tencent cloud

Feedback

Bucket Operations

Last updated: 2024-02-04 17:20:25

    Overview

    This document provides an overview of APIs and SDK sample codes related to basic bucket operations and access control lists (ACL).
    Basic Operations
    API
    Operation
    Description
    Querying a bucket list
    Queries the list of all buckets under a specified account
    Creating a bucket
    Creates a bucket under a specified account
    Checking a bucket and its permissions
    Checks whether a bucket exists and whether you have permission to access it
    Deleting a bucket
    Deletes an empty bucket from a specified account
    ACL
    API
    Operation
    Description
    Setting bucket ACL
    Sets the ACL for the specified bucket
    Querying bucket ACL
    Queries the ACL of a specified bucket

    Basic operations

    Querying the bucket list

    Description

    This API (GET Service) is used to query the list of all buckets under a requester's account or in a specified region. For more information, see GET Service.

    Sample request

    Sample 1. Listing all buckets
    cos.getService(function(err, data) {
    console.log(err || data);
    });
    Sample 2. Listing all buckets in a specified region
    cos.getService({
    Region: 'ap-beijing',
    }, function(err, data) {
    console.log(err || data);
    });

    Parameter description

    Parameter
    Description
    Type
    Required
    Region
    Bucket region. For the enumerated values, please see Regions and Access Endpoints.
    String
    No

    Callback function description

    function(err, data) { ... }
    Parameter
    Description
    Type
    err
    Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.
    Object
    - statusCode
    HTTP status code, such as 200, 403, and 404
    Number
    - headers
    Headers
    Object
    data
    Content returned when the request is successful. If the request fails, this parameter is empty.
    Object
    - statusCode
    HTTP status code, such as 200, 403, and 404
    Number
    - headers
    Headers
    Object
    - Owner
    Object representing the bucket owner
    Object
    - - ID
    Complete ID of the bucket owner in the format: qcs::cam::uin/[OwnerUin]:uin/[OwnerUin], such as qcs::cam::uin/100000000001:uin/100000000001, where 100000000001 is the UIN
    String
    - - DisplayName
    Name of the bucket owner
    String
    - Buckets
    Bucket list
    Object
    - - Name
    Bucket name in the format of BucketName-APPID, such as examplebucket-1250000000
    String
    - - Location
    Bucket region, such as ap-guangzhou, ap-beijing, and ap-hongkong. For more information, please see Regions and Access Endpoints.
    String
    - - CreationDate
    Time when the bucket was created, in ISO 8601 format, such as 2019-05-24T10:56:40Z
    string

    Creating a bucket

    Description

    This API (PUT Bucket) is used to create a bucket under a specified account.

    Sample request

    cos.putBucket({
    Bucket: 'examplebucket-1250000000',
    Region: 'ap-beijing',
    ACL: 'private',
    }, function(err, data) {
    console.log(err || data);
    });

    Parameter description

    Parameter Name
    Description
    Type
    Required
    Bucket
    Bucket name in the format of BucketName-APPID
    String
    Yes
    Region
    Bucket region. For the enumerated values, please see Regions and Access Endpoints.
    String
    Yes
    ACL
    Defines the access control list (ACL) attribute of the bucket. For enumerated values, such as private and public-read, see the "Preset ACLs for buckets" section in ACL Overview. Default value: private
    String
    No
    GrantRead
    Grants a user read permission in the format: id=" ",id=" ".
    To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
    To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
    String
    No
    GrantWrite
    Grants a user write permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
    To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
    To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
    String
    No
    GrantReadAcp
    Grants a user read permission for a bucket’s ACL and policies in the format: id=" ",id=" ".
    To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
    To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
    String
    No
    GrantWriteAcp
    Grants a user write permission for a bucket's ACL and policies in the format: id=" ",id=" ".
    To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
    To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
    String
    No
    GrantFullControl
    Grants full permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
    To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
    To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
    String
    No

    Callback function description

    function(err, data) { ... }
    Parameter
    Description
    Type
    err
    Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.
    Object
    - statusCode
    HTTP status code, such as 200, 403, and 404
    Number
    - headers
    Headers
    Object
    data
    Content returned when the request is successful. If the request fails, this parameter is empty.
    Object
    - statusCode
    HTTP status code, such as 200, 403, and 404
    Number
    - headers
    Headers
    Object

    Extracting a bucket and its permissions

    Description

    This API is used to verify whether a bucket exists and whether you have permission to access it.
    If the bucket exists, the HTTP status code 200 will be returned.
    If you do not have permission to access the bucket, the HTTP status code 403 will be returned.
    If the bucket does not exist, the HTTP status code 404 will be returned.

    Sample request

    Extracting bucket information:
    cos.headBucket({
    Bucket: 'examplebucket-1250000000', /* Required */
    Region: 'ap-beijing', /* Required */
    }, function(err, data) {
    console.log(err || data);
    });
    Determining whether the bucket exists:
    function doesBucketExist() {
    cos.headBucket({
    Bucket: 'examplebucket-1250000000', /* Required */
    Region: 'COS_REGION', /* Bucket region. Required */
    }, function(err, data) {
    if (data) {
    console.log('The bucket exists.');
    } else if (err.statusCode == 404) {
    console.log('The bucket does not exist.');
    } else if (err.statusCode == 403) {
    console.log ('no permission to read the bucket');
    }
    });
    }
    

    Parameter description

    Parameter
    Description
    Type
    Required
    Bucket
    Bucket name in the format of BucketName-APPID
    String
    Yes
    Region
    Bucket region. For the enumerated values, please see Regions and Access Endpoints.
    String
    Yes

    Callback function description

    function(err, data) { ... }
    Parameter
    Description
    Type
    err
    Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.
    Object
    - statusCode
    HTTP status code, such as 200, 403, and 404
    Number
    - headers
    Headers
    Object
    data
    Content returned when the request is successful. If the request fails, this parameter is empty.
    Object
    - statusCode
    HTTP status code, such as 200, 403, and 404
    Number
    - headers
    Headers
    Object

    Deleting a bucket

    Description

    This API is used to delete an empty bucket under a specified account. Note that if the deletion is successful, the HTTP status code 200 or 204 will be returned.
    Note:
    Before deleting a bucket, please make sure that all the data and incomplete multipart uploads in the bucket have been cleared; otherwise, the bucket cannot be deleted.

    Sample request

    cos.deleteBucket({
    Bucket: 'examplebucket-1250000000', /* Required */
    Region: 'ap-beijing' /* Required */
    }, function(err, data) {
    console.log(err || data);
    });

    Parameter description

    Parameter
    Description
    Type
    Required
    Bucket
    Bucket name in the format of BucketName-APPID
    String
    Yes
    Region
    Bucket region. For the enumerated values, please see Regions and Access Endpoints.
    String
    Yes

    Callback function description

    function(err, data) { ... }
    
    Parameter
    Description
    Type
    err
    Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.
    Object
    - statusCode
    HTTP status code, such as 200, 403, and 404
    Number
    - headers
    Headers
    Object
    data
    Content returned when the request is successful. If the request fails, this parameter is empty.
    Object
    - statusCode
    HTTP status code, such as 200, 403, and 404
    Number
    - headers
    Headers
    Object

    ACL

    Setting a bucket ACL

    Description

    This API (PUT Bucket acl) is used to set an ACL for a bucket.

    Sample request

    Set a bucket to allow public-read:
    cos.putBucketAcl({
    Bucket: 'examplebucket-1250000000', /* Required */
    Region: 'ap-beijing', /* Required */
    ACL: 'public-read'
    }, function(err, data) {
    console.log(err || data);
    });
    Grant a user full permission for a bucket:
    cos.putBucketAcl({
    Bucket: 'examplebucket-1250000000', /* Required */
    Region: 'ap-beijing', /* Required */
    GrantFullControl: 'id="qcs::cam::uin/100000000001:uin/100000000001",id="qcs::cam::uin/100000000011:uin/100000000011"' // 100000000001 is uin.
    }, function(err, data) {
    console.log(err || data);
    });
    Modify bucket permission with AccessControlPolicy:
    cos.putBucketAcl({
    Bucket: 'examplebucket-1250000000', /* Required */
    Region: 'ap-beijing', /* Required */
    AccessControlPolicy: {
    "Owner": { // `Owner` is required in `AccessControlPolicy`.
    "ID": 'qcs::cam::uin/100000000001:uin/100000000001' // 100000000001 is the UIN of the bucket owner
    },
    "Grants": [{
    "Grantee": {
    "ID": "qcs::cam::uin/100000000011:uin/100000000011", // 100000000011 is UIN
    },
    "Permission": "WRITE"
    }]
    }
    }, function(err, data) {
    console.log(err || data);
    });

    Parameter description

    Parameter Name
    Description
    Type
    Required
    Bucket
    Bucket name, formatted as BucketName-APPID
    String
    Yes
    Region
    Bucket region. For the enumerated values, please see Regions and Access Endpoints.
    String
    Yes
    ACL
    Defines the access control list (ACL) attribute of the bucket. For the enumerated values such as private and public-read, see the Preset ACLs for buckets section in ACL Overview. Default value: private
    String
    No
    GrantRead
    Grants a user read permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
    To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
    To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
    String
    No
    GrantWrite
    Grants a user write permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
    To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
    To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
    String
    No
    GrantReadAcp
    Grants a user read permission for bucket ACL and policies in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
    To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
    To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
    String
    No
    GrantWriteAcp
    Grants a user write permission for bucket ACL and policies in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
    To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
    To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
    String
    No
    GrantFullControl
    Grants full permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
    To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
    To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
    Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
    String
    No
    AccessControlPolicy
    A list of all the information about the CORS configuration
    Object
    No
    - Owner
    Information about the bucket owner
    Object
    No
    - - ID
    Complete ID of the bucket owner in the format: qcs::cam::uin/[OwnerUin]:uin/[OwnerUin], such as `qcs::cam::uin/100000000001:uin/100000000001’, where 100000000001 is the uin
    String
    No
    - Grants
    A list of information about the grantee and granted permissions
    ObjectArray
    No
    - - Permission
    Permission granted. Valid values: READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL. For the enumerated values, please see the Action permissions section in ACL Overview.
    String
    No
    - - Grantee
    Information about the grantee
    Object
    No
    - - - ID
    Complete ID of the grantee in the format of qcs::cam::uin/[OwnerUin]:uin/[OwnerUin], such as qcs::cam::uin/100000000001:uin/100000000001, where 100000000001 is the uin
    String
    No
    - - - DisplayName
    Grantee name, which is usually the same as the string you enter for ID
    String
    No
    - - - URI
    Preset user groups, such as http://cam.qcloud.com/groups/global/AllUsers and http://cam.qcloud.com/groups/global/AuthenticatedUsers. For more information, please see the "Identity (Grantee)" section in ACL Overview.
    String
    No

    Callback function description

    function(err, data) { ... }
    Parameter
    Description
    Type
    err
    Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.
    Object
    - statusCode
    HTTP status code, such as 200, 403, and 404
    Number
    - headers
    Headers
    Object
    data
    Content returned when the request is successful. If the request fails, this parameter is empty.
    Object
    - statusCode
    HTTP status code, such as 200, 403, and 404
    Number
    - headers
    Headers
    Object

    Querying a bucket ACL

    Description

    This API (GET Bucket acl) is used to query the ACL of a bucket. To call this API, you need to have permission to read the ACL of the bucket.

    Sample request

    cos.getBucketAcl({
    Bucket: 'examplebucket-1250000000', /* Required */
    Region: 'ap-beijing' /* Required */
    }, function(err, data) {
    console.log(err || data);
    });

    Sample response

    {
    "GrantFullControl": "",
    "GrantWrite": "",
    "GrantRead": "",
    "GrantReadAcp": "id=\\"qcs::cam::uin/100000000011:uin/100000000011\\"",
    "GrantWriteAcp": "id=\\"qcs::cam::uin/100000000011:uin/100000000011\\"",
    "ACL": "private",
    "Owner": {
    "ID": "qcs::cam::uin/100000000001:uin/100000000001",
    "DisplayName": "qcs::cam::uin/100000000001:uin/100000000001"
    },
    "Grants": [{
    "Grantee": {
    "ID": "qcs::cam::uin/100000000011:uin/100000000011",
    "DisplayName": "qcs::cam::uin/100000000011:uin/100000000011"
    },
    "Permission": "READ"
    }],
    "statusCode": 200,
    "headers": {}
    }

    Parameter description

    Parameter
    Description
    Type
    Required
    Bucket
    Bucket name in the format of BucketName-APPID
    String
    Yes
    Region
    Bucket region. For the enumerated values, please see Regions and Access Endpoints.
    String
    Yes

    Callback function description

    function(err, data) { ... }
    Parameter
    Description
    Type
    err
    Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.
    Object
    - statusCode
    HTTP status code, such as 200, 403, and 404
    Number
    - headers
    Headers
    Object
    data
    Content returned when the request is successful. If the request fails, this parameter is empty.
    Object
    - statusCode
    HTTP status code, such as 200, 403, and 404
    Number
    - headers
    Headers
    Object
    - ACL
    Defines the access control list (ACL) attribute of the bucket. For the enumerated values such as private and public-read, see the "Preset ACL for buckets" section in ACL Overview. Default value: private
    String
    - GrantRead
    ID information of the user granted read access
    String
    - GrantWrite
    ID information of the user granted write access
    String
    - GrantReadAcp
    ID information of the user granted read access to the ACL and Policies
    String
    - GrantWriteAcp
    ID information of the user granted write access to the ACL and Policies
    String
    - GrantFullControl
    ID information of the user granted full access
    String
    - Owner
    Bucket owner information
    Object
    - - DisplayName
    Name of the bucket owner
    String
    - - ID
    Bucket owner ID in the format: qcs::cam::uin/<OwnerUin>:uin/<SubUin>.
    For root accounts, <OwnerUin> and <SubUin> have the same value.
    String
    - Grants
    A list of information about the grantee and granted permissions
    ObjectArray
    - - Permission
    Specifies the permission granted to the user. Enumerated values: READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
    String
    - - Grantee
    Information about the grantee
    Object
    - - - DisplayName
    Grantee name
    String
    - - - ID
    Complete ID of the grantee:
    For root accounts, the format is qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>
    or qcs::cam::anyone:anyone, which indicates all users.
    For sub-accounts, the format is qcs::cam::uin/<OwnerUin>:uin/<SubUin>
    String
    - - - URI
    Preset user groups. For more information, please see ACL Overview. Examples:
    http://cam.qcloud.com/groups/global/AllUsers
    http://cam.qcloud.com/groups/global/AuthenticatedUsers
    String
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support