Object Storage

Overview

NAVER CLOUD PLATFORM’s Object Storage provides S3 API required to manage and use storage.

Version: Amazon S3 v2006-03-01

Request domain (endpoint)

The Object Storage API supports both HTTP and HTTPS, but HTTPS is recommended for data protection.

Request domain by region

Region Region name Request domain
Korea kr-standard https://kr.object.ncloudstorage.com
American West (New) us-standard https://us.object.ncloudstorage.com
Singapore (New) sg-standard https://sg.object.ncloudstorage.com
Japan (New) jp-standard https://jp.object.ncloudstorage.com
German (New) de-standard https://de.object.ncloudstorage.com

More regions will be added constantly.

Authentication key (Credential)

Go to My Page > Manage Account > Manage Auth Key in the portal page to get an API authentication key.



The following sections describe all operations that can be used to access NAVER CLOUD PLATFORM’s Object Storage by using the S3 API. For more information on how to use each operation including code examples, refer to each page of bucket operations and object operations.

Account operation

The only account operation is to get a list of buckets that belong to an account. The number of buckets for an account can be up to 1,000.

Operation Description
GET Account (List Buckets) Gets buckets that belong to the account.

Bucket operations

Bucket operations create, delete, get and control buckets.

GET Bucket (List Objects) Version 2, which gets objects in a bucket, is not supported.

Operation Description
PUT Bucket Creates a bucket. The number of buckets for an account can be up to 1,000.
GET Bucket (List Objects) Gets objects in the bucket. Up to 1000 objects can be listed at a time.
HEAD Bucket Gets bucket headers.
DELETE Bucket Deletes empty buckets.
PUT Bucket ACL Creates an access control list (ACL) to apply to the bucket.
GET Bucket ACL Gets ACLs applied to the bucket.
PUT Bucket CORS Creates cross-origin resource sharing (CORS) settings to apply to the bucket.
GET Bucket CORS Gets CORS settings applied to the bucket.
DELETE Bucket CORS Deletes CORS settings applied to the bucket.
List Multipart Uploads Gets multipart uploads that have not been completed or have canceled.

Object operations

Object operations create, delete, get and control objects.

Operation Description
PUT Object Adds (uploads) an object to the bucket.
PUT Object (Copy) Creates a copy of the object.
GET Object Gets (downloads) objects.
HEAD Object Gets object headers.
DELETE Object Deletes objects from the bucket.
DELETE Multiple Objects Deletes multipart objects from the bucket.
PUT Object ACL Creates an ACL to apply to the object.
GET Object ACL Gets ACLs applied to the object.
OPTIONS Object Checks CORS settings to see if you send a specific request.
Initiate Multipart Upload Creates an upload ID for a set of parts to upload.
Upload Part Uploads a part of the object associated with the upload ID.
Complete Multipart Upload Completes separated objects with the part associated with the upload ID.
Abort Multipart Upload Aborts an upload and deletes the parts associated with the upload ID.

Common header

Common request header

The following table describes common request headers supported by NAVER CLOUD PLATFORM’s Object Storage.

Common headers other than those in the table will be ignored.

Note that some requests may support other headers as described in this document. For more information on how to create an authentication header, refer to “Managing Access.”

Header Description
Authorization Required (AWS Signature Version 4)
Host Required
x-amz-date Required. It can be specified as a date.
x-amz-content-sha256 Required only when an object is uploaded or the request information is included in the body.
Content-Length Required only when an object is uploaded. Chunked encoding is supported.
Content-MD5 128-bit MD5 hash of the request body which is being sent.
Expect Wait until the header is approved before sending the request body in case it is 100-continue.

Common response header

The following table describes common response headers.

Header Description
Content-Length Length of the request body (in bytes)
Connection Indicates whether it is connected.
Date Timestamp of the request message
ETag MD5 hash value of the request message
x-amz-request-id Unique ID created when the request is made.

Error codes

Error code Description HTTP status code
AccessDenied Access denied. 403 Forbidden
BadDigest The specified Content-MD5 does not match the content received. 400 Bad Request
BucketAlreadyExists The bucket name cannot be used. The namespace of the bucket is shared between all system users. Select another name and try again. 409 Conflict
BucketNotEmpty The bucket you want to delete is not empty. 409 Conflict
CredentialsNotSupported The request does not support credentials. 400 Bad Request
EntityTooSmall The size of the object to upload is smaller than the minimum size allowed. 400 Bad Request
EntityTooLarge The size of the object to upload is larger than the maximum size allowed. 400 Bad Request
IncompleteBody Content-Length HTTP header is not specified. 400 Bad Request
IncorrectNumberOfFilesInPostRequest You can upload only one file with the POST method. 400 Bad Request
InlineDataTooLarge The size of the inline data exceeds the maximum size allowed. 400 Bad Request
InternalError An internal error occurred. Try again. 500 Internal Server Error
InvalidAccessKeyId The AWS access key ID does not exist in the database. 403 Forbidden
InvalidArgument Invalid parameter. 400 Bad Request
InvalidArgument The MD5 hash of the secret key is invalid. MD5 hashes must be encoded with Base64. 400 Bad Request
InvalidArgument The MD5 hash does not match the value you entered. 400 Bad Request
InvalidBucketName The specified bucket is invalid. 400 Bad Request
InvalidBucketState The request is invalid in the current bucket state. 409 Conflict
InvalidDigest The specified Content-MD5 is invalid. 400 Bad Request
InvalidEncryptionAlgorithmError The specified encryption request is invalid. The available value is AES256. 400 Bad Request
InvalidLocationConstraint The location constraint is invalid. 400 Bad Request
InvalidObjectState The operation is invalid in the current object state. 403 Forbidden
InvalidPart One or more parts are not found. The missing parts are not uploaded or the specified entity tag does not match the entity tag of the part. 400 Bad Request
InvalidPartOrder The list of parts is not sorted in ascending order. It must be sorted in ascending order of part numbers. 400 Bad Request
InvalidRange The requested range cannot be satisfied. 416 Requested Range Not Satisfiable
InvalidRequest Use the AWS4-HMAC-SHA256 algorithm. 400 Bad Request
InvalidSecurity The security credentials you entered are invalid. 403 Forbidden
InvalidURI The specified URI cannot be parsed. 400 Bad Request
KeyTooLong The key is too long. 400 Bad Request
MalformedACLError The XML format is invalid, or the posted schema is not validated. 400 Bad Request
MalformedPOSTRequest The multipart/form-data value in the POST request body is invalid. 400 Bad Request
MalformedXML This error occurs when the malformed XML (XML that does not comply with the XSD specification) is sent. The error message is as follows: “The XML you provided was not well-formed or did not validate against our published schema.” 400 Bad Request
MaxMessageLengthExceeded The request is too long. 400 Bad Request
MaxPostPreDataLengthExceededError The POST request field before the file to upload is too big. 400 Bad Request
MetadataTooLarge The header size of metadata exceeds the maximum size allowed. 400 Bad Request
MethodNotAllowed The method cannot use this resource. 405 Method Not Allowed
MissingContentLength Content-Length HTTP header must be provided. 411 Length Required
MissingRequestBodyError This error occurs when you send an empty XML document. The error message is as follows: “Request body is empty.” 400 Bad Request
NoSuchBucket The bucket does not exist. 404 Not Found
NoSuchKey The key does not exist. 404 Not Found
NoSuchUpload The multipart upload does not exist. The upload ID is invalid or the multipart upload may be aborted or completed. 404 Not Found
NotImplemented Feature not implemented. 501 Not Implemented
OperationAborted Conditional operations conflict with this resource. Try again. 409 Conflict
PreconditionFailed One or more preconditions are not fulfilled. 412 Precondition Failed
Redirect Temporarily redirected to a new location. 307 Moved Temporarily
RequestIsNotMultiPartContent The enclosure-type multipart/form-data property must be specified for bucket POST requests. 400 Bad Request
RequestTimeout Timeout occurred before the socket is connected to the server. 400 Bad Request
RequestTimeTooSkewed The time difference between the request time and the server time is too big. 403 Forbidden
SignatureDoesNotMatch The signature you entered does not match the measured signature. Check the AWS secret key and signature method. 403 Forbidden
ServiceUnavailable Make a request less often. 503 Service Unavailable
ServiceUnavailable Make a request less often. 503 Slow Down
TemporaryRedirect Temporarily redirected to buckets while updating DNS. 307 Moved Temporarily
TooManyBuckets You have attempted to create more buckets than allowed. 400 Bad Request
UnexpectedContent The request does not support content. 400 Bad Request
UnresolvableGrantByEmailAddress There is no account matching the email address you entered in the database. 400 Bad Request
UserKeyMustBeSpecified The bucket POST request must contain the specified field name. If the field name is specified, check the order of fields. 400 Bad Request

Authentication

NAVER CLOUD PLATFORM’s Object Storage API needs to be authenticated using the authorization header. For more information, Object Storage API Guide.

Access control list

You can grant permissions to access buckets and objects of NAVER CLOUD PLATFORM’s Object Storage to the users using the service.

After signing up NAVER CLOUD PLATFORM’s Object Storage, you can get an ID available in Object Storage.
This ID is used to set access permissions to buckets and objects.

You can also grant public-read and public-write permissions to allow users to access the resources without authentication.

The following table describes permission types and operations available for each permission type.

Permission Granted to buckets Granted to objects
READ Allows grantees to read objects in the bucket. Allows grantees to read object data and metadata.
WRITE Allows grantees to create a new object or overwrite or delete the existing object. N/A
READ_ACP Allows grantees to read ACLs of buckets. Allows grantees to read ACLs of objects.
WRITE_ACP Allows grantees to set ACLs of buckets. Allows grantees to set ACLs of objects.
FULL_CONTROL Allows grantees to perform all the operations available with the READ, WRITE, READ_ACP, and WRITE_ACP permissions. Allows grantees to perform all the operations available with the READ, READ_ACP, and WRITE_ACP permissions.

The following table describes default ACLs supported by NAVER CLOUD PLATFORM’s Object Storage. ACLs not included in the table are not supported.

Default ACL Target Description
private Buckets and objects Grants the owner FULL_CONTROL permissions (default).
public-read Buckets and objects Grants the owner FULL_CONTROL permissions, and all users READ permissions.
public-read-write Buckets and objects Grants the owner FULL_CONTROL permissions, and all users READ and WRITE permissions.
authenticated-read Buckets and objects Grants the owner FULL_CONTROL permissions, and all users READ permissions.

When READ permissions including public-read are applied to a bucket, grantees can only read the objects and cannot access them.