tencent cloud

Overview

This document provides an overview of APIs and SDK sample codes related to basic bucket operations and access control lists (ACL).

Basic Operations

API	Operation	Description
GET Service	Querying a bucket list	Queries the list of all buckets under a specified account
PUT Bucket	Creating a bucket	Creates a bucket under a specified account
HEAD Bucket	Checking a bucket and its permissions	Checks whether a bucket exists and whether you have permission to access it
DELETE Bucket	Deleting a bucket	Deletes an empty bucket from a specified account

ACL

API	Operation	Description
PUT Bucket acl	Setting bucket ACL	Sets the ACL for the specified bucket
GET Bucket acl	Querying bucket ACL	Queries the ACL of a specified bucket

Basic operations

Querying the bucket list

Description

This API (GET Service) is used to query the list of all buckets under a requester's account or in a specified region. For more information, see GET Service.

Sample request

Sample 1. Listing all buckets

cos.getService(function(err, data) {
   console.log(err || data);
});

Sample 2. Listing all buckets in a specified region

cos.getService({
   Region: 'ap-beijing',
}, function(err, data) {
   console.log(err || data);
});

Parameter description

Parameter	Description	Type	Required
Region	Bucket region. For the enumerated values, please see Regions and Access Endpoints.	String	No

Callback function description

function(err, data) { ... }

Parameter	Description	Type
err	Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.	Object
- statusCode	HTTP status code, such as 200, 403, and 404	Number
- headers	Headers	Object
data	Content returned when the request is successful. If the request fails, this parameter is empty.	Object
- statusCode	HTTP status code, such as 200, 403, and 404	Number
- headers	Headers	Object
- Owner	Object representing the bucket owner	Object
- - ID	Complete ID of the bucket owner in the format: qcs::cam::uin/[OwnerUin]:uin/[OwnerUin], such as qcs::cam::uin/100000000001:uin/100000000001, where 100000000001 is the UIN	String
- - DisplayName	Name of the bucket owner	String
- Buckets	Bucket list	Object
- - Name	Bucket name in the format of BucketName-APPID, such as examplebucket-1250000000	String
- - Location	Bucket region, such as ap-guangzhou, ap-beijing, and ap-hongkong. For more information, please see Regions and Access Endpoints.	String
- - CreationDate	Time when the bucket was created, in ISO 8601 format, such as 2019-05-24T10:56:40Z	string

Creating a bucket

Description

This API (PUT Bucket) is used to create a bucket under a specified account.

Sample request

cos.putBucket({
   Bucket: 'examplebucket-1250000000',
   Region: 'ap-beijing',
   ACL: 'private',
}, function(err, data) {
   console.log(err || data);
});

Parameter description

Parameter Name	Description	Type	Required
Bucket	Bucket name in the format of BucketName-APPID	String	Yes
Region	Bucket region. For the enumerated values, please see Regions and Access Endpoints.	String	Yes
ACL	Defines the access control list (ACL) attribute of the bucket. For enumerated values, such as private and public-read, see the "Preset ACLs for buckets" section in ACL Overview. Default value: private	String	No
GrantRead	Grants a user read permission in the format: id=" ",id=" ". To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>". To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>". Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'	String	No
GrantWrite	Grants a user write permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users. To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>". To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>". Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'	String	No
GrantReadAcp	Grants a user read permission for a bucket’s ACL and policies in the format: id=" ",id=" ". To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>". To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>". Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'	String	No
GrantWriteAcp	Grants a user write permission for a bucket's ACL and policies in the format: id=" ",id=" ". To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>". To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>". Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'	String	No
GrantFullControl	Grants full permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users. To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>". To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>". Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'	String	No

Callback function description

function(err, data) { ... }

Parameter	Description	Type
err	Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.	Object
- statusCode	HTTP status code, such as 200, 403, and 404	Number
- headers	Headers	Object
data	Content returned when the request is successful. If the request fails, this parameter is empty.	Object
- statusCode	HTTP status code, such as 200, 403, and 404	Number
- headers	Headers	Object

Extracting a bucket and its permissions

Description

This API is used to verify whether a bucket exists and whether you have permission to access it.

• If the bucket exists, the HTTP status code 200 will be returned.
• If you do not have permission to access the bucket, the HTTP status code 403 will be returned.
• If the bucket does not exist, the HTTP status code 404 will be returned.

Sample request

Extracting bucket information:

cos.headBucket({
   Bucket: 'examplebucket-1250000000', /* Required */
   Region: 'ap-beijing',     /* Required */
}, function(err, data) {
   console.log(err || data);
});

Determining whether the bucket exists:

function doesBucketExist() {
   cos.headBucket({
       Bucket: 'examplebucket-1250000000', /* Required */
       Region: 'COS_REGION',     /* Bucket region. Required */
   }, function(err, data) {
       if (data) {
           console.log('The bucket exists.');
       } else if (err.statusCode == 404) {
           console.log('The bucket does not exist.');
       } else if (err.statusCode == 403) {
           console.log ('no permission to read the bucket');
       }
   });
}

Parameter description

Parameter	Description	Type	Required
Bucket	Bucket name in the format of BucketName-APPID	String	Yes
Region	Bucket region. For the enumerated values, please see Regions and Access Endpoints.	String	Yes

Callback function description

function(err, data) { ... }

Parameter	Description	Type
err	Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.	Object
- statusCode	HTTP status code, such as 200, 403, and 404	Number
- headers	Headers	Object
data	Content returned when the request is successful. If the request fails, this parameter is empty.	Object
- statusCode	HTTP status code, such as 200, 403, and 404	Number
- headers	Headers	Object

Deleting a bucket

Description

This API is used to delete an empty bucket under a specified account. Note that if the deletion is successful, the HTTP status code 200 or 204 will be returned.

Note：

Before deleting a bucket, please make sure that all the data and incomplete multipart uploads in the bucket have been cleared; otherwise, the bucket cannot be deleted.

Sample request

cos.deleteBucket({
   Bucket: 'examplebucket-1250000000', /* Required */
   Region: 'ap-beijing'     /* Required */
}, function(err, data) {
   console.log(err || data);
});

Parameter description

Parameter	Description	Type	Required
Bucket	Bucket name in the format of BucketName-APPID	String	Yes
Region	Bucket region. For the enumerated values, please see Regions and Access Endpoints.	String	Yes

Callback function description

function(err, data) { ... }

Parameter	Description	Type
err	Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.	Object
- statusCode	HTTP status code, such as 200, 403, and 404	Number
- headers	Headers	Object
data	Content returned when the request is successful. If the request fails, this parameter is empty.	Object
- statusCode	HTTP status code, such as 200, 403, and 404	Number
- headers	Headers	Object

ACL

Setting a bucket ACL

Description

This API (PUT Bucket acl) is used to set an ACL for a bucket.

Sample request

Set a bucket to allow public-read:

cos.putBucketAcl({
   Bucket: 'examplebucket-1250000000', /* Required */
   Region: 'ap-beijing',                                  /* Required */
   ACL: 'public-read'
}, function(err, data) {
   console.log(err || data);
});

Grant a user full permission for a bucket:

cos.putBucketAcl({
   Bucket: 'examplebucket-1250000000', /* Required */
   Region: 'ap-beijing',                                  /* Required */
   GrantFullControl: 'id="qcs::cam::uin/100000000001:uin/100000000001",id="qcs::cam::uin/100000000011:uin/100000000011"' // 100000000001 is uin.
}, function(err, data) {
   console.log(err || data);
});

Modify bucket permission with AccessControlPolicy:

cos.putBucketAcl({
   Bucket: 'examplebucket-1250000000', /* Required */
   Region: 'ap-beijing',                                  /* Required */
   AccessControlPolicy: {
       "Owner": { // `Owner` is required in `AccessControlPolicy`.
           "ID": 'qcs::cam::uin/100000000001:uin/100000000001' // 100000000001 is the UIN of the bucket owner
       },
       "Grants": [{
           "Grantee": {
               "ID": "qcs::cam::uin/100000000011:uin/100000000011", // 100000000011 is UIN
           },
           "Permission": "WRITE"
       }]
   }
}, function(err, data) {
   console.log(err || data);
});

Parameter description

Parameter Name	Description	Type	Required
Bucket	Bucket name, formatted as BucketName-APPID	String	Yes
Region	Bucket region. For the enumerated values, please see Regions and Access Endpoints.	String	Yes
ACL	Defines the access control list (ACL) attribute of the bucket. For the enumerated values such as private and public-read, see the Preset ACLs for buckets section in ACL Overview. Default value: private	String	No
GrantRead	Grants a user read permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users. To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>". To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>". Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'	String	No
GrantWrite	Grants a user write permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users. To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>". To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>". Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'	String	No
GrantReadAcp	Grants a user read permission for bucket ACL and policies in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users. To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>". To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>". Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'	String	No
GrantWriteAcp	Grants a user write permission for bucket ACL and policies in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users. To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>". To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>". Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'	String	No
GrantFullControl	Grants full permission in the format: id="[OwnerUin]". You can use commas (,) to separate multiple users. To authorize a sub-account, use id="qcs::cam::uin/<owneruin>:uin/<subuin>". To authorize a root account, use id="qcs::cam::uin/<owneruin>:uin/<owneruin>". Example: 'id="qcs::cam::uin/100000000001:uin/100000000001", id="qcs::cam::uin/100000000001:uin/100000000011"'	String	No
AccessControlPolicy	A list of all the information about the CORS configuration	Object	No
- Owner	Information about the bucket owner	Object	No
- - ID	Complete ID of the bucket owner in the format: qcs::cam::uin/[OwnerUin]:uin/[OwnerUin], such as `qcs::cam::uin/100000000001:uin/100000000001’, where 100000000001 is the uin	String	No
- Grants	A list of information about the grantee and granted permissions	ObjectArray	No
- - Permission	Permission granted. Valid values: READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL. For the enumerated values, please see the Action permissions section in ACL Overview.	String	No
- - Grantee	Information about the grantee	Object	No
- - - ID	Complete ID of the grantee in the format of qcs::cam::uin/[OwnerUin]:uin/[OwnerUin], such as qcs::cam::uin/100000000001:uin/100000000001, where 100000000001 is the uin	String	No
- - - DisplayName	Grantee name, which is usually the same as the string you enter for ID	String	No
- - - URI	Preset user groups, such as http://cam.qcloud.com/groups/global/AllUsers and http://cam.qcloud.com/groups/global/AuthenticatedUsers. For more information, please see the "Identity (Grantee)" section in ACL Overview.	String	No

Callback function description

function(err, data) { ... }

Parameter	Description	Type
err	Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.	Object
- statusCode	HTTP status code, such as 200, 403, and 404	Number
- headers	Headers	Object
data	Content returned when the request is successful. If the request fails, this parameter is empty.	Object
- statusCode	HTTP status code, such as 200, 403, and 404	Number
- headers	Headers	Object

Querying a bucket ACL

Description

This API (GET Bucket acl) is used to query the ACL of a bucket. To call this API, you need to have permission to read the ACL of the bucket.

Sample request

cos.getBucketAcl({
   Bucket: 'examplebucket-1250000000', /* Required */
   Region: 'ap-beijing'     /* Required */
}, function(err, data) {
   console.log(err || data);
});

Sample response

{
  "GrantFullControl": "",
  "GrantWrite": "",
  "GrantRead": "",
  "GrantReadAcp": "id=\"qcs::cam::uin/100000000011:uin/100000000011\"",
  "GrantWriteAcp": "id=\"qcs::cam::uin/100000000011:uin/100000000011\"",
  "ACL": "private",
  "Owner": {
      "ID": "qcs::cam::uin/100000000001:uin/100000000001",
      "DisplayName": "qcs::cam::uin/100000000001:uin/100000000001"
  },
  "Grants": [{
      "Grantee": {
          "ID": "qcs::cam::uin/100000000011:uin/100000000011",
          "DisplayName": "qcs::cam::uin/100000000011:uin/100000000011"
      },
      "Permission": "READ"
  }],
  "statusCode": 200,
  "headers": {}
}

Parameter description

Parameter	Description	Type	Required
Bucket	Bucket name in the format of BucketName-APPID	String	Yes
Region	Bucket region. For the enumerated values, please see Regions and Access Endpoints.	String	Yes

Callback function description

function(err, data) { ... }

Parameter	Description	Type
err	Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes.	Object
- statusCode	HTTP status code, such as 200, 403, and 404	Number
- headers	Headers	Object
data	Content returned when the request is successful. If the request fails, this parameter is empty.	Object
- statusCode	HTTP status code, such as 200, 403, and 404	Number
- headers	Headers	Object
- ACL	Defines the access control list (ACL) attribute of the bucket. For the enumerated values such as private and public-read, see the "Preset ACL for buckets" section in ACL Overview. Default value: private	String
- GrantRead	ID information of the user granted read access	String
- GrantWrite	ID information of the user granted write access	String
- GrantReadAcp	ID information of the user granted read access to the ACL and Policies	String
- GrantWriteAcp	ID information of the user granted write access to the ACL and Policies	String
- GrantFullControl	ID information of the user granted full access	String
- Owner	Bucket owner information	Object
- - DisplayName	Name of the bucket owner	String
- - ID	Bucket owner ID in the format: qcs::cam::uin/<owneruin>:uin/<subuin>. For root accounts, <OwnerUin> and <SubUin> have the same value.	String
- Grants	A list of information about the grantee and granted permissions	ObjectArray
- - Permission	Specifies the permission granted to the user. Enumerated values: READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL	String
- - Grantee	Information about the grantee	Object
- - - DisplayName	Grantee name	String
- - - ID	Complete ID of the grantee: For root accounts, the format is qcs::cam::uin/<owneruin>:uin/<owneruin> or qcs::cam::anyone:anyone, which indicates all users. For sub-accounts, the format is qcs::cam::uin/<owneruin>:uin/<subuin>	String
- - - URI	Preset user groups. For more information, please see ACL Overview. Examples: http://cam.qcloud.com/groups/global/AllUsers http://cam.qcloud.com/groups/global/AuthenticatedUsers	String