts, the format is qcs::cam::uin/<OwnerUin>:uin/<OwnerUin> or qcs::cam::anyone:anyone representing all users. For sub-accounts, the format is qcs::cam::uin/<OwnerUin>:uin/<SubUin> |
String |
| - - - URI | Preset user groups. For more information see the Identity (Grantee) section in ACL Overview, such as http://cam.qcloud.com/groups/global/AllUsers or http://cam.qcloud.com/groups/global/AuthenticatedUsers |
String |
Yes
No
Was this page helpful?