tencent cloud

All product documents
Cloud Object Storage
DocumentationCloud Object StorageSDK DocumentationMini Program SDKBucket Operations
Bucket Operations
Download PDF
Last updated: 2024-02-04 17:20:25
Bucket Operations
Last updated: 2024-02-04 17:20:25
Download PDF

Overview

This document provides an overview of APIs and SDK sample codes related to basic bucket operations and access control lists (ACL).
Basic Operations
API
Operation
Description
Querying a bucket list
Queries the list of all buckets under a specified account
Creating a bucket
Creates a bucket under a specified account
Checking a bucket and its permissions
Checks whether a bucket exists and whether you have permission to access it
Deleting a bucket
Deletes an empty bucket from a specified account
ACL
API
Operation
Description
Setting bucket ACL
Sets the ACL for the specified bucket
Querying bucket ACL
Queries the ACL of a specified bucket

Basic operations

Querying the bucket list

Description

This API (GET Service) is used to query the list of all buckets under a requester's account or in a specified region. For more information, see GET Service.

Sample request

Sample 1. Listing all buckets
cos.getService(function(err, data) {
    console.log(err || data);
});
Sample 2. Listing all buckets in a specified region
cos.getService({
    Region: 'ap-beijing',
}, function(err, data) {
    console.log(err || data);
});

Parameter description

Parameter
Description
Type
Required
Region
Bucket region. For the enumerated values, please see Regions and Access Endpoints.
String
No

Callback function description

function(err, data) { ... }
Parameter
Description
Type
err
Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.
Object
- statusCode
HTTP status code, such as 200, 403, and 404
Number
- headers
Headers
Object
data
Content returned when the request is successful. If the request fails, this parameter is empty.
Object
- statusCode
HTTP status code, such as 200, 403, and 404
Number
- headers
Headers
Object
- Owner
Object representing the bucket owner
Object
- - ID
Complete ID of the bucket owner in the format: qcs::cam::uin/[OwnerUin]:uin/[OwnerUin], such as qcs::cam::uin/100000000001:uin/100000000001, where 100000000001 is the UIN
String
- - DisplayName
Name of the bucket owner
String
- Buckets
Bucket list
Object
- - Name
Bucket name in the format of BucketName-APPID, such as examplebucket-1250000000
String
- - Location
Bucket region, such as ap-guangzhou, ap-beijing, and ap-hongkong. For more information, please see Regions and Access Endpoints.
String
- - CreationDate
Time when the bucket was created, in ISO 8601 format, such as 2019-05-24T10:56:40Z
string

Creating a bucket

Description

This API (PUT Bucket) is used to create a bucket under a specified account.

Sample request

cos.putBucket({
    Bucket: 'examplebucket-1250000000',
    Region: 'ap-beijing',
    ACL: 'private',
}, function(err, data) {
    console.log(err || data);
});

Parameter description

Parameter Name
Description
Type
Required
Bucket
Bucket name in the format of BucketName-APPID
String
Yes
Region
Bucket region. For the enumerated values, please see Regions and Access Endpoints.
String
Yes
ACL
Defines the access control list (ACL) attribute of the bucket. For enumerated values, such as private and public-read, see the "Preset ACLs for buckets" section in ACL Overview. Default value: private
String
No
GrantRead
Grants a user read permission in the format: id=" ",id=" ".
To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
String
No
GrantWrite
Grants a user write permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
String
No
GrantReadAcp
Grants a user read permission for a bucket’s ACL and policies in the format: id=" ",id=" ".
To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
String
No
GrantWriteAcp
Grants a user write permission for a bucket's ACL and policies in the format: id=" ",id=" ".
To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
String
No
GrantFullControl
Grants full permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
String
No

Callback function description

function(err, data) { ... }
Parameter
Description
Type
err
Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.
Object
- statusCode
HTTP status code, such as 200, 403, and 404
Number
- headers
Headers
Object
data
Content returned when the request is successful. If the request fails, this parameter is empty.
Object
- statusCode
HTTP status code, such as 200, 403, and 404
Number
- headers
Headers
Object

Extracting a bucket and its permissions

Description

This API is used to verify whether a bucket exists and whether you have permission to access it.
If the bucket exists, the HTTP status code 200 will be returned.
If you do not have permission to access the bucket, the HTTP status code 403 will be returned.
If the bucket does not exist, the HTTP status code 404 will be returned.

Sample request

Extracting bucket information:
cos.headBucket({
    Bucket: 'examplebucket-1250000000', /* Required */
    Region: 'ap-beijing',     /* Required */
}, function(err, data) {
    console.log(err || data);
});
Determining whether the bucket exists:
function doesBucketExist() {
    cos.headBucket({
        Bucket: 'examplebucket-1250000000', /* Required */
        Region: 'COS_REGION',     /* Bucket region. Required */
    }, function(err, data) {
        if (data) {
            console.log('The bucket exists.');
        } else if (err.statusCode == 404) {
            console.log('The bucket does not exist.');
        } else if (err.statusCode == 403) {
            console.log ('no permission to read the bucket');
        }
    });
}


Parameter description

Parameter
Description
Type
Required
Bucket
Bucket name in the format of BucketName-APPID
String
Yes
Region
Bucket region. For the enumerated values, please see Regions and Access Endpoints.
String
Yes

Callback function description

function(err, data) { ... }
Parameter
Description
Type
err
Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.
Object
- statusCode
HTTP status code, such as 200, 403, and 404
Number
- headers
Headers
Object
data
Content returned when the request is successful. If the request fails, this parameter is empty.
Object
- statusCode
HTTP status code, such as 200, 403, and 404
Number
- headers
Headers
Object

Deleting a bucket

Description

This API is used to delete an empty bucket under a specified account. Note that if the deletion is successful, the HTTP status code 200 or 204 will be returned.
Note:
Before deleting a bucket, please make sure that all the data and incomplete multipart uploads in the bucket have been cleared; otherwise, the bucket cannot be deleted.

Sample request

cos.deleteBucket({
    Bucket: 'examplebucket-1250000000', /* Required */
    Region: 'ap-beijing'     /* Required */
}, function(err, data) {
    console.log(err || data);
});

Parameter description

Parameter
Description
Type
Required
Bucket
Bucket name in the format of BucketName-APPID
String
Yes
Region
Bucket region. For the enumerated values, please see Regions and Access Endpoints.
String
Yes

Callback function description

function(err, data) { ... }

Parameter
Description
Type
err
Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.
Object
- statusCode
HTTP status code, such as 200, 403, and 404
Number
- headers
Headers
Object
data
Content returned when the request is successful. If the request fails, this parameter is empty.
Object
- statusCode
HTTP status code, such as 200, 403, and 404
Number
- headers
Headers
Object

ACL

Setting a bucket ACL

Description

This API (PUT Bucket acl) is used to set an ACL for a bucket.

Sample request

Set a bucket to allow public-read:
cos.putBucketAcl({
    Bucket: 'examplebucket-1250000000', /* Required */
    Region: 'ap-beijing',                                  /* Required */
    ACL: 'public-read'
}, function(err, data) {
    console.log(err || data);
});
Grant a user full permission for a bucket:
cos.putBucketAcl({
    Bucket: 'examplebucket-1250000000', /* Required */
    Region: 'ap-beijing',                                  /* Required */
    GrantFullControl: 'id="qcs::cam::uin/100000000001:uin/100000000001",id="qcs::cam::uin/100000000011:uin/100000000011"' // 100000000001 is uin.
}, function(err, data) {
    console.log(err || data);
});
Modify bucket permission with AccessControlPolicy:
cos.putBucketAcl({
    Bucket: 'examplebucket-1250000000', /* Required */
    Region: 'ap-beijing',                                  /* Required */
    AccessControlPolicy: {
        "Owner": { // `Owner` is required in `AccessControlPolicy`.
            "ID": 'qcs::cam::uin/100000000001:uin/100000000001' // 100000000001 is the UIN of the bucket owner
        },
        "Grants": [{
            "Grantee": {
                "ID": "qcs::cam::uin/100000000011:uin/100000000011", // 100000000011 is UIN
            },
            "Permission": "WRITE"
        }]
    }
}, function(err, data) {
    console.log(err || data);
});

Parameter description

Parameter Name
Description
Type
Required
Bucket
Bucket name, formatted as BucketName-APPID
String
Yes
Region
Bucket region. For the enumerated values, please see Regions and Access Endpoints.
String
Yes
ACL
Defines the access control list (ACL) attribute of the bucket. For the enumerated values such as private and public-read, see the Preset ACLs for buckets section in ACL Overview. Default value: private
String
No
GrantRead
Grants a user read permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
String
No
GrantWrite
Grants a user write permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
String
No
GrantReadAcp
Grants a user read permission for bucket ACL and policies in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
String
No
GrantWriteAcp
Grants a user write permission for bucket ACL and policies in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
String
No
GrantFullControl
Grants full permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users.
To authorize a sub-account, use id="qcs::cam::uin/<OwnerUin>:uin/<SubUin>".
To authorize a root account, use id="qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>".
Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'
String
No
AccessControlPolicy
A list of all the information about the CORS configuration
Object
No
- Owner
Information about the bucket owner
Object
No
- - ID
Complete ID of the bucket owner in the format: qcs::cam::uin/[OwnerUin]:uin/[OwnerUin], such as `qcs::cam::uin/100000000001:uin/100000000001’, where 100000000001 is the uin
String
No
- Grants
A list of information about the grantee and granted permissions
ObjectArray
No
- - Permission
Permission granted. Valid values: READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL. For the enumerated values, please see the Action permissions section in ACL Overview.
String
No
- - Grantee
Information about the grantee
Object
No
- - - ID
Complete ID of the grantee in the format of qcs::cam::uin/[OwnerUin]:uin/[OwnerUin], such as qcs::cam::uin/100000000001:uin/100000000001, where 100000000001 is the uin
String
No
- - - DisplayName
Grantee name, which is usually the same as the string you enter for ID
String
No
- - - URI
Preset user groups, such as http://cam.qcloud.com/groups/global/AllUsers and http://cam.qcloud.com/groups/global/AuthenticatedUsers. For more information, please see the "Identity (Grantee)" section in ACL Overview.
String
No

Callback function description

function(err, data) { ... }
Parameter
Description
Type
err
Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.
Object
- statusCode
HTTP status code, such as 200, 403, and 404
Number
- headers
Headers
Object
data
Content returned when the request is successful. If the request fails, this parameter is empty.
Object
- statusCode
HTTP status code, such as 200, 403, and 404
Number
- headers
Headers
Object

Querying a bucket ACL

Description

This API (GET Bucket acl) is used to query the ACL of a bucket. To call this API, you need to have permission to read the ACL of the bucket.

Sample request

cos.getBucketAcl({
    Bucket: 'examplebucket-1250000000', /* Required */
    Region: 'ap-beijing'     /* Required */
}, function(err, data) {
    console.log(err || data);
});

Sample response

{
    "GrantFullControl": "",
    "GrantWrite": "",
    "GrantRead": "",
    "GrantReadAcp": "id=\\"qcs::cam::uin/100000000011:uin/100000000011\\"",
    "GrantWriteAcp": "id=\\"qcs::cam::uin/100000000011:uin/100000000011\\"",
    "ACL": "private",
    "Owner": {
        "ID": "qcs::cam::uin/100000000001:uin/100000000001",
        "DisplayName": "qcs::cam::uin/100000000001:uin/100000000001"
    },
    "Grants": [{
        "Grantee": {
            "ID": "qcs::cam::uin/100000000011:uin/100000000011",
            "DisplayName": "qcs::cam::uin/100000000011:uin/100000000011"
        },
        "Permission": "READ"
    }],
    "statusCode": 200,
    "headers": {}
}

Parameter description

Parameter
Description
Type
Required
Bucket
Bucket name in the format of BucketName-APPID
String
Yes
Region
Bucket region. For the enumerated values, please see Regions and Access Endpoints.
String
Yes

Callback function description

function(err, data) { ... }
Parameter
Description
Type
err
Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.
Object
- statusCode
HTTP status code, such as 200, 403, and 404
Number
- headers
Headers
Object
data
Content returned when the request is successful. If the request fails, this parameter is empty.
Object
- statusCode
HTTP status code, such as 200, 403, and 404
Number
- headers
Headers
Object
- ACL
Defines the access control list (ACL) attribute of the bucket. For the enumerated values such as private and public-read, see the "Preset ACL for buckets" section in ACL Overview. Default value: private
String
- GrantRead
ID information of the user granted read access
String
- GrantWrite
ID information of the user granted write access
String
- GrantReadAcp
ID information of the user granted read access to the ACL and Policies
String
- GrantWriteAcp
ID information of the user granted write access to the ACL and Policies
String
- GrantFullControl
ID information of the user granted full access
String
- Owner
Bucket owner information
Object
- - DisplayName
Name of the bucket owner
String
- - ID
Bucket owner ID in the format: qcs::cam::uin/<OwnerUin>:uin/<SubUin>.
For root accounts, <OwnerUin> and <SubUin> have the same value.
String
- Grants
A list of information about the grantee and granted permissions
ObjectArray
- - Permission
Specifies the permission granted to the user. Enumerated values: READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
String
- - Grantee
Information about the grantee
Object
- - - DisplayName
Grantee name
String
- - - ID
Complete ID of the grantee:
For root accounts, the format is qcs::cam::uin/<OwnerUin>:uin/<OwnerUin>
or qcs::cam::anyone:anyone, which indicates all users.
For sub-accounts, the format is qcs::cam::uin/<OwnerUin>:uin/<SubUin>
String
- - - URI
Preset user groups. For more information, please see ACL Overview. Examples:
http://cam.qcloud.com/groups/global/AllUsers
http://cam.qcloud.com/groups/global/AuthenticatedUsers
String

Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 available.

Submit a Ticket
7x24 Phone Support