tencent cloud

Cloud Object Storage

DocumentaçãoCloud Object StorageAPI DocumentationObject APIsBasic OperationsPOST Object

POST Object

Baixar
Modo Foco
Tamanho da Fonte
Última atualização: 2026-06-05 17:23:47

Feature Description

You can upload an object (Object) of up to 5 GB from your local machine to a specified bucket in the form of an HTML Form by sending a POST Object API request. The requester of this API must have write permissions for the bucket.
Note:
The POST Object API does not use the unified request signature of COS. Instead, it has its own signature requirements. For details, see the descriptions of Signature Protection and related fields in this document.
If you attempt to add an existing object with the same name and versioning is not enabled, the original object will be overwritten by the newly uploaded one. Upon success, the system returns a response normally according to the specified return method.
When uploading images, see the PUT Object API and refer to the code sample for data population.


Authorization Description

When you create an authorization policy, set the action to cos:PostObject. An example is provided below.
{
  "version": "2.0",
  "statement": [
    {
      "action": [
        "name/cos:PostObject"
      ],
      "effect": "allow",
      "resource": [
        "qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*"
      ]
    }
  ]
}
For more COS actions, see the Business APIs Supported by CAM.

Versioning

If versioning is enabled for a bucket, COS automatically generates a unique version ID for the object to be added. COS returns this identifier in the response using the x-cos-version-id response header.
If versioning for a bucket is suspended, COS always uses null as the version ID for objects stored in the bucket and does not return the x-cos-version-id response header.

Request

Request Example

POST / HTTP/1.1
Host: <BucketName-APPID>.cos.<Region>.myqcloud.com
Date: GMT Date
Content-Type: multipart/form-data; boundary=Multipart Boundary
Content-Length: Content Length

[Multipart Form Data]
Note:
Host: <BucketName-APPID>.cos.<Region>.myqcloud.com. Here, <BucketName-APPID> is the bucket name with the APPID suffix, for example, examplebucket-1250000000. For more information, see the Bucket Overview > Basic Information and Bucket Overview > Bucket Naming Conventions documents.
<Region> is the available region of COS. For details, see the Regions and Access Domains document.

Request Form

The request body of this API is encoded with multipart/form-data. When sending a request via a <form> element in an HTML page, set the enctype attribute of the <form> element to multipart/form-data. Then, use HTML form elements (such as <input>, <select>, and so on) to add the required form fields.

Form Fields

Name
Description
Type
Required
key
For the object key, you can specify the ${filename} wildcard in it. The wildcard in the object key will then be replaced with the filename of the actually uploaded file. For a related example, see Case 7 in this document.
string
Yes
Cache-Control
Cache directives defined in RFC 2616, to be saved as object metadata.
string
No
Content-Disposition
File name defined in RFC 2616, to be saved as object metadata.
string
No
Content-Encoding
Encoding format defined in RFC 2616, to be saved as object metadata.
string
No
Content-Type
HTTP content type (MIME) defined in RFC 2616, to be saved as object metadata.
Note: When a file is uploaded via a web form, the browser automatically includes the MIME type of the specified file in the request. However, COS does not use the MIME type provided by the browser. You must explicitly specify the Content-Type form field as the content type of the object.
string
No
Expires
Cache expiration time defined in RFC 2616, to be saved as object metadata.
string
No
success_action_redirect
The target URL address for redirection upon successful upload. If set, the system returns an HTTP status code 303 (Redirect) and a Location response header upon successful upload. The value of the Location response header is the URL address specified by this field, with the bucket, key, and etag parameters appended. For a related example, see Case 8 in this document.
string
No
success_action_status
The HTTP status code returned upon successful upload can be 200, 201, or 204, with 204 as the default. If the success_action_redirect field is specified, this field is ignored. For a related example, see Case 9 in this document.
number
No
x-cos-meta-[custom suffix]
User-defined metadata header. For example, x-cos-meta-test: test metadata.
Note:
The user-defined metadata header has a fixed format: x-cos-meta-[custom suffix]. The custom suffix supports hyphens (-), digits, and English letters (a to z). Uppercase English letters are converted to lowercase. Other characters, including underscores (_), are not supported.
There is no limit on the number of user-defined metadata headers. The size of a single header is limited to 2 KB. The total size of all x-cos-meta-[custom suffix] headers must not exceed 4 KB.
string
No
x-cos-storage-class
Object storage type. For the enumeration values, see the Storage Type document, for example: MAZ_STANDARD, MAZ_STANDARD_IA, INTELLIGENT_TIERING, MAZ_INTELLIGENT_TIERING, STANDARD_IA, ARCHIVE, DEEP_ARCHIVE.
Default value: STANDARD for a single-AZ bucket; MAZ_STANDARD for a multi-AZ bucket.
enum
No
x-cos-traffic-limit
Rate limit value for traffic control during this upload. Must be a numeric value, with the default unit being bit/s. The valid range for the rate limit is 819200 - 838860800, that is, 800 Kb/s - 800 Mb/s. A value outside this range will result in a 400 error.
integer
No
x-cos-forbid-overwrite
For buckets with versioning disabled, specifies whether to forbid overwriting objects with the same name during upload operations.
When the x-cos-forbid-overwrite header is not specified or is set to false, the Object with the same name is overwritten by default.
When x-cos-forbid-overwrite is specified as true, it indicates that overwriting the Object with the same name is forbidden.
Note:
When versioning for a bucket is enabled, the x-cos-forbid-overwrite setting is ineffective, meaning overwriting objects with the same name is allowed.
string
No
Content-MD5
Base64-encoded MD5 hash of the file content, used for integrity checks to verify whether the file content has changed during transmission.
string
No
file
File information and content. When file information and content are uploaded via a web form, the browser automatically sets the value of this field to the correct format.
Note:
The file field must be placed at the end of the entire form.
file
Yes

Access Control List (ACL) Related Form Fields

You can set the access permissions for an object during upload by specifying the following form fields:
Name
Description
Type
Required
acl
Defines the Access Control List (ACL) property of an object. For the enumeration values, see the preset ACL section for objects in the ACL Overview document, such as default, private, public-read, and so on. The default value is default.
Note:
If you do not need to control object ACL, set it to default or leave it unset. In this case, bucket permissions are inherited by default.
Enum
No
x-cos-grant-read
Grants the grantee the permission to read the object. The format is id="[OwnerUin]", for example, id="100000000001". Multiple grantees can be separated by commas (,), for example, id="100000000001",id="100000000002".
string
No
x-cos-grant-read-acp
Grants the grantee the permission to read the Access Control List (ACL) of the object. The format is id="[OwnerUin]", for example, id="100000000001". Multiple grantees can be separated by commas (,), for example, id="100000000001",id="100000000002".
string
No
x-cos-grant-write-acp
Grants the grantee the permission to write to the Access Control List (ACL) of the object. The format is id="[OwnerUin]", for example, id="100000000001". Multiple grantees can be separated by commas (,), for example, id="100000000001",id="100000000002".
string
No
x-cos-grant-full-control
Grants the grantee full control permissions over the object. The format is id="[OwnerUin]", for example, id="100000000001". Multiple grantees can be separated by commas (,), for example, id="100000000001",id="100000000002".
string
No

Server-Side Encryption (SSE) Related Form Fields

You can use server-side encryption during object upload by specifying the following form fields:
Name
Description
Type
Required
x-cos-server-side-encryption
Server-side encryption algorithms, supporting AES256 and cos/kms.
string
This field is required when SSE-COS or SSE-KMS is used.
x-cos-server-side-encryption-customer-algorithm
Server-side encryption algorithms, supporting AES256.
string
This field is required when SSE-C is used.
x-cos-server-side-encryption-cos-kms-key-id
When the value of x-cos-server-side-encryption is cos/kms, use this field to specify the kms customer master key (CMK). If not specified, the CMK created by COS by default is used. For more details, see SSE-kms Encryption.
string
No
x-cos-server-side-encryption-context
Specifies the encryption context when the value of x-cos-server-side-encryption is cos/kms. The value is the Base64 encoding of a JSON-formatted key-value pair for the encryption context.
For example, eyJhIjoiYXNkZmEiLCJiIjoiMTIzMzIxIn0=.
string
No
x-cos-server-side-encryption-customer-key
Base64 encoding of the server-side encryption key
For example, MDEyMzQ1Njc4OUFCQ0RFRjAxMjM0NTY3ODlBQkNERUY=.
string
This field is required when SSE-C is used.
x-cos-server-side-encryption-customer-key-MD5
MD5 hash value of the server-side encryption key, encoded in Base64
For example, U5L61r7jcwdNvT7frmUG8g==.
string
Required when SSE-C is used.

Signature Protection

The POST Object API requires signature-related fields in the request. Upon receiving the message, the COS server performs identity verification. If the verification succeeds, the request is accepted and executed. Otherwise, an error message is returned and the request is discarded.
The signature process is as follows:

Response

Response Headers

In addition to common response headers, this API returns the following response headers. For details about common response headers, see Common Response Headers.
Name
Description
Type
Location
When the success_action_redirect form field is used, the value of this response header is set to the URL specified by success_action_redirect, with the bucket, key, and etag parameters appended. For a related example, see Case 8 in this document.
When the success_action_redirect form field is not used, the value of this response header is set to the complete object access URL. For a related example, see Case 1 in this document.
string

Versioning-related headers

The following table describes the response headers returned when objects are uploaded to a versioning-enabled bucket.
Name
Description
Type
x-cos-version-id
Version ID of an object.
string

SSE-related headers

If SSE is used during object upload, this API returns headers used specifically for SSE. For details, see Server-Side Encryption Custom Header.

Response Body

The response body of this API is empty.

Error Codes

This API follows unified error responses and error codes. For details, see Error Codes.

Use Case

Appendix: SDKs for the POST Object API in Various Languages

SDK
Documentation Link
.NET(C#) SDK
JavaScript SDK
Node.js SDK
Mini Program SDK
Anterior: PUT Object - CopyPróximo: ReturnBody

Ajuda e Suporte

Esta página foi útil?

comentários