How to use the S3 API
Getting started
To use the API:
- Create a service account.
- Assign the service account the roles required for your project. For more information about roles, see the Identity and Access Management documentation.
- Create a static access key.
To access the HTTP API directly, you need static key authentication, which is supported by the tools listed in Supported tools.
You can safely store an Object Storage static access key in Yandex Lockbox. For more information, see Using a Yandex Lockbox secret to store a static access key.
For a list of supported Amazon S3 HTTP API methods, see the API reference.
General API request format
Note
General Object Storage API request format:
{GET|HEAD|PUT|DELETE} /<bucket_name>/<object_key> HTTP/2
Host: storage.yandexcloud.net
Content-Length: length
Date: date
Authorization: authorization string (AWS Signature Version 4)
Request_body
The request contains an HTTP method, bucket name, and object key.
The bucket name can be specified as part of the host name. In this case, the request will look like this:
{GET|HEAD|PUT|DELETE} /<object_key> HTTP/2
Host: <bucket_name>.storage.yandexcloud.net
...
The set of headers depends on the specific request and is described in the documentation for the corresponding request.
When using the API directly (without an SDK or apps), you need to generate the Authorization
header yourself for signing requests. Find out how to do this in the Amazon S3 documentation: Authenticating Requests (AWS Signature Version 4)
You can work on the request and signature generation process using the AWS CLI in debug mode.
To send a signed request to the S3 API, you can use curl
Request URL
URLs can take one of the following forms:
http(s)://storage.yandexcloud.net/<bucket_name>/<object_key>?<query_parameters>
http(s)://<bucket_name>.storage.yandexcloud.net/<object_key>?<query_parameters>
Note
For buckets with periods in their names, e.g., example.ru
, HTTPS is available only with a URL formatted like https://storage.yandexcloud.net/<bucket_name>/<object_key>?<query_parameters>
. For more information, see Accessing a bucket over HTTPS.
The URL contains the bucket name, object key, and query parameters. See an example of possible query parameters in the Get object method description.
Note
If you use AWS SDK for .NET, access the s3.yandexcloud.net
host.
CORS requests
Cross-domain requests are available for all API methods used for object management.
To check permissions, CORS sends the options preflight request to the resource. Object Storage allows you to skip the preflight request when sending cross-domain requests to resources. In this case, your request's headers must be the same as those of the preflight request.