NAVER CLOUD PLATFORM’s Object Storage provides S3 API required to manage and use storage.
Version: Amazon S3 v2006-03-01
Request domain (endpoint)
The Object Storage API supports both HTTP and HTTPS, but HTTPS is recommended for data protection.
Request domain by region
|Region||Region name||Request domain|
|American West (New)||us-standard||https://us.object.ncloudstorage.com|
More regions will be added constantly.
Authentication key (Credential)
Go to My Page > Manage Account > Manage Auth Key in the portal page to get an API authentication key.
The following sections describe all operations that can be used to access NAVER CLOUD PLATFORM’s Object Storage by using the S3 API. For more information on how to use each operation including code examples, refer to each page of bucket operations and object operations.
The only account operation is to get a list of buckets that belong to an account. The number of buckets for an account can be up to 1,000.
|GET Account (List Buckets)||Gets buckets that belong to the account.|
Bucket operations create, delete, get and control buckets.
GET Bucket (List Objects) Version 2, which gets objects in a bucket, is not supported.
|PUT Bucket||Creates a bucket. The number of buckets for an account can be up to 1,000.|
|GET Bucket (List Objects)||Gets objects in the bucket. Up to 1000 objects can be listed at a time.|
|HEAD Bucket||Gets bucket headers.|
|DELETE Bucket||Deletes empty buckets.|
|PUT Bucket ACL||Creates an access control list (ACL) to apply to the bucket.|
|GET Bucket ACL||Gets ACLs applied to the bucket.|
|PUT Bucket CORS||Creates cross-origin resource sharing (CORS) settings to apply to the bucket.|
|GET Bucket CORS||Gets CORS settings applied to the bucket.|
|DELETE Bucket CORS||Deletes CORS settings applied to the bucket.|
|List Multipart Uploads||Gets multipart uploads that have not been completed or have canceled.|
Object operations create, delete, get and control objects.
|PUT Object||Adds (uploads) an object to the bucket.|
|PUT Object (Copy)||Creates a copy of the object.|
|GET Object||Gets (downloads) objects.|
|HEAD Object||Gets object headers.|
|DELETE Object||Deletes objects from the bucket.|
|DELETE Multiple Objects||Deletes multipart objects from the bucket.|
|PUT Object ACL||Creates an ACL to apply to the object.|
|GET Object ACL||Gets ACLs applied to the object.|
|OPTIONS Object||Checks CORS settings to see if you send a specific request.|
|Initiate Multipart Upload||Creates an upload ID for a set of parts to upload.|
|Upload Part||Uploads a part of the object associated with the upload ID.|
|Complete Multipart Upload||Completes separated objects with the part associated with the upload ID.|
|Abort Multipart Upload||Aborts an upload and deletes the parts associated with the upload ID.|
Common request header
The following table describes common request headers supported by NAVER CLOUD PLATFORM’s Object Storage.
Common headers other than those in the table will be ignored.
Note that some requests may support other headers as described in this document. For more information on how to create an authentication header, refer to “Managing Access.”
|Authorization||Required (AWS Signature Version 4)|
|x-amz-date||Required. It can be specified as a date.|
|x-amz-content-sha256||Required only when an object is uploaded or the request information is included in the body.|
|Content-Length||Required only when an object is uploaded. Chunked encoding is supported.|
|Content-MD5||128-bit MD5 hash of the request body which is being sent.|
|Expect||Wait until the header is approved before sending the request body in case it is 100-continue.|
Common response header
The following table describes common response headers.
|Content-Length||Length of the request body (in bytes)|
|Connection||Indicates whether it is connected.|
|Date||Timestamp of the request message|
|ETag||MD5 hash value of the request message|
|x-amz-request-id||Unique ID created when the request is made.|
|Error code||Description||HTTP status code|
|AccessDenied||Access denied.||403 Forbidden|
|BadDigest||The specified Content-MD5 does not match the content received.||400 Bad Request|
|BucketAlreadyExists||The bucket name cannot be used. The namespace of the bucket is shared between all system users. Select another name and try again.||409 Conflict|
|BucketNotEmpty||The bucket you want to delete is not empty.||409 Conflict|
|CredentialsNotSupported||The request does not support credentials.||400 Bad Request|
|EntityTooSmall||The size of the object to upload is smaller than the minimum size allowed.||400 Bad Request|
|EntityTooLarge||The size of the object to upload is larger than the maximum size allowed.||400 Bad Request|
|IncompleteBody||Content-Length HTTP header is not specified.||400 Bad Request|
|IncorrectNumberOfFilesInPostRequest||You can upload only one file with the POST method.||400 Bad Request|
|InlineDataTooLarge||The size of the inline data exceeds the maximum size allowed.||400 Bad Request|
|InternalError||An internal error occurred. Try again.||500 Internal Server Error|
|InvalidAccessKeyId||The AWS access key ID does not exist in the database.||403 Forbidden|
|InvalidArgument||Invalid parameter.||400 Bad Request|
|InvalidArgument||The MD5 hash of the secret key is invalid. MD5 hashes must be encoded with Base64.||400 Bad Request|
|InvalidArgument||The MD5 hash does not match the value you entered.||400 Bad Request|
|InvalidBucketName||The specified bucket is invalid.||400 Bad Request|
|InvalidBucketState||The request is invalid in the current bucket state.||409 Conflict|
|InvalidDigest||The specified Content-MD5 is invalid.||400 Bad Request|
|InvalidEncryptionAlgorithmError||The specified encryption request is invalid. The available value is AES256.||400 Bad Request|
|InvalidLocationConstraint||The location constraint is invalid.||400 Bad Request|
|InvalidObjectState||The operation is invalid in the current object state.||403 Forbidden|
|InvalidPart||One or more parts are not found. The missing parts are not uploaded or the specified entity tag does not match the entity tag of the part.||400 Bad Request|
|InvalidPartOrder||The list of parts is not sorted in ascending order. It must be sorted in ascending order of part numbers.||400 Bad Request|
|InvalidRange||The requested range cannot be satisfied.||416 Requested Range Not Satisfiable|
|InvalidRequest||Use the AWS4-HMAC-SHA256 algorithm.||400 Bad Request|
|InvalidSecurity||The security credentials you entered are invalid.||403 Forbidden|
|InvalidURI||The specified URI cannot be parsed.||400 Bad Request|
|KeyTooLong||The key is too long.||400 Bad Request|
|MalformedACLError||The XML format is invalid, or the posted schema is not validated.||400 Bad Request|
|MalformedPOSTRequest||The multipart/form-data value in the POST request body is invalid.||400 Bad Request|
|MalformedXML||This error occurs when the malformed XML (XML that does not comply with the XSD specification) is sent. The error message is as follows: “The XML you provided was not well-formed or did not validate against our published schema.”||400 Bad Request|
|MaxMessageLengthExceeded||The request is too long.||400 Bad Request|
|MaxPostPreDataLengthExceededError||The POST request field before the file to upload is too big.||400 Bad Request|
|MetadataTooLarge||The header size of metadata exceeds the maximum size allowed.||400 Bad Request|
|MethodNotAllowed||The method cannot use this resource.||405 Method Not Allowed|
|MissingContentLength||Content-Length HTTP header must be provided.||411 Length Required|
|MissingRequestBodyError||This error occurs when you send an empty XML document. The error message is as follows: “Request body is empty.”||400 Bad Request|
|NoSuchBucket||The bucket does not exist.||404 Not Found|
|NoSuchKey||The key does not exist.||404 Not Found|
|NoSuchUpload||The multipart upload does not exist. The upload ID is invalid or the multipart upload may be aborted or completed.||404 Not Found|
|NotImplemented||Feature not implemented.||501 Not Implemented|
|OperationAborted||Conditional operations conflict with this resource. Try again.||409 Conflict|
|PreconditionFailed||One or more preconditions are not fulfilled.||412 Precondition Failed|
|Redirect||Temporarily redirected to a new location.||307 Moved Temporarily|
|RequestIsNotMultiPartContent||The enclosure-type multipart/form-data property must be specified for bucket POST requests.||400 Bad Request|
|RequestTimeout||Timeout occurred before the socket is connected to the server.||400 Bad Request|
|RequestTimeTooSkewed||The time difference between the request time and the server time is too big.||403 Forbidden|
|SignatureDoesNotMatch||The signature you entered does not match the measured signature. Check the AWS secret key and signature method.||403 Forbidden|
|ServiceUnavailable||Make a request less often.||503 Service Unavailable|
|ServiceUnavailable||Make a request less often.||503 Slow Down|
|TemporaryRedirect||Temporarily redirected to buckets while updating DNS.||307 Moved Temporarily|
|TooManyBuckets||You have attempted to create more buckets than allowed.||400 Bad Request|
|UnexpectedContent||The request does not support content.||400 Bad Request|
|UnresolvableGrantByEmailAddress||There is no account matching the email address you entered in the database.||400 Bad Request|
|UserKeyMustBeSpecified||The bucket POST request must contain the specified field name. If the field name is specified, check the order of fields.||400 Bad Request|
NAVER CLOUD PLATFORM’s Object Storage API needs to be authenticated using the authorization header. For more information, Object Storage API Guide.
Access control list
You can grant permissions to access buckets and objects of NAVER CLOUD PLATFORM’s Object Storage to the users using the service.
After signing up NAVER CLOUD PLATFORM’s Object Storage, you can get an ID available in Object Storage.
This ID is used to set access permissions to buckets and objects.
You can also grant public-read and public-write permissions to allow users to access the resources without authentication.
The following table describes permission types and operations available for each permission type.
|Permission||Granted to buckets||Granted to objects|
|READ||Allows grantees to read objects in the bucket.||Allows grantees to read object data and metadata.|
|WRITE||Allows grantees to create a new object or overwrite or delete the existing object.||N/A|
|READ_ACP||Allows grantees to read ACLs of buckets.||Allows grantees to read ACLs of objects.|
|WRITE_ACP||Allows grantees to set ACLs of buckets.||Allows grantees to set ACLs of objects.|
|FULL_CONTROL||Allows grantees to perform all the operations available with the READ, WRITE, READ_ACP, and WRITE_ACP permissions.||Allows grantees to perform all the operations available with the READ, READ_ACP, and WRITE_ACP permissions.|
The following table describes default ACLs supported by NAVER CLOUD PLATFORM’s Object Storage. ACLs not included in the table are not supported.
|private||Buckets and objects||Grants the owner FULL_CONTROL permissions (default).|
|public-read||Buckets and objects||Grants the owner FULL_CONTROL permissions, and all users READ permissions.|
|public-read-write||Buckets and objects||Grants the owner FULL_CONTROL permissions, and all users READ and WRITE permissions.|
|authenticated-read||Buckets and objects||Grants the owner FULL_CONTROL permissions, and all users READ permissions.|
When READ permissions including public-read are applied to a bucket, grantees can only read the objects and cannot access them.