DigitalOcean Spaces API

Welcome to the DigitalOcean Spaces object storage API documentation.

Spaces provides a RESTful XML API for programatically managing the data you store through the use of standard HTTP requests. The API is interoperable with Amazon's AWS S3 API allowing you to interact with the service while using the tools you already know.

This API documentation will start by covering a number of general concepts, followed by reference information about specific endpoints.

AWS S3 Compatibility

The Spaces API aims to be interoperable with Amazon's AWS S3 API. In most cases, when using a client library, setting the "endpoint" or "base" URL to ${REGION}.digitaloceanspaces.com and generating a Spaces key to replace your AWS IAM key will allow you to use Spaces in place of S3.

Spaces provides support for create, read, update, and delete (CRUD) operations for both buckets (Spaces) and objects as well as the ability to define access control lists (ACLs). Some S3 features are not supported as show in the table below:

Feature Supported
Bucket CRUD Yes
Object CRUD Yes
Multipart Uploads Yes
Pre-Signed URLs Yes (v2 and v4 signature types)
Bucket ACLs Yes
Object ACLs Yes
Bucket Policies No
Object Policies No
Bucket Versioning Yes (API Only)
Bucket Replication No
Bucket Notifications No
Object Tagging No
Request Payment No
Bucket Lifecycle Yes (Object expiration and removing incomplete multipart uploads)
Bucket Inventory No
Bucket Access Logging No
Bucket Websites Private Beta

AWS S3 Compatibility

Python Example

import boto3
from botocore.client import Config

# Initialize a session using DigitalOcean Spaces.
session = boto3.session.Session()
client = session.client('s3',
                        region_name='nyc3',
                        endpoint_url='https://nyc3.digitaloceanspaces.com',
                        aws_access_key_id='532SZONTQ6ALKBCU94OU',
                        aws_secret_access_key='zCkY83KVDXD8u83RouEYPKEm/dhPSPB45XsfnWj8fxQ')

# Create a new Space.
client.create_bucket(Bucket='my-new-space')

# List all buckets on your account.
response = client.list_buckets()
spaces = [space['Name'] for space in response['Buckets']]
print("Spaces List: %s" % spaces)

Go Example

package main

import (
    "fmt"
    "log"
    "os"

    "github.com/minio/minio-go"
)

func main() {
    accessKey := os.Getenv("SPACES_KEY")
    secKey := os.Getenv("SPACES_SECRET")
    endpoint := "nyc3.digitaloceanspaces.com"
    spaceName := "my-new-space" // Space names must be globally unique
    ssl := true

    // Initiate a client using DigitalOcean Spaces.
    client, err := minio.New(endpoint, accessKey, secKey, ssl)
    if err != nil {
        log.Fatal(err)
    }

    // Create a new Space.
    err = client.MakeBucket(spaceName, "us-east-1")
    if err != nil {
        log.Fatal(err)
    }

    // List all Spaces.
    spaces, err := client.ListBuckets()
    if err != nil {
        log.Fatal(err)
    }
    for _, space := range spaces {
        fmt.Println(space.Name)
    }
}

Authentication

Requests to the Spaces API must include an HTTP Authorization header. The AWS v4 Signature type is supported (with the exception of pre-signed URLs) as well as the AWS v2 Signature type for compatibility with older clients. Throughout the examples below, v4 signatures are used. When making use of a client library, signatures will be generated for you automatically.

You can generate the needed Access Key and Secret Key by visiting the Apps & API section of the DigitalOcean control panel for your account.

A v4 signature consists of a number of parts. The table below describes each piece of the example individually:

AWS4-HMAC-SHA256 Indicates AWS Signature Version 4 (AWS4) and the signing algorithm (HMAC-SHA256).
Credential Contains your access key and information about the request in the format: ${ACESS_KEY}/${YYYMMDD}/${REGION_SLUG}/s3/aws4_request
SignedHeaders A lower-cased list of the names of the request headers used when computing the signature. (e.g. host;x-amz-acl;x-amz-content-sha256;x-amz-date)
Signature A signed hash consisting of a hash of the request body, your secret key, and information about the request (i.e. the canonical request). A "psuedo-code" example is provided to demonstrate how this is calculated.

The canonical request included in the signature is made up of:

  • The HTTP request method used.
  • The path component of the request URI.
  • The query string parameters included in the request.
  • The list of request headers and their values, newline separated, lower-cased, and trimmed of whitespace.
  • The list of header names without their values, sorted alphabetically, lower-cased, and semicolon-separated.
  • The SHA256 hash of the request body.

For example, for the following request:

GET /?acl HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170804T221549Z

This would be the canonical request:

GET
/
acl=
host:static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20170804T221549Z

host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Authentication

Example Authorization Header

Authorization: AWS4-HMAC-SHA256
Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,
SignedHeaders=host;x-amz-acl;x-amz-content-sha256;x-amz-date,
Signature=6cab03bef74a80a0441ab7fd33c829a2cdb46bba07e82da518cdb78ac238fda5

Signing Example (psuedo-code)

canonicalRequest = `
${HTTPMethod}\n
${canonicalURI}\n
${canonicalQueryString}\n
${canonicalHeaders}\n
${signedHeaders}\n
${hashedPayload}
`

stringToSign = "AWS4-HMAC-SHA256" + "\n" +
    date(format=ISO08601) + "\n" +
    date(format=YYYYMMDD) + "/" + ${REGION} + "/" + "s3/aws4_request" + "\n" +
    Hex(SHA256Hash(canonicalRequest))

dateKey = HMAC-SHA256("AWS4" + ${SECRET_KEY}, date(format=YYYYMMDD))
dateRegionKey = HMAC-SHA256(dateKey, ${REGION})
dateRegionServiceKey = HMAC-SHA256(dateRegionKey, "s3")
signingKey = HMAC-SHA256(dateRegionServiceKey, "aws4_request")

signature = Hex(HMAC-SHA256(signingKey, stringToSign))

Access Control Lists (ACLs)

Spaces supports a limited set of access controls for buckets and objects. They can be configured by making a PUT request with an XML body consisting of an AccessControlPolicy element. It should contain both Grantee and Permission elements. Grantee may either contain the owner's ID or a URI element representing the AllUsers group. The available Permission values are:

Name Description
FULL_CONTROL Grants full access including read and write permissions to the object or bucket.
READ Grants read access to the object or bucket.

To make a bucket or object private, create an AccessControlPolicy only containing a FULL_CONTROL grant for the owner. To allow public read access, the AccessControlPolicy should contain both a FULL_CONTROL grant for the owner as well as READ grand for the AllUsers group. (See the full reference documentation below for more information on the specific requests.)

For convenience, "canned ACLs" can be used in place of uploading an AccessControlPolicy. They are a set of pre-defined access controls that can be specified through the use of the x-amz-acl header when making a request. Currently Spaces supports these values:

Name Description
private Grants full access (FULL_CONTROL) to the owner. No unauthenticated, public access is permitted.
public-read Grants full access (FULL_CONTROL) to the owner while permitting unauthenticated, public READ access.

Access Control Lists (ACLs)

Private ACL Example

<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Owner>
    <ID>6174283</ID>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
        <ID>6174283</ID>
      </Grantee>
      <Permission>FULL_CONTROL</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>

Public Read ACL Example

<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Owner>
    <ID>6174283</ID>
    <DisplayName>6174283</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
        <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
      </Grantee>
      <Permission>READ</Permission>
    </Grant>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
        <ID>6174283</ID>
      </Grantee>
      <Permission>FULL_CONTROL</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>

Common Headers

There are a number of common headers that may be used in most requests.

Name Description
Authorization The authorization details for the request in either the AWS Signature Version 4 or AWS Signature Version 2 format (see Authentication for more information).
Content-Length The length in bytes of the request body. Required with PUT requests containing an XML body.
Content-Type The MIME type of the request body (e.g. text/plain).
Date The current date and time date in Coordinated Universal Time (UTC) using RFC 2822 format. Example: Mon, 10 Jul 2017 19:05:09 +0000
Host The target host for the request (e.g. ${REGION}.digitaloceanspaces.com or ${BUCKET}.${REGION}.digitaloceanspaces.com).
x-amz-content-sha256 The SHA256 hash of the request payload. Required when using AWS Signature Version 4 for authentication.
x-amz-date The current date and time date in Coordinated Universal Time (UTC) using the ISO 8601 format: %Y%m%dT%H%M%SZ (e.g. 20170803T172753Z). When provided, it takes precedence over the "Date" header.

Likewise, these common headers may be received in most responses:

Name Description
Content-Length The length in bytes of the response body.
Content-Type The MIME type of the request body (e.g. text/plain).
Connection An indicator of whether the connection to the server is open or closed.
Date The date and time date of the response in Coordinated Universal Time (UTC).
ETag The entity tag containing an MD5 hash of the object.
x-amz-request-id The unique identifier for the request.

Bucket Operations

Create a Bucket

To create a new bucket, send a PUT request to ${BUCKET}.${REGION}.digitaloceanspaces.com

In addition to the common headers, the following headers may also be supplied:

Name Description Required
x-amz-acl A "canned" ACL specifying access rules for the bucket (private or public-read). Defaults to private No

For compatibility purposes, the body of the request may contain an XML object with an element named CreateBucketConfiguration containing configuration information for the bucket, specifically its location. As the region is also specified in the hostname, including this in the request is not strictly necessary.

Name Description Required
LocationConstraint The region where the bucket will be created (e.g. nyc3). No

Create a Bucket

Example Request

PUT / HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-acl: public-read
x-amz-content-sha256: c6f1fc479f5f690c443b73a258aacc06ddad09eca0b001e9640ff2cd56fe5710
x-amz-date: 20170710T173143Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-acl;x-amz-content-sha256;x-amz-date,Signature=6cab03bef74a80a0441ab7fd33c829a2cdb46bba07e82da518cdb78ac238fda5

<CreateBucketConfiguration>
  <LocationConstraint>nyc3</LocationConstraint>
</CreateBucketConfiguration>

Example Response

HTTP/1.1 200 OK

Date: Mon, 10 Jul 2017 17:31:43 GMT
Content-Length: 0
Content-Type: text/plain;charset=utf-8
Connection: close

List All Buckets

To list all existing buckets in a region, send a GET request to ${REGION}.digitaloceanspaces.com

The body of the response will contain an XML element named ListAllMyBucketsResult containing a list of XML objects with the following elements representing each bucket:

Name Description
Owner A container holding elements with information about the bucket's owner.
ID An element containing the ID of the bucket's owner as its value.
DisplayName An element containing the DisplayName of the bucket's owner as its value. Provided for compatiblity purposes, will have the same value as the ID.
Buckets A container holding a list of elements describing each bucket.
Bucket A container holding elements with details about a single bucket.
Name An element containing the name of the bucket.
CreationDate An element containing the the date of the bucket's creation in the format: %Y-%m-%dT%H:%M:%S.%3NZ (e.g. 2017-06-23T18:37:48.157Z)

List All Buckets

Example Request

GET / HTTP/1.1

Host: nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170711T183940Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170711/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=245e867a6a653b7b88cbb71a734dacf2cbb4ba927d9aa5fdce57c85ab4f2b40b

Example Response

HTTP/1.1 200 OK

x-amz-request-id: tx000000000000002ba2427-0059651b6d-1268c-nyc3a
Date: Mon, 10 Jul 2017 17:31:43 GMT
Content-Length: 523
Content-Type: text/plain
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
  <ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <Owner>
      <ID>6174283</ID>
      <DisplayName>6174283</DisplayName>
    </Owner>
    <Buckets>
      <Bucket>
        <Name>static-images</Name>
        <CreationDate>2017-06-23T18:37:48.157Z</CreationDate>
      </Bucket>
    <Buckets>
      <Bucket>
        <Name>log-files</Name>
        <CreationDate>2017-06-23T18:37:48.157Z</CreationDate>
      </Bucket>
    </Buckets>
  </ListAllMyBucketsResult>

List a Bucket's Contents

To list the contents of a bucket, send a GET request to ${BUCKET}.${REGION}.digitaloceanspaces.com/

Note: The version 2 list type is not currently supported.

The following query parameters can be included in the request in order to filter the results included in the response:

Name Description Required
delimiter A single character used to group keys. When specified, the response will only contain keys up to its first occurrence. (E.g. Using a slash as the delimiter can allow you to list keys as if they were folders, especially in combination with a prefix.) No
marker The key (object name) to start with when listing objects. For use with pagination (e.g. when then number of objects in the result exceeds the specified max-keys). No
max-keys The maximum number of objects to return. Defaults to 1,000. No
prefix A string used to group keys. When specified, the response will only contain objects with keys beginning with the string. No

The body of the response will contain an XML element named ListBucketResult containing a list of XML objects with the following elements representing each object in the bucket:

Name Description
Name The name of the bucket.
Prefix The specified prefix if supplied as a query parameter.
Marker A key denoting where the list of objects begins. If empty, this indicates the beginning of the list.
NextMarker Specifies the key which should be used with the maker query parameter in subsistent requests. This is only returned if a delimiter was provided with the request and IsTruncated is true.
MaxKeys The maximum number of objects to return. Defaults to 1,000.
IsTruncated A boolean indicating whether all objects are included in the response.
Contents A container holding elements with information about the objects in the bucket.
Key The object's key.
LastModified The date and time that the object was last modified in the format: %Y-%m-%dT%H:%M:%S.%3NZ (e.g. 2017-06-23T18:37:48.157Z)
ETag The entity tag containing an MD5 hash of the object.
Size The size of the object in bytes.
StorageClass Provided for compatibility purposes. The value will always be STANDARD.
Owner A container holding elements with information about the bucket's owner.
ID An element containing the ID of the bucket's owner as its value.
DisplayName An element containing the DisplayName of the bucket's owner as its value. Provided for compatibility purposes, will have the same value as the ID.

List a Bucket's Contents

Example Request

GET / HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170714T172613Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=de1bf8931e315c0576edb81a7d8be98874e847548fc70682f6c646e1cfd9177a

Example Response

HTTP/1.1 200 OK

x-amz-request-id: tx00000000000000029ac87-0059690330-8d1a-nyc3a
Date: Mon, 10 Jul 2017 17:31:43 GMT
Content-Length: 775
Content-Type: application/xml
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Name>static-images</Name>
  <Prefix/>
  <MaxKeys>1000</MaxKeys>
  <IsTruncated>false</IsTruncated>
  <Contents>
    <Key>example.txt</Key>
    <LastModified>2017-07-13T18:40:46.777Z</LastModified>
    <ETag>"b3a92f49e7ae64acbf6b3e76f2040f5e"</ETag>
    <Size>14</Size>
    <StorageClass>STANDARD</StorageClass>
    <Owner>
      <ID>6174283</ID>
      <DisplayName>6174283</DisplayName>
    </Owner>
  </Contents>
  <Contents>
    <Key>sammy.png</Key>
    <LastModified>2017-07-14T17:44:03.597Z</LastModified>
    <ETag>"fb08934ef619f205f272b0adfd6c018c"</ETag>
    <Size>35369</Size>
    <StorageClass>STANDARD</StorageClass>
    <Owner>
      <ID>6174283</ID>
      <DisplayName>6174283</DisplayName>
    </Owner>
  </Contents>
</ListBucketResult>

Delete a Bucket

To delete an empty bucket, send a DELETE request to ${BUCKET}.${REGION}.digitaloceanspaces.com This API call can only be used to delete an empty bucket.

Success will be indicated by receiving 204 (No Content) as the response code.

If you receive 409 (BucketNotEmpty) as the response code, it means that you have objects in the bucket. You will need to remove all of the objects from the bucket (move or delete) before you can delete the bucket itself.

Delete a Bucket

Example Request

DELETE / HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170710T181321Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=b0558a25e794bced1ca9b620b4318bb8eb62ddbd34e2b9c1921034bc5acd597b

Example Response

HTTP/1.1 204 No Content

Date: Mon, 10 Jul 2017 18:13:21 GMT
Connection: close

Get a Bucket's Location

To retrieve a bucket's location, send a GET request to ${BUCKET}.${REGION}.digitaloceanspaces.com/?location

The body of the response will contain an XML element named LocationConstraint containing the "slug" for the region where the bucket is located.

Name Description
LocationConstraint A "slug" representing the region where the bucket is located (e.g. nyc3).

Get a Bucket's Location

Example Request

GET /?location HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170710T174432Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=0d0a16e9c86386305e3e1a809b7d5f0042c5a702d7ff6616013beeb865f9d728

Example Response

HTTP/1.1 200 OK

Date: Mon, 10 Jul 2017 17:44:33 GMT
x-amz-request-id: tx000000000000002764f2e-005963bd01-1268c-nyc3a
Content-Length: 127
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
  <LocationConstraint xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    nyc3
  </LocationConstraint>

Get a Bucket's ACLs

To retrieve a bucket's Access Control List, send a GET request to ${BUCKET}.${REGION}.digitaloceanspaces.com/?acl

The body of the response will include an XML element named AccessControlPolicy containing information about the ACLs applied to the bucket.

Name Description
Owner A container holding elements with information about the bucket's owner.
ID An element containing the ID of the bucket's owner as its value.
DisplayName An element containing the DisplayName of the bucket's owner as its value. Provided for compatibility purposes, will have the same value as the ID.
AccessControlList A container holding a list of elements describing one or more access grants.
Grant A container for an individual access grant.
Grantee A container holding information about to whom an access grant is applied. If it applies to an individual account (i.e. the bucket's owner) it will contain ID and Owner elements. If the grant applies to a group (i.e. AllUsers) it will contain a URI element.
URI A URI specifying a group of users. At this time, only http://acs.amazonaws.com/groups/global/AllUsers is supported.
Permission The level of access granted. At this time, the only supported values are FULL_CONTROL and READ.

Get a Bucket's ACLs

Example Request

GET /?acl HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170710T174434Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=71dfa4666fb740d40d05307a29321c65cc620cdb17e8a9cb83d4f0e1b1b9d236

Example Response

HTTP/1.1 200 OK

Date: Mon, 10 Jul 2017 17:44:35 GMT
x-amz-request-id: tx000000000000002764fa6-005963bd03-1268c-nyc3a
Content-Type: application/xml
Content-Length: 621
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
  <AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <Owner>
      <ID>6174283</ID>
      <DisplayName>6174283</DisplayName>
    </Owner>
    <AccessControlList>
      <Grant>
        <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
          <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
        </Grantee>
        <Permission>READ</Permission>
      </Grant>
      <Grant>
        <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
          <ID>6174283</ID>
          <DisplayName>6174283</DisplayName>
        </Grantee>
        <Permission>FULL_CONTROL</Permission>
      </Grant>
    </AccessControlList>
  </AccessControlPolicy>

Set a Bucket's ACLs

To modify a bucket's Access Control List, send a PUT request to ${BUCKET}.${REGION}.digitaloceanspaces.com/?acl

The body of the request should include an XML element named AccessControlPolicy containing information about the ACLs to be applied to the bucket.

Name Description
Owner A container holding elements with information about the bucket's owner.
ID An element containing the ID of the bucket's owner as its value.
AccessControlList A container holding a list of elements describing one or more access grants.
Grant A container for an individual access grant.
Grantee A container holding information about to whom an access grant is applied. If it applies to an individual account (i.e. the bucket's owner) it will contain ID and Owner elements. If the grant applies to a group (i.e. AllUsers) it will contain a URI element.
URI A URI specifying a group of users. At this time, only http://acs.amazonaws.com/groups/global/AllUsers is supported.
Permission The level of access granted. At this time, the only supported values are FULL_CONTROL and READ.

Set a Bucket's ACLs

Example Request

PUT /?acl HTTP/1.1

content-type:application/xml
Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: 724483e3830b19d6960345c484fb7904b26e8f2fb34a6c002fa779353b68c8d8
x-amz-date: 20170710T183709Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date,Signature=1cf3f7771a4086375e5b6597026db6d55d84fbc86e3c3a86ec420ea9123e3163

<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Owner>
    <ID>6174283</ID>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
        <ID>6174283</ID>
      </Grantee>
      <Permission>FULL_CONTROL</Permission>
    </Grant>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
        <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
      </Grantee>
      <Permission>READ</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>

Example Response

HTTP/1.1 200 OK

Date: Mon, 10 Jul 2017 18:37:10 GMT
x-amz-request-id: tx00000000000000278ac49-005963c956-1268c-nyc3a
Content-Type: application/xml
Content-Length: 0
Connection: close

Get a Bucket's CORS

To retrieve a bucket's Cross-Origin Resource Sharing (CORS) configuration, send a GET request to ${BUCKET}.${REGION}.digitaloceanspaces.com/?cors

The body of the response will include an XML element named CORSConfiguration containing information about how the bucket is configured to handle cross-origin requests.

Name Description
CORSRule A container holding a list of elements describing allowed methods for a specific origin.
AllowedMethod An individual HTTP method (e.g. GET) which is allowed from the specified origin.
AllowedOrigin A host from which requests using the specified methods are allowed. It may contain one wildcard (e.g. http://*.example.com).
AllowedHeader A header that will be included in the CORS preflight request's Access-Control-Request-Headers. It may contain one wildcard (e.g. x-amz-*).

Get a Bucket's CORS

Example Request

GET /?cors HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170710T185319Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=f7d7879992a9f3a06ddacd59e53ac318e99b2ed6230692b30099739e34469a91

Example Response

HTTP/1.1 200 OK

Date: Mon, 10 Jul 2017 18:53:20 GMT
x-amz-request-id: tx00000000000000279651f-005963cd20-1268c-nyc3a
Content-Type: application/xml
Content-Length: 390
Connection: close

<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <CORSRule>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>DELETE</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedOrigin>http://example.com</AllowedOrigin>
    <AllowedHeader>*</AllowedHeader>
  </CORSRule>
  <CORSRule>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedOrigin>*</AllowedOrigin>
  </CORSRule>
</CORSConfiguration>

Set a Bucket's CORS

To configure Cross-Origin Resource Sharing (CORS) for a bucket, send a PUT request to ${BUCKET}.${REGION}.digitaloceanspaces.com/?cors

The body of the request should include an XML element named CORSConfiguration containing the desired configuration information for handling cross-origin requests.

Name Description
CORSRule A container holding a list of elements describing allowed methods for a specific origin.
AllowedMethod An individual HTTP method (e.g. GET) which is allowed from the specified origin.
AllowedOrigin A host from which requests using the specified methods are allowed. It may contain one wildcard (e.g. http://*.example.com).
AllowedHeader A header that will be included in the CORS preflight request's Access-Control-Request-Headers. It may contain one wildcard (e.g. x-amz-*).

Set a Bucket's CORS

Example Request

PUT /?cors HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
Content-Length: 374
Content-Type: application/xml
x-amz-content-sha256: 745320970930725bd18820ec990f7334960f0a47358be189e77504cc094be77e
x-amz-date: 20170710T185043Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=content-md5;content-type;host;x-amz-content-sha256;x-amz-date,Signature=f52b2bfb6ec975c86cadd2e51a6ee9842c6151b737e46ce90a3cb3cc0d0dea97

<CORSConfiguration>
 <CORSRule>
   <AllowedOrigin>http://example.com</AllowedOrigin>

   <AllowedMethod>PUT</AllowedMethod>
   <AllowedMethod>POST</AllowedMethod>
   <AllowedMethod>DELETE</AllowedMethod>

   <AllowedHeader>*</AllowedHeader>
 </CORSRule>
 <CORSRule>
   <AllowedOrigin>*</AllowedOrigin>
   <AllowedMethod>GET</AllowedMethod>
 </CORSRule>
</CORSConfiguration>

Example Response

HTTP/1.1 200 OK

Date: Mon, 10 Jul 2017 18:50:44 GMT
x-amz-request-id: tx0000000000000027946fc-005963cc84-1268c-nyc3a
Content-Type: application/xml
Content-Length: 0
Connection: close

Delete a Bucket's CORS

To delete a bucket's Cross-Origin Resource Sharing (CORS) configuration, send a DELETE request to ${BUCKET}.${REGION}.digitaloceanspaces.com/?cors

Success will be indicated by receiving 204 (No Content) as the response code.

Delete a Bucket's CORS

Example Request

DELETE /static-images?cors HTTP/1.1

Host: nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170714T182537Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=content-md5;content-type;host;x-amz-content-sha256;x-amz-date,Signature=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Example Response

HTTP/1.1 204 No Content

Date: Fri, 14 Jul 2017 18:25:38 GMT
x-amz-request-id: tx0000000000000002fae1f-0059690ca2-6441-nyc3a
Connection: close

Get a Bucket Website (Beta)

To retrieve a information about a bucket's static website configuration, send a GET request to ${BUCKET}.${REGION}.digitaloceanspaces.com/?website

The body of the response will include an XML element named WebsiteConfiguration containing information about how the site has been configured.

Name Description
IndexDocument A container holding the Suffix element.
Suffix The default object to be served when accessing a directory. For example, if the configured suffix is index.html, a request to static-site/ will serve static-site/index.html.
ErrorDocument A container holding the Key element.
Key The object to be served when an HTTP status in the 400 range is returned.
RoutingRules A container holding a list of RoutingRule elements.
RoutingRule A container holding an individual routing rule made up of at least a Redirect element as well as a number of optional configuration details.
Condition A container holding elements that describe a condition for when the specified redirect will be applied.
KeyPrefixEquals The prefix to an object name that triggers a redirect. For example, if redirecting js/ to javascript/, the value of KeyPrefixEquals should be set to js/ while the value of ReplaceKeyPrefixWith should be javascript/.
HttpErrorCodeReturnedEquals An HTTP error code that triggers a redirect. For example, to redirect all request that result in an HTTP status code of 403 ("access denied") to a specified object, the value would be 403.
Redirect A container holding elements that describe the redirect to be applied when the specified condition is met.
Protocol The protocol used in the redirect request (i.e. http or https).
HostName The hostname used in the redirect request.
ReplaceKeyPrefixWith The prefix to an object name used when redirecting a request. For example, if redirecting js/ to javascript/, the value of KeyPrefixEquals should be set to js/ while the value of ReplaceKeyPrefixWith should be javascript/.
ReplaceKeyWith The name of the object to which the request will be redirected.
HttpRedirectCode The HTTP status code to be used in the redirect response (e.g. 301 or 303).

Get a Bucket's Website

Example Request

GET /?website HTTP/1.1

Host: static-site.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20171213T204443Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20171213/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=2b514009c14f9ee0f1ad4e6df385dff606a2f41d226e1f1323dc6c5acb2ad9e0

Example Response

HTTP/1.1 200 OK

Date: Mon, 13 Dec 2017 17:31:43 GMT
x-amz-request-id: tx00000000000000279651f-005963cd20-1268c-nyc3a
Content-Type: application/xml
Content-Length: 397
Connection: close

<WebsiteConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <IndexDocument>
    <Suffix>index.html</Suffix>
  </IndexDocument>
  <ErrorDocument>
    <Key>error.html</Key>
  </ErrorDocument>
  <RoutingRules>
    <RoutingRule>
      <Condition>
        <KeyPrefixEquals>docs/</KeyPrefixEquals>
      </Condition>
      <Redirect>
        <ReplaceKeyPrefixWith>documents/</ReplaceKeyPrefixWith>
      </Redirect>
    </RoutingRule>
  </RoutingRules>
</WebsiteConfiguration>

Create Bucket Website (Beta)

In order to configure a bucket to serve as a static website, send a PUT request to ${BUCKET}.${REGION}.digitaloceanspaces.com/?website

The body of the request should include an XML element named WebsiteConfiguration containing the desired configuration information for website.

Name Description Required
IndexDocument A container holding the Suffix element. Yes
Suffix The default object to be served when accessing a directory. For example, if the configured suffix is index.html, a request to static-site/ will serve static-site/index.html. Yes
ErrorDocument A container holding the Key element. No
Key The object to be served when an HTTP status in the 400 range is returned. No
RoutingRules A container holding a list of RoutingRule elements. No
RoutingRule A container holding an individual routing rule made up of at least a Redirect element as well as a number of optional configuration details. No
Condition A container holding elements that describe a condition for when the specified redirect will be applied. No
KeyPrefixEquals The prefix to an object name that triggers a redirect. For example, if redirecting js/ to javascript/, the value of KeyPrefixEquals should be set to js/ while the value of ReplaceKeyPrefixWith should be javascript/. No
HttpErrorCodeReturnedEquals An HTTP error code that triggers a redirect. For example, to redirect all request that result in an HTTP status code of 403 ("access denied") to a specified object, the value would be 403. No
Redirect A container holding elements that describe the redirect to be applied when the specified condition is met. No
Protocol The protocol used in the redirect request (i.e. http or https). No
HostName The hostname used in the redirect request. No
ReplaceKeyPrefixWith The prefix to an object name used when redirecting a request. For example, if redirecting js/ to javascript/, the value of KeyPrefixEquals should be set to js/ while the value of ReplaceKeyPrefixWith should be javascript/. No
ReplaceKeyWith The name of the object to which the request will be redirected. No
HttpRedirectCode The HTTP status code to be used in the redirect response (e.g. 301 or 303). No

Configure Bucket Website

Example Request

PUT /?website HTTP/1.1

Host: static-site.nyc3.digitaloceanspaces.com
x-amz-content-sha256: 31b436f9a006343c5eb9bd9b3feb2103d488b4fbf606c5b8fdc2a12657174e7c
x-amz-date: 20171213T201207Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20171213/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=2b514009c14f9ee0f1ad4e6df385dff606a2f41d226e1f1323dc6c5acb2ad9e0

<WebsiteConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <IndexDocument>
    <Suffix>index.html</Suffix>
  </IndexDocument>
  <ErrorDocument>
    <Key>error.html</Key>
  </ErrorDocument>
  <RoutingRules>
    <RoutingRule>
      <Condition>
        <KeyPrefixEquals>docs/</KeyPrefixEquals>
      </Condition>
      <Redirect>
        <ReplaceKeyPrefixWith>documents/</ReplaceKeyPrefixWith>
      </Redirect>
    </RoutingRule>
  </RoutingRules>
</WebsiteConfiguration>

Example Response

HTTP/1.1 200 OK

Date: Mon, 13 Dec 2017 17:31:43 GMT
Content-Length: 0
Content-Type: text/plain;charset=utf-8
Connection: close

Delete a Bucket Website (Beta)

To delete a bucket's website configuration, send a DELETE request to ${BUCKET}.${REGION}.digitaloceanspaces.com/?website

Success will be indicated by receiving 204 (No Content) as the response code.

Delete a Bucket Website

Example Request

DELETE /?website HTTP/1.1

Host: static-site.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20171213T204101Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20171213/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=376fe41764fe6493a33160b36055d8f617b92f9337bce0cf91bc9c5b1e7482b2

Example Response

HTTP/1.1 204 No Content

Date: Mon, 12 Dec 2017 18:13:21 GMT
Connection: close

Get a Bucket's Lifecycle Rules

To retrieve a information about the lifecycle rules configured for a Space, send a GET request to ${BUCKET}.${REGION}.digitaloceanspaces.com/?lifecycle

The body of the response will include an XML element named LifecycleConfiguration containing a list of Rule objects.

Name Description
Rule A container holding elements with information about a singe lifecycle rule.
ID A unique string identifying the rule. It may contain up to 255 characters including spaces.
Status A string that specifies whether or not the lifecycle rule will be acted upon. The only valid values are Enabled or Disabled.
Prefix A string specifying the objects to which the rule will be applied. When provided, only objects whose keys begin with the prefix will be acted upon. If empty or not present, all object in the Space will be affected.
Expiration When present, matching objects are expired and automatically deleted. This container will specify either a Date or Days element.
Days An integer specifying the number of days after an object's creation until the rule takes effect.
Date A date in ISO 8601 format specifying the day that the rule takes effect. The action will be run at midnight UTC.
AbortIncompleteMultipartUpload When present, incomplete multipart uploads of matching objects will be removed. This container will specify a DaysAfterInitiation element.
DaysAfterInitiation An integer specifying the number of days after an incomplete multipart upload was initiated until the rule takes effect.

Get a Bucket's Lifecycle Rules

Example Request

GET /?lifecycle HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20180119T001757Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=e92e48fb16dad3d9d332460adde86493b8930262d9385e002b0408e17a2781f4

Example Response

HTTP/1.1 200 OK

Date: Mon, 10 Jul 2017 17:44:35 GMT
x-amz-request-id: tx000000000000000023935-005a613936-fcf92-nyc3a
Content-Type: application/xml
Content-Length: 456
Connection: close

<LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Rule>
    <ID>Expire old logs</ID>
    <Prefix>logs/</Prefix>
    <Status>Enabled</Status>
    <Expiration>
      <Days>90</Days>
    </Expiration>
  </Rule>

  <Rule>
    <ID>Remove uncompleted uploads</ID>
    <Status>Enabled</Status>
    <Prefix/>
    <AbortIncompleteMultipartUpload>
      <DaysAfterInitiation>1</DaysAfterInitiation>
    </AbortIncompleteMultipartUpload>
  </Rule>
</LifecycleConfiguration>

Configure a Bucket's Lifecycle Rules

Lifecycle rules can be used to perform different actions on objects in a Space over the course of their "life." For example, a Space may be configured so that objects in it expire and are automatically deleted after a certain length of time.

In order to configure new lifecycle rules, send a PUT request to ${BUCKET}.${REGION}.digitaloceanspaces.com/?lifecycle

The body of the request should include an XML element named LifecycleConfiguration containing a list of Rule objects.

Name Description Required
Rule A container holding elements with information about a singe lifecycle rule. Yes
ID A unique string identifying the rule. It may contain up to 255 characters including spaces. Yes
Status A string that specifies whether or not the lifecycle rule will be acted upon. The only valid values are Enabled or Disabled. Yes
Prefix A string specifying the objects to which the rule will be applied. When provided, only objects whose keys begin with the prefix will be acted upon. If empty or not present, all object in the Space will be affected. No
Expiration When present, matching objects are expired and automatically deleted. This container must specify either a Date or Days element. No
Days An integer specifying the number of days after an object's creation until the rule takes effect. No
Date A date in ISO 8601 format specifying the day that the rule takes effect. The action will be run at midnight UTC. No
AbortIncompleteMultipartUpload When present, incomplete multipart uploads of matching objects will be removed. This container must specify a DaysAfterInitiation element. No
DaysAfterInitiation An integer specifying the number of days after an incomplete multipart upload was initiated until the rule takes effect. No

Configure Bucket's Lifecycle Rules

Example Request

PUT /?lifecycle HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
Content-Length: 456
Content-Type: application/xml
x-amz-content-sha256: 34850007f92ec3331486b48fd7db15f48315fe73c4a9b135e6d9fd629276c1e7
x-amz-date: 20180119T000345Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=content-md5;content-type;host;x-amz-content-sha256;x-amz-date,Signature=fc07a541c2acdbf7527eba358afa0a6d460c9bfec539dd29dfa6b5b854aae109

<LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Rule>
    <ID>Expire old logs</ID>
    <Prefix>logs/</Prefix>
    <Status>Enabled</Status>
    <Expiration>
      <Days>90</Days>
    </Expiration>
  </Rule>

  <Rule>
    <ID>Remove uncompleted uploads</ID>
    <Status>Enabled</Status>
    <Prefix/>
    <AbortIncompleteMultipartUpload>
      <DaysAfterInitiation>1</DaysAfterInitiation>
    </AbortIncompleteMultipartUpload>
  </Rule>
</LifecycleConfiguration>

Example Response

HTTP/1.1 200 OK

Date: Mon, 13 Dec 2017 17:31:43 GMT
x-amz-request-id: tx00000000000000010ad2b-005a6135e2-f647d-nyc3a
Content-Length: 0
Content-Type: application/xml
Connection: close

Delete a Bucket's Lifecycle Rules

To delete a bucket's lifecycle configuration, send a DELETE request to ${BUCKET}.${REGION}.digitaloceanspaces.com/?lifecycle

Success will be indicated by receiving 204 (No Content) as the response code.

Delete a Bucket's Lifecycle

Example Request

DELETE /?lifecycle HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20171213T204101Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20171213/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=376fe41764fe6493a33160b36055d8f617b92f9337bce0cf91bc9c5b1e7482b2

Example Response

HTTP/1.1 204 No Content

Date: Mon, 12 Dec 2017 18:13:21 GMT
Connection: close

Object Operations

Get an Object

To retrieve an object from a bucket, send a GET request to ${BUCKET}.${REGION}.digitaloceanspaces.com/${OBJECT_KEY}

The body of the response will contain the object itself.

Get an Object

Example Request

GET /example.txt HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170710T190539Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=e912de79c88f07832558244bd867c3d834584c7f8b3d8efe4d0f0ba60b7a1dcb

Example Response

HTTP/1.1 200 OK

Date: Mon, 10 Jul 2017 19:05:39 GMT
x-amz-request-id: tx00000000000000279f46e-005963d003-1268c-nyc3a
Content-Type: text/plain
Content-Length: 14
Accept-Ranges: bytes
Last-Modified: Mon, 10 Jul 2017 19:05:09 GMT
Etag: "b3a92f49e7ae64acbf6b3e76f2040f5e"
Connection: close

Example text.

Get Information About an Object

To retrieve information about a specific object, send a HEAD request to ${BUCKET}.${REGION}.digitaloceanspaces.com/${OBJECT_KEY}

The response will include headers with information about the object (e.g. Content-Type, Content-Length, Last-Modified, Etag) but not the object itself. (See Common Headers for more information about the included information.)

Get Information About an Object

Example Request

HEAD /example.txt HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170714T185156Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Example Response

HTTP/1.1 200 OK

Date: Fri, 14 Jul 2017 18:51:58 GMT
x-amz-request-id: tx0000000000000002ff1c9-00596912ce-6441-nyc3a
Content-Type: text/plain
Content-Length: 14
Accept-Ranges: bytes
Last-Modified: Thu, 13 Jul 2017 18:40:46 GMT
Etag: "b3a92f49e7ae64acbf6b3e76f2040f5e"
Connection: close

Upload an Object (PUT)

To upload an object to a bucket, send a PUT request to ${BUCKET}.${REGION}.digitaloceanspaces.com/${OBJECT_KEY}

The body of the request should contain the object itself. In addition to the common headers used in requests, a number of additional headers are supported:

Name Description Required
Content-Length The length in bytes of the request body. Yes
Cache-Control Directives used for specifying caching behavior (e.g. max-age). No
Content-Encoding Specifies how and if an object has been compressed for transit (e.g. gzip), and thus how the client should decode it in order to obtain the media-type referenced by the Content-Type. No
Content-Disposition Specifies how the object is expected to be displayed (e.g. inline or attachment). No
x-amz-acl A "canned" ACL specifying access rules for the object (e.g. private or public-read). If not set, defaults to private. No
x-amz-storage-class Allowed for compatibility purposes. The value will always be STANDARD. No
x-amz-meta-* Prefix used to supply arbitrary user defined metadata (e.g. x-amz-meta-file-attrs: uid:1000/gname:username/uname:username/gid:1000/mode:33204). The value may not be larger than 2 KB in size. No

Upload an Object (PUT)

Example Request

PUT /example.txt HTTP/1.1

Content-Length: 14
Content-Type: text/plain
Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: 003f0e5fe338b17be8be93fec537764ce199ac50f4e50f2685a753c4cc781747
x-amz-date: 20170710T194605Z
x-amz-meta-s3cmd-attrs:uid:1000/gname:asb/uname:asb/gid:1000/mode:33204/mtime:1499727909/atime:1499727909/md5:fb08934ef619f205f272b0adfd6c018c/ctime:1499713540
x-amz-storage-class: STANDARD
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=content-length;content-type;host;x-amz-content-sha256;x-amz-date;x-amz-meta-s3cmd-attrs;x-amz-storage-class,Signature=a9a9e16da23e0b37ae8362824de77d66bba2edd702ee5f291f6ecbb9ebac6013

Example text.

Example Response

HTTP/1.1 200 OK

Date: Mon, 10 Jul 2017 19:46:06 GMT
x-amz-request-id: tx0000000000000027bd57c-005963d97e-1268c-nyc3a
Content-Length: 0
Accept-Ranges: bytes
Last-Modified: Mon, 10 Jul 2017 19:05:09 GMT
Etag: "fb08934ef619f205f272b0adfd6c018c"
Connection: close

Copy an Object

To copy an object from one bucket to another, send a PUT request to ${DESTINATION_BUCKET}.${REGION}.digitaloceanspaces.com/${DESTINATION_OBJECT_KEY}

In addition to the common headers used in requests, a number of additional headers are required:

Name Description Required
x-amz-copy-source Specifies the original object to be copied (e.g. /${ORGIN_BUCKET}/{$ORIGIN_OBJECT_KEY}). Yes
x-amz-metadata-directive Indicates whether to copy the object's metadata or to replace it with values specified in the request. The only valid values are COPY or REPLACE.
Note: An object can not be copied to itself unless REPLACE is specified.
Yes
x-amz-acl A "canned" ACL specifying access rules for the object (e.g. private or public-read). If not set, defaults to private. No

The body of the response will include an XML element named CopyObjectResult containing:

Name Description
LastModified The date and time that the object was last modified in the format: %Y-%m-%dT%H:%M:%S.%3NZ (e.g. 2017-06-23T18:37:48.157Z)
ETag The entity tag containing an MD5 hash of the object.

Copy an Object

Example Request

PUT /copied-example.txt HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-copy-source: /static-images/example.txt
x-amz-date: 20170710T202253Z
x-amz-metadata-directive: COPY
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-copy-source;x-amz-date;x-amz-metadata-directive;x-amz-storage-class,Signature=0cb03470dd80bdd41a4b8fb06c1800b27a5059b61b0303fe589578835531c877

Example Response

HTTP/1.1 200 OK


Date: Mon, 10 Jul 2017 20:22:54 GMT
x-amz-request-id: tx0000000000000027d8430-005963e21d-1268c-nyc3a
Content-Length: 183
Connection: close

<CopyObjectResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <LastModified>2017-07-10T20:22:54.167Z</LastModified>
  <ETag>7967bfe102f83fb5fc7e5a02bf05e8fc</ETag>
</CopyObjectResult>

Get an Object's ACLs

To retrieve a objects's Access Control List, send a GET request to ${BUCKET}.${REGION}.digitaloceanspaces.com/${OBJECT_KEY}?acl

The body of the response will include an XML element named AccessControlPolicy containing information about the ACLs applied to the object.

Name Description
Owner A container holding elements with information about the object's owner.
ID An element containing the ID of the object's owner as its value.
DisplayName An element containing the DisplayName of the object's owner as its value. Provided for compatibility purposes, will have the same value as the ID.
AccessControlList A container holding a list of elements describing one or more access grants.
Grant A container for an individual access grant.
Grantee A container holding information about to whom an access grant is applied. If it applies to an individual account (i.e. the object's owner) it will contain ID and Owner elements. If the grant applies to a group (i.e. AllUsers) it will contain a URI element.
URI A URI specifying a group of users. At this time, only http://acs.amazonaws.com/groups/global/AllUsers is supported.
Permission The level of access granted. At this time, the only supported values are FULL_CONTROL and READ.

Get an Object's ACLs

Example Request

GET /sammy.png?acl HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170710T191224Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=950e133849cd19d626291fd2937d927957cf3e97a36707d30d51a9b61ac08a8e

Example Response

HTTP/1.1 200 OK

Date: Mon, 10 Jul 2017 19:12:24 GMT
x-amz-request-id: tx0000000000000027a42dc-005963d198-1268c-nyc3a
Content-Type: application/xml
Content-Length: 621
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
  <AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <Owner>
      <ID>6174283</ID>
      <DisplayName>6174283</DisplayName>
    </Owner>
    <AccessControlList>
      <Grant>
        <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
          <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
        </Grantee>
        <Permission>READ</Permission>
      </Grant>
      <Grant>
        <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
          <ID>6174283</ID>
          <DisplayName>6174283</DisplayName>
        </Grantee>
        <Permission>FULL_CONTROL</Permission>
      </Grant>
    </AccessControlList>
  </AccessControlPolicy>

Set an Object's ACLs

To modify an object's Access Control List, send a PUT request to ${BUCKET}.${REGION}.digitaloceanspaces.com/${OBJECT_KEY}?acl

The body of the request should include an XML element named AccessControlPolicy containing information about the ACLs to be applied to the object.

Name Description
Owner A container holding elements with information about the object's owner.
ID An element containing the ID of the object's owner as its value.
AccessControlList A container holding a list of elements describing one or more access grants.
Grant A container for an individual access grant.
Grantee A container holding information about to whom an access grant is applied. If it applies to an individual account (i.e. the object's owner) it will contain ID and Owner elements. If the grant applies to a group (i.e. AllUsers) it will contain a URI element.
URI A URI specifying a group of users. At this time, only http://acs.amazonaws.com/groups/global/AllUsers is supported.
Permission The level of access granted. At this time, the only supported values are FULL_CONTROL and READ.

Set Object ACLs

Example Request

PUT /sammy.png?acl HTTP/1.1

content-type:application/xml
Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256:c0bd9ba784be78d4f38bbc1e3b0da2de2e7a8f4ee259b3b840369cf00a78dad2
x-amz-date:20170710T192142Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date,Signature=dfeeb2386f76b29097adadb35ac15f7d5f244f18cc95f082b0ac6d14ced48b10

<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Owner>
    <ID>6174283</ID>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
        <ID>6174283</ID>
      </Grantee>
      <Permission>FULL_CONTROL</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>

Example Response

HTTP/1.1 200 OK

Date: Mon, 10 Jul 2017 19:21:42 GMT
x-amz-request-id: tx0000000000000027aafc9-005963d3c6-1268c-nyc3a
Content-Type: application/xml
Content-Length: 0
Connection: close

Delete an Object

To delete an object, send a DELETE request to ${BUCKET}.${REGION}.digitaloceanspaces.com/${OBJECT_KEY}

Success will be indicated by receiving 204 (No Content) as the response code.

Delete an Object

Example Request

DELETE /sammy.png HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170710T194408Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=c2a46b21e2e8589dfbfa54382030bbef8108b2504a9f1d8aaba70fb0e1c46522

Example Response

HTTP/1.1 204 No Content

Date: Mon, 10 Jul 2017 19:44:09 GMT
x-amz-request-id: tx0000000000000027bbc48-005963d908-1268c-nyc3a
Connection: close

Begin a Multi-part Upload

To initiate a multi-part upload session, send a POST request to ${BUCKET}.${REGION}.digitaloceanspaces.com/${OBJECT_KEY}?uploads

In addition to the common headers used in requests, a number of additional headers are supported:

Name Description Required
Cache-Control Directives used for specifying caching behavior (e.g. max-age). No
Content-Encoding Specifies how and if an object has been compressed for transit (e.g. gzip), and thus how the client should decode it in order to obtain the media-type referenced by the Content-Type. No
Content-Disposition Specifies how the object is expected to be displayed (e.g. inline or attachment). No
x-amz-acl A "canned" ACL specifying access rules for the object (e.g. private or public-read). If not set, defaults to private. No
x-amz-meta-* Prefix used to supply arbitrary user defined metadata (e.g. x-amz-meta-file-attrs: uid:1000/gname:username/uname:username/gid:1000/mode:33204). The value may not be larger than 2 KB in size. No

The body of the response will include an XML element named InitiateMultipartUploadResult containing the UploadId used to identify the multi-part upload session in any following requests.

Name Description
Bucket The name of the bucket.
Key The object's key.
UploadId The unique identifier for the multi-part upload session.

Begin a Multi-part Upload

Example Request

POST /multipart-file.tar.gz?uploads HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20170814T174652Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170814/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=e356966fff5a3d49d19c0e44e0fdba294964384a58061d3e60dfd1a4a5b605ad

Example Response

HTTP/1.1 200 OK

Content-Length: 258
Content-Type: application/xml
Date: Mon, 14 Aug 2017 17:46:53 GMT
x-amz-request-id: tx00000000000000ab66a13-005991e20d-66a8-nyc3a
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
  <InitiateMultipartUploadResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <Bucket>static-images</Bucket>
    <Key>multipart-file.tar.gz</Key>
    <UploadId>2~iCw_lDY8VoBhoRrIJbPMrUqnE3Z-3Qh</UploadId>
  </InitiateMultipartUploadResult>

Upload a Part

To upload part of an object in a multi-part upload session, send a POST request to ${BUCKET}.${REGION}.digitaloceanspaces.com/${OBJECT_KEY}?partNumber=${PART_NUMBER}&uploadId=${UPLOAD_ID}.

The ${PART_NUMBER} specifies which piece of the object is included in the upload. The ${UPLOAD_ID} is the unique identifier returned when the multi-part upload session was initiated. The body of the request should contain the piece of the object.

Upload a Part

Example Request

PUT /multipart-file.tar.gz?partNumber=1&uploadId=2~iCw_lDY8VoBhoRrIJbPMrUqnE3Z-3Qh HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
Content-Length: 5242880
x-amz-content-sha256: 6ab0931e613fd0cd39af0fa4733edb6ad942df0ad33e057713d44df7195b6ecf
x-amz-date: 20170814T184459Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170814/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=2e4adca0a3164af8717f340ca874b4f3036dd0294b590a70f2147427221ca1e8

Example Response

HTTP/1.1 200 OK

Content-Length: 0
Content-Type: application/xml
Date: Mon, 14 Aug 2017 18:45:01 GMT
Etag: "d8d3ed3a4de016917a814a2cf5acad3c"
x-amz-request-id: tx00000000000000ab85dab-005991efac-66a8-nyc3a
Connection: close

List Parts

To list the parts of a multi-part upload session, send a GET request to ${BUCKET}.${REGION}.digitaloceanspaces.com/${OBJECT_KEY}?uploadId=${UPLOAD_ID} where ${UPLOAD_ID} is the unique identifier returned when the multi-part upload session was initiated.

The body of the response will contain an XML element named ListPartsResult containing information about the multi-part upload session and a list of XML objects representing each part of the upload:

Name Description
Bucket The name of the bucket.
Key The object's key.
UploadId The unique identifier returned when the multi-part upload session was initiated.
StorageClass Provided for compatibility purposes. The value will always be STANDARD.
PartNumberMarker The part number where the list begins.
NextPartNumberMarker When the list is truncated, specifies the part number indicating where the next response will begin.
MaxParts The maximum number of parts to return. Defaults to 1,000.
IsTruncated A boolean indicating whether all parts are included in the response.
Part A container holding elements with information about the parts of the multi-part upload.
PartNumber A sequential identifier specifying the part of the object.
LastModified The date and time that the part of the object was last modified in the format: %Y-%m-%dT%H:%M:%S.%3NZ (e.g. 2017-06-23T18:37:48.157Z)
ETag The entity tag containing an MD5 hash of the part of the object.
Size The size of the part of the object in bytes.
Owner A container holding elements with information about the bucket's owner.
ID An element containing the ID of the bucket's owner as its value.
DisplayName An element containing the DisplayName of the bucket's owner as its value. Provided for compatibility purposes, will have the same value as the ID.

List Parts

Example Request

PUT /multipart-file.tar.gz?partNumber=1&uploadId=2~iCw_lDY8VoBhoRrIJbPMrUqnE3Z-3Qh HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
Content-Length: 5242880
x-amz-content-sha256: 6ab0931e613fd0cd39af0fa4733edb6ad942df0ad33e057713d44df7195b6ecf
x-amz-date: 20170814T184459Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170814/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=2e4adca0a3164af8717f340ca874b4f3036dd0294b590a70f2147427221ca1e8

Example Response

HTTP/1.1 200 OK

Content-Length: 0
Content-Type: application/xml
Date: Mon, 14 Aug 2017 18:45:01 GMT
Etag: "d8d3ed3a4de016917a814a2cf5acad3c"
x-amz-request-id: tx00000000000000ab85dab-005991efac-66a8-nyc3a
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
  <ListPartsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <Bucket>my-new-bucket</Bucket>
    <Key>multipart-file.tar.gz</Key>
    <UploadId>2~iCw_lDY8VoBhoRrIJbPMrUqnE3Z-3Qh</UploadId>
    <StorageClass>STANDARD</StorageClass>
    <PartNumberMarker>0</PartNumberMarker>
    <NextPartNumberMarker>1</NextPartNumberMarker>
    <MaxParts>1000</MaxParts>
    <IsTruncated>false</IsTruncated>
    <Owner>
      <ID>612423</ID>
      <DisplayName>612423</DisplayName>
    </Owner>
    <Part>
      <LastModified>2017-08-14T18:45:01.601Z</LastModified>
      <PartNumber>1</PartNumber>
      <ETag>"d8d3ed3a4de016917a814a2cf5acad3c"</ETag>
      <Size>5242880</Size>
    </Part>
    <Part>
      <LastModified>2017-08-14T18:45:01.601Z</LastModified>
      <PartNumber>2</PartNumber>
      <ETag>"adf5feafc0fe4632008d5cb30beb1c49"</ETag>
      <Size>5242880</Size>
    </Part>
  </ListPartsResult>

Complete a Multi-part Upload

To complete a multi-part upload session, send a POST request to ${BUCKET}.${REGION}.digitaloceanspaces.com/${OBJECT_KEY}?uploadId=${UPLOAD_ID} where ${UPLOAD_ID} is the unique identifier returned when the multi-part upload session was initiated.

The body of the request should include an XML element named CompleteMultipartUpload containing information about each of the parts of the upload:

Name Description Required
Part A container holding elements with information about an individual part of a multi-part upload. Yes
PartNumber A sequential identifier specifying the part of the object. Yes
ETag The entity tag containing an MD5 hash of the part of the object. Yes

The body of the response will include an XML element named CompleteMultipartUploadResult containing information about the completed upload:

Name Description
Location The location of the bucket.
Bucket The name of the bucket.
Key The object's key.
ETag The entity tag containing an MD5 hash of the final object.

Complete a Multi-part Upload

Example Request

POST /multipart-file.tar.gz?uploadId=2~iCw_lDY8VoBhoRrIJbPMrUqnE3Z-3Qh HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
Content-Length: 5242880
x-amz-content-sha256: 6ab0931e613fd0cd39af0fa4733edb6ad942df0ad33e057713d44df7195b6ecf
x-amz-date: 20170814T184459Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170814/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=2e4adca0a3164af8717f340ca874b4f3036dd0294b590a70f2147427221ca1e8

<CompleteMultipartUpload>
  <Part>
    <PartNumber>1</PartNumber>
    <ETag>"d8d3ed3a4de016917a814a2cf5acad3c"</ETag>
  </Part>
  <Part>
    <PartNumber>2</PartNumber>
    <ETag>"adf5feafc0fe4632008d5cb30beb1c49"</ETag>
  </Part>
  <Part>
    <PartNumber>3</PartNumber>
    <ETag>"363f6bb50866541d78e5f6f626592263"</ETag>
  </Part>
</CompleteMultipartUpload>

Example Response

HTTP/1.1 200 OK

Content-Length: 311
Content-Type: application/xml
Date: Mon, 14 Aug 2017 18:45:01 GMT
x-amz-request-id: tx00000000000000ab962c8-005991f6fe-66a8-nyc3a
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
  <CompleteMultipartUploadResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <Location>static-images.nyc3.digitaloceanspaces.com</Location>
    <Bucket>static-images</Bucket>
    <Key>multipart-file.tar.gz</Key>
    <ETag>f935869350d7cbfcdd219df3f377531b-3</ETag>
  </CompleteMultipartUploadResult>

Cancel a Multi-part Upload

To cancel an active multi-part upload session, send a DELETE request to ${BUCKET}.${REGION}.digitaloceanspaces.com/${OBJECT_KEY}?uploadId=${UPLOAD_ID} where ${UPLOAD_ID} is the unique identifier returned when the multi-part upload session was initiated.

Success will be indicated by receiving 204 (No Content) as the response code.

Upload a Part

Example Request

DELETE /multipart-file.tar.gz?uploadId=2~iCw_lDY8VoBhoRrIJbPMrUqnE3Z-3Qh HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
Content-Length: 5242880
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20170814T202611Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170814/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=9e13d3f9e71ca5fb034fe66e92c60e30b3az3e177573702dd11d2b541358bf92

Example Response

HTTP/1.1 200 OK

Date: Mon, 14 Aug 2017 18:45:01 GMT
x-amz-request-id: tx00000000000000abbaefe-0059920764-66a8-nyc3a
Connection: close