Object Storage overview

Overview

NAVER Cloud Platform Object Storage provides the S3 API for managing and using storage.

Version: Amazon S3 v2006-03-01

Calling domain (endpoint)

While it supports both HTTP/HTTPS protocols, we recommend using HTTPS for data protection.

Calling domains by Region

Region	Region Name	Calling Domain
Korea	kr-standard	https://kr.object.ncloudstorage.com
US West (New)	us-standard	https://us.object.ncloudstorage.com
Singapore (New)	sg-standard	https://sg.object.ncloudstorage.com
Japan (New)	jp-standard	https://jp.object.ncpstorage.com
Germany (New)	de-standard	https://de.object.ncloudstorage.com

We plan to continue to expand the Regions we offer.

Authentication key (credential)

Use the API authentication key created in Portal My Page > Manage account > Manage authentication key.

The following describes all the operations you can use when accessing NAVER Cloud Platform's Object Storage using the S3 API.
For more information on how to use operations, including samples, see the Bucket operations and Object operations pages.

Account-related operations

At the account level, only operations that retrieve bucket lists belonging to that account are supported. The number of buckets for an account is limited to 1000.

Operations	Description
GET Account(List Buckets)	View the bucket list belonging to the account

Bucket operations

The following describes operations that create, delete, view, and control buckets.

GET Bucket (List Objects) Version 2 to view the list of objects in a bucket is not supported.

Operations	Description
PUT Bucket	Create bucket The number of buckets for an account is limited to 1000.
GET Bucket(List Objects)	View objects included in a bucket List up to 1000 objects at a time
HEAD Bucket	View bucket headers
DELETE Bucket	Delete empty buckets
PUT Bucket ACL	Create an access control list (ACL) to apply to a bucket
GET Bucket ACL	View the access control list (ACL) applied to a bucket
PUT Bucket CORS	Create CORS settings to apply to a bucket
GET Bucket CORS	View CORS settings applied to a bucket
DELETE Bucket CORS	Delete CORS settings applied to a bucket
List Multipart Uploads	View incomplete or canceled multipart uploads

Object operations

The following describes operations that create, delete, view, and control objects.

Operations	Description
PUT Object	Add objects to a bucket (upload)
PUT Object (Copy)	Create a copy of an object
GET Object	View objects (download)
HEAD Object	View object headers
DELETE Object	Delete an object from a bucket
DELETE Multiple Objects	Delete a multipart object from a bucket
PUT Object ACL	Create an access control list (ACL) to apply to an object
GET Object ACL	View the access control list (ACL) applied to an object
OPTIONS Object	Check the CORS settings to see if a specific request can be sent
Initiate Multipart Upload	Create an upload ID to assign to the part set to be uploaded
Upload Part	Upload parts of an object associated with an upload ID
Complete Multipart Upload	Combine partitioned objects associated with an upload ID
Abort Multipart Upload	Stop the upload and delete parts associated with the upload ID

Common headers

Common request headers

The following table describes the common request headers supported by NAVER Cloud Platform Object Storage.

NAVER Cloud Platform's Object Storage ignores common headers that are not listed in the following table, even if the request is sent.

However, some requests may support other headers as defined in this document.
More information about creating authentication headers can be found on the "Manage authentication" page.

Headers	Description
Authorization	Required (AWS Signature Version 4)
Host	Required
x-amz-date	Required, may be specified as a date
x-amz-content-sha256	Required However, it is applicable when uploading objects or if the request information is included in the body
Content-Length	Required However, it is applicable when uploading objects Chunked encoding supported
Content-MD5	128-bit MD5 hash value of the body of the request being sent
Expect	If 100-continue, wait for headers to be authorized before sending request body

Common response headers

The following table describes common response headers.

Headers	Description
Content-Length	Length of the request body (unit: bytes)
Connection	Whether it's connected
Date	Timestamp of the request message
ETag	MD5 hash value of the request message
x-amz-request-id	Unique identifier generated on request

Response status codes

Error Code	Description	HTTP status code
AccessDenied	Access denied	403 Forbidden
BadDigest	The specified Content-MD5 doesn't match the received content	400 Bad Request
BucketAlreadyExists	Requested bucket name not available The bucket's namespace is shared by all users on the system Need to select a different name and try again	409 Conflict
BucketNotEmpty	The bucket being deleted is not empty	409 Conflict
CredentialsNotSupported	The request does not support credentials	400 Bad Request
EntityTooSmall	The size of the object being uploaded is smaller than the minimum size allowed	400 Bad Request
EntityTooLarge	The size of the object being uploaded exceeds the maximum size allowed	400 Bad Request
IncompleteBody	No value specified for the Content-Length HTTP header	400 Bad Request
IncorrectNumberOfFilesInPostRequest	Only one file can be uploaded with a POST request	400 Bad Request
InlineDataTooLarge	The size of the inline data exceeds the maximum size allowed	400 Bad Request
InternalError	Internal error occurred Retry required	500 Internal Server Error
InvalidAccessKeyId	The entered AWS access key ID doesn't exist in the database	403 Forbidden
InvalidArgument	Invalid parameter	400 Bad Request
InvalidArgument	Invalid MD5 hash value for secret key MD5 hashes must be Base64-encoded	400 Bad Request
InvalidArgument	MD5 hash value does not match input value	400 Bad Request
InvalidBucketName	Specified bucket is invalid	400 Bad Request
InvalidBucketState	The request is invalid with the current bucket state	409 Conflict
InvalidDigest	The specified Content-MD5 is invalid	400 Bad Request
InvalidEncryptionAlgorithmError	The specified encryption request is invalid Supported values are AES256	400 Bad Request
InvalidLocationConstraint	Location constraint is invalid	400 Bad Request
InvalidObjectState	The operation is invalid in the current object state	403 Forbidden
InvalidPart	One or more of the specified parts could not be found The part might not have been uploaded, or the specified entity tag might not match the entity tag of the part	400 Bad Request
InvalidPartOrder	The part list is not sorted in ascending order They must be sorted by part number	400 Bad Request
InvalidRange	Unable to meet requested range	416 Requested Range Not Satisfiable
InvalidRequest	Need to use the AWS4-HMAC-SHA256 algorithm	400 Bad Request
InvalidSecurity	The security credentials entered are invalid	403 Forbidden
InvalidURI	Unable to parse the syntax of the specified URI	400 Bad Request
KeyTooLong	The key is too long	400 Bad Request
MalformedACLError	The entered XML format is incorrect, or the published schema has not been validated	400 Bad Request
MalformedPOSTRequest	Invalid value for multipart/form-data attribute in POST request body	400 Bad Request
MalformedXML	Error when sending misconfigured XML (XML that doesn't follow XSD conventions) Error message: "The XML you provided was not well-formed or did not validate against our published schema."	400 Bad Request
MaxMessageLengthExceeded	The request is too long	400 Bad Request
MaxPostPreDataLengthExceededError	POST request field in front of upload file is too large	400 Bad Request
MetadataTooLarge	The size of the header in the metadata exceeds the maximum size allowed	400 Bad Request
MethodNotAllowed	The specified method is not available for this resource	405 Method Not Allowed
MissingContentLength	Content-Length HTTP header must be provided	411 Length Required
MissingRequestBodyError	Error when sending an empty XML document Error message: "Request body is empty."	400 Bad Request
NoSuchBucket	Specified bucket does not exist	404 Not Found
NoSuchKey	Specified key does not exist	404 Not Found
NoSuchUpload	Specified multipart upload does not exist The upload ID may be invalid, or the multipart upload may have been aborted or completed	404 Not Found
NotImplemented	Entered headers mean unimplemented features	501 Not Implemented
OperationAborted	Conditional operation conflicts with this resource and needs to be retried	409 Conflict
PreconditionFailed	One or more of the specified prerequisites are not performed	412 Precondition Failed
Redirect	Temporarily redirected to a new location	307 Moved Temporarily
RequestIsNotMultiPartContent	Bucket POST requests must specify an enclosure-type multipart/form-data attribute value	400 Bad Request
RequestTimeout	Socket connection failed to reach the server within the timeout period	400 Bad Request
RequestTimeTooSkewed	The difference between request time and server time is too large	403 Forbidden
SignatureDoesNotMatch	The entered signature value does not match the measured signature value Need to verify AWS secret key and signing method	403 Forbidden
ServiceUnavailable	Need to reduce request frequency	503 Service Unavailable
SlowDown	Need to reduce request frequency	503 Slow Down
TemporaryRedirect	Redirect to bucket while updating DNS	307 Moved Temporarily
TooManyBuckets	Maximum number of buckets allowed to be created	400 Bad Request
UnexpectedContent	The request does not support the content	400 Bad Request
UnresolvableGrantByEmailAddress	The account matching the entered email address doesn't exist in the database	400 Bad Request
UserKeyMustBeSpecified	Bucket POST requests must include the specified field names If field names are specified, check field order	400 Bad Request

Authentication

NAVER Cloud Platform's Object Storage APIs are authenticated through the Authorization header, and you can see the authentication method in the Object Storage API User Guide.

Access control list (ACL)

You can grant access to buckets and objects to members who are using NAVER Cloud Platform's Object Storage service.

When a member subscribes to NAVER Cloud Platform's Object Storage, they are issued an ID that can be used in Object Storage.
This ID is used to set access permissions for buckets and objects.

You can also set public-read and public-write permissions to allow access without authentication.

The following table describes the types of permissions and the possible operations when they are granted.

Permission	When granted to a bucket	When granted to an object
READ	View the list of objects in buckets	Read object data and metadata
WRITE	Create new objects or overwrite or delete existing objects	N/A
READ_ACP	View bucket ACL	View object ACL
WRITE_ACP	Set bucket ACL	Set object ACL
FULL_CONTROL	Perform all operations possible with READ, WRITE, READ_ACP, and WRITE_ACP permissions	Perform all operations possible with READ, READ_ACP, and WRITE_ACP permissions

The following table describes the default ACLs supported by NAVER Cloud Platform Object Storage. Values not mentioned in this table are not supported.

Default ACL	Application target	Description
private	Bucket, object	Grant FULL_CONTROL permissions to the owner (default)
public-read	Bucket, object	Grant FULL_CONTROL permissions to the owner and READ permissions to all users
public-read-write	Bucket, object	Grant FULL_CONTROL permissions to the owner and READ and WRITE permissions to all users
authenticated-read	Bucket, object	Grant FULL_CONTROL permissions to the owner and READ permissions to authenticated users

When READ permissions are applied to a bucket, including public-read, you can only view the objects, but not access the objects themselves.