Help Center/ Object Storage Service/ API Reference/ Bucket APIs/ Block Public Access (BPA)/ Obtaining the BPA Configuration of a Bucket

Updated on 2026-04-16 GMT+08:00

Obtaining the BPA Configuration of a Bucket

Functions

This API is used to obtain the BPA configuration of a bucket. For more information about how to configure bucket-level BPA, see Block Public Access.

Authorization Information

To call this API, you must be the bucket owner or have the permission to obtain the BPA configuration of a bucket. You are advised to use IAM or bucket policies for authorization. For details about OBS authorization methods, see Differences Between OBS Permissions Control Methods.

If you use IAM for authorization, you need to use either role/policy-based authorization or identity policy-based authorization and configure the required permissions:

If you use role/policy-based authorization (IAM v3 APIs in the old IAM version), you need to grant the obs:bucket:GetBucketPublicAccessBlock permission. For details, see Creating a Custom IAM Policy.

If you use identity policy-based authorization (IAM v5 APIs in the new IAM version), you need to grant the obs:bucket:getBucketPublicAccessBlock permission, as shown in the following table. For details, see Creating a Custom IAM Identity Policy.

Action	Access Level	Resource Type (*: Required)	Condition Key	Alias	Dependencies
obs:bucket:getBucketPublicAccessBlock	Read	bucket *	g:EnterpriseProjectId g:ResourceTag/<tag-key>	-	-
-	obs:EpochTime obs:SourceIp obs:TlsVersion obs:CustomDomain

Action

Access Level

Resource Type (*: Required)

Condition Key

Alias

Dependencies

obs:bucket:getBucketPublicAccessBlock

Read

bucket *

obs:EpochTime
obs:SourceIp
obs:TlsVersion
obs:CustomDomain

If you use bucket policies for authorization, you need to grant the obs:bucket:GetBucketPublicAccessBlock permission. For details, see Creating a Custom Bucket Policy.

Request Syntax

GET /?publicAccessBlock HTTP/1.1
Host: bucketname.obs.region.myhuaweicloud.com 
Date: date
Authorization: authorization
Content-Type: application/xml
Content-Length: length

Description of the OBS request structure

An OBS request consists of the request method, request URI, request headers, and request body. The following figure shows an example of a request for creating a bucket. The bucket name is configured in the Host header, and the signature information is configured in the Authorization header. For details about how to calculate the signature, see Using an Authorization Header. For more information, see Constructing a Request.

URI Parameters

This request contains no parameters.

Request Headers

This request uses common headers. For details, see Table 3.

Request Body

This request contains no request body parameters.

Response Syntax

HTTP/1.1 status_code
Date: date
x-obs-request-id: 000001934E7A99E2530672D3A3903140
x-obs-id-2: 36AAAQAAEAABAAAQAAEAABAAAQAAEAABAAAaI=AAAAAAAAAAAAAAAAAAAAAAAAAA
Content-Length: length

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PublicAccessBlockConfiguration xmlns="http://obs.myhwclouds.com/doc/2015-06-30/">
  <BlockPublicAcls>boolean</BlockPublicAcls>
  <IgnorePublicAcls>boolean</IgnorePublicAcls>
  <BlockPublicPolicy>boolean</BlockPublicPolicy>
  <RestrictPublicBuckets>boolean</RestrictPublicBuckets>
</PublicAccessBlockConfiguration>

Description of the OBS response structure

An OBS response consists of a response status code, response headers, and the response body. The following figure shows an example of a response for obtaining the bucket's ACL configuration.

Response Headers

This response uses common headers. For details, see Table 1.

Response Body

This response contains elements specifying the BPA configuration of an OBS bucket. Table 1 describes these elements.

**Table 1** Response body parameters
Element	Type	Description
PublicAccessBlockConfiguration	XML	Definition The BPA configuration of a bucket.
BlockPublicAcls	Boolean	Definition Whether to prohibit specifying the ACL as public access to a bucket or objects in the bucket. If the parameter is set to true, the following applies: If you specify an ACL as public access when uploading an object, the object fails to be uploaded and the error "403 Access Denied" is returned. If you specify an ACL as public access when modifying a bucket ACL or an object ACL, the ACL fails to be modified and the error "403 Access Denied" is returned. Range true: This feature is enabled. false: This feature is disabled.
IgnorePublicAcls	Boolean	Definition Whether to ignore the existing ACL that allows public access to the bucket or objects in the bucket. If this parameter is set to true, the public access ACL of the bucket or objects in the bucket becomes invalid. Range true: This feature is enabled. false: This feature is disabled.
BlockPublicPolicy	Boolean	Definition Whether to prohibit the configuration of a bucket policy that allows public access to a bucket. If this parameter is set to true, such a bucket policy will fail to be configured and the error "403 Access Denied" will be returned. Range true: This feature is enabled. false: This feature is disabled.
RestrictPublicBuckets	Boolean	Definition Whether to restrict the existing public bucket policy. If this parameter is set to true and the existing bucket policy allows public access, only the cloud service and bucket owner accounts are allowed to access the bucket. Range true: This feature is enabled. false: This feature is disabled.

Error Responses

Table 2 describes possible special errors in this request.

**Table 2** Error Responses
Error	Description	HTTP Status Code
MethodNotAllowed	The involved method is not allowed (the corresponding feature is disabled).	405

For other errors, see Table 2.

Sample Request

GET /?publicAccessBlock HTTP/1.1
User-Agent: curl/7.29.0
Host: examplebucket.obs.region.myhuaweicloud.com
Accept: */*
Date: Sat, 16 Nov 2024 08:59:07 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:75/Y4Ng1izvzc1nTGxpMXTE6ynw=

Sample Response

HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: BF260000016435CE298386946AE4C482
x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCT9W2tcvLmMJ+plfdopaD62S0npbaRUz
Date: Sat, 16 Nov 2024 08:59:08 GMT
Content-Length: 348

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PublicAccessBlockConfiguration xmlns="http://obs.myhwclouds.com/doc/2015-06-30/">
  <BlockPublicAcls>false</BlockPublicAcls>
  <IgnorePublicAcls>false</IgnorePublicAcls>
  <BlockPublicPolicy>false</BlockPublicPolicy>
  <RestrictPublicBuckets>false</RestrictPublicBuckets>
</PublicAccessBlockConfiguration>

Using SDKs to Call APIs

You are advised to use OBS SDKs to call APIs. SDKs encapsulate APIs to simplify development. You can call SDK API functions to access OBS without manually calculating signatures.

JavaJ

Python

C: not supported

BrowserJS: not supported

.NET: not supported

Android: not supported

iOS: not supported

PHP: not supported

Node.js: not supported

Harmony: not supported

References

For more information about BPA configuration for buckets, see Block Public Access.
For details about the billing items involved in API operations, see Billing Items.

Parent Topic: Block Public Access (BPA)

Previous topic: Configuring BPA for a Bucket

Next topic: Deleting the BPA Configuration of a Bucket

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot