Updated on 2024-04-15 GMT+08:00

Uploading an Object - POST

Functions

This operation uploads an object to a bucket. To use this operation, you must have the write permission for the bucket.

The name of each object in a bucket must be unique.

With versioning not enabled, if an object to be uploaded has the same name as an existing object in the bucket, the newly uploaded object will overwrite the existing one. To protect data from being corrupted during transmission, you can add the Content-MD5 parameter in the form field. After receiving the uploaded object, OBS compares the provided MD5 value to the MD5 value it calculates. If the two values do not match, OBS reports an error. You can also specify the value of the x-obs-acl parameter to configure an access control policy for the object.

You can also upload an object using the POST method.

For a single upload, the size of the object to be uploaded ranges [0, 5 GB]. To upload a file greater than 5 GB, see Operations on Multipart Upload.

Differences Between PUT and POST Methods

Parameters are passed through the request header if the PUT method is used to upload objects; if the POST method is used to upload objects, parameters are passed through the form field in the message body.

With the PUT method, you need to specify the object name in the URL, but object name is not required with the POST method, which uses the bucket domain name as the URL. Request lines of these two methods are given as follows:

PUT /ObjectName HTTP/1.1
POST / HTTP/1.1

For details about PUT upload, see Uploading an Object - PUT.

Versioning

If versioning is enabled for a bucket, the system automatically generates a unique version ID for the requested object in this bucket and returns the version ID in response header x-obs-version-id. If versioning is suspended for a bucket, the version ID of the requested object in this bucket is null. For details about the versioning statuses of a bucket, see Configuring Versioning for a Bucket.

Request Syntax

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
POST / HTTP/1.1 
Host: bucketname.obs.region.example.com
User-Agent: browser_data
Accept: file_types
Accept-Language: Regions
Accept-Encoding: encoding
Accept-Charset: character_set
Keep-Alive: 300 
Connection: keep-alive 
Content-Type: multipart/form-data; boundary=9431149156168 
Content-Length: length


--9431149156168 
Content-Disposition: form-data; name="key" 

acl 
--9431149156168 
Content-Disposition: form-data; name="success_action_redirect"
 
success_redirect 
--9431149156168 
Content-Disposition: form-data; name="content-Type" 

content_type 
--9431149156168 
Content-Disposition: form-data; name="x-obs-meta-uuid" 

uuid 
--9431149156168 
Content-Disposition: form-data; name="x-obs-meta-tag" 

metadata 
--9431149156168 
Content-Disposition: form-data; name="AccessKeyId" 

access-key-id 
--9431149156168 
Content-Disposition: form-data; name="policy" 

encoded_policy 
--9431149156168 
Content-Disposition: form-data; name="signature" 

signature= 
--9431149156168 
Content-Disposition: form-data; name="file"; filename="MyFilename" 
Content-Type: image/jpeg 

file_content 
--9431149156168 
Content-Disposition: form-data; name="submit" 

Upload to OBS 
--9431149156168--

Request Parameters

This request contains no parameters.

Request Headers

This request uses common headers. For details, see Table 3.

If you want to get CORS configuration information, you must use the headers in Table 1.

Table 1 Request headers for obtaining CORS configuration

Header

Description

Mandatory

Origin

Origin of the cross-domain request specified by the pre-request. Generally, it is a domain name.

Type: string

Yes

Access-Control-Request-Headers

Indicates the HTTP headers of a request. The request can use multiple HTTP headers.

Type: string

No

Request Elements

This request uses form elements. Table 2 describes the form elements.

Table 2 Form elements

Parameter

Description

Mandatory

file

Specifies the object content uploaded. Both the file name and file path are ignored and will not be used as the object name. The object name is the value of parameter key.

Type: binary content or text

Constraint: This parameter must be the last parameter in a form. Otherwise, parameters after this parameter will be all discarded. Additionally, each request contains only one file parameter.

Yes

key

Indicates the name of the object to be created.

Type: string

Yes

AccessKeyId

Access key ID (AK) of the requester.

Type: string

Constraint: This parameter is mandatory if there is security policy parameter policy or signature in the request.

Yes when the constraint is met.

policy

Indicates the security policy in the request. For details about the policy format, see the policy format in Authentication of Signature Carried in the Table Uploaded Through a Browser.

Type: string

Constraint: This parameter is mandatory if the bucket provides the AccessKeyId (or signature).

Yes when the constraint is met.

signature

Indicates a signature string calculated based on StringToSign.

Type: string

Constraint: This parameter is mandatory if the bucket provides the AccessKeyId (or policy).

Yes when the constraint is met.

token

Specifies the AK, signature, and security policy of the request initiator. The priority of a token is higher than that of a specified AK, the request signature, and the security policy of the request initiator.

Type: string

Example:

In HTML: <input type= "text" name="token" value="ak:signature:policy" />

No

x-obs-acl

When creating an object, you can add this header to set the permission control policy for the object. The predefined common policies are as follows: private, public-read, public-read-write, public-read-delivered, and public-read-write-delivered.

Type: string

Examples:

In POLICY: {"acl": "public-read" }

In HTML: <input type="text" name="acl" value="public-read" />

No

x-obs-grant-read

When creating an object, you can use this header to grant all users in an account the permissions to read the object and obtain the object metadata.

Type: string

Examples:

In POLICY: {'grant-read': 'id=domainId1' },

In HTML: <input type="text" name="grant-read" value="id=domainId1" />

No

x-obs-grant-read-acp

When creating an object, you can use this header to grant all users in an account the permission to obtain the object ACL.

Type: string

Examples:

In POLICY: {"grant-read-acp": "id=domainId1" },

In HTML: <input type="text" name="grant-read-acp" value="id=domainId1" />

No

x-obs-grant-write-acp

When creating an object, you can use this header to grant all users in an account the permission to write the object ACL.

Type: string

Examples:

In POLICY: {"grant-write-acp": "id=domainId1" },

In HTML: <input type="text" name="grant-write-acp" value="id=domainId1" />

No

x-obs-grant-full-control

When creating an object, you can use this header to grant all users in an account the permissions to read the object, obtain the object metadata and ACL, and write the object ACL.

Type: string

Examples:

In POLICY: {"grant-full-control": "id=domainId1" },

In HTML: <input type="text" name="grant-full-control" value="id=domainId1" />

No

Cache-Control,

Content-Type,

Content-Disposition,

Content-Encoding

Expires

Standard HTTP headers. OBS records those headers. If you download the object or send the HEAD Object request, those parameter values are returned.

Type: string

Examples:

In POLICY: ["starts-with", "$Content-Type", "text/"],

In HTML: <input type="text" name="content-type" value="text/plain" />

No

success_action_redirect

Indicates the address (URL) to which a successfully responded request is redirected.

  • If the value is valid and the request is successful, OBS returns status code 303. Location contains success_action_redirect as well as the bucket name, object name, and object ETag.
  • If this parameter value is invalid, OBS ignores this parameter. In such case, the Location header is the object address, and OBS returns the response code based on whether the operation succeeds or fails.

Type: string

Examples:

In POLICY: {"success_action_redirect": "http://123458.com"},

In HTML: <input type="text" name="success_action_redirect" value="http://123458.com" />

No

x-obs-meta-*

Indicates user-defined metadata. When creating an object, you can use this header or a header starting with x-obs-meta- to define object metadata in an HTTP request. The user-defined metadata will be returned in the response when you retrieve the object or query the object metadata.

Type: string

Examples:

In POLICY: {" x-obs-meta-test ": " test metadata " },

In HTML: <input type="text" name=" x-obs-meta-test " value=" test metadata " />

No

success_action_status

Indicates the status code returned after the request is successfully received. Possible values are 200, 201, and 204.

  • If this parameter is set to 200 or 204, the body in the OBS response message is empty.
  • If this parameter is set to 201, the OBS response message contains an XML document that describes the response to the request.
  • If the request does not include this parameter or the parameter value is invalid, OBS returns status code 204.

Type: string

Examples:

In POLICY: ["starts-with", "$success_action_status", ""],

In HTML: <input type="text" name="success_action_status" value="200" />

No

x-obs-website-redirect-location

If a bucket is configured with the static website hosting function, it will redirect requests for this object to another object in the same bucket or to an external URL. OBS stores the value of this header in the object metadata.

Default value: none

Constraint: The value must be prefixed by a slash (/), http://, or https://. The length of the value cannot exceed 2 KB.

No

x-obs-expires

Specifies when an object expires. It is measured in days. Once the object expires, it is automatically deleted. (The calculation starts from when the object was last modified).

Type: integer

Example: x-obs-expires:3

No

Response Syntax

1
2
3
4
5
HTTP/1.1 status_code
Content-Type: application/xml 
Location: location
Date: date
ETag: etag

Response Headers

The response to the request uses common headers. For details, see Table 1.

In addition to the common response headers, the headers listed in Table 3 may be used.

Table 3 Additional response headers

Header

Description

x-obs-version-id

Object version ID. If versioning is enabled for the bucket, the object version ID will be returned. A string null will be returned if the bucket housing the object has versioning suspended.

Type: string

Access-Control-Allow-Origin

Indicates that the origin is included in the response if the origin in the request meets the CORS configuration requirements when CORS is configured for buckets.

Type: string

Access-Control-Allow-Headers

Indicates that the headers are included in the response if headers in the request meet the CORS configuration requirements when CORS is configured for buckets.

Type: string

Access-Control-Max-Age

Indicates MaxAgeSeconds in the CORS configuration of the server when CORS is configured for buckets.

Type: integer

Access-Control-Allow-Methods

Indicates that methods in the rule are included in the response if Access-Control-Request-Method in the request meets the CORS configuration requirements when CORS is configured for buckets.

Type: string

Value options: GET, PUT, HEAD, POST, DELETE

Access-Control-Expose-Headers

Value of ExposeHeader in the CORS configuration of a server when CORS is configured for buckets.

Type: string

Response Elements

This response contains no elements.

Error Responses

No special error responses are returned. For details about error responses, see Table 2.

Sample Request: Uploading an Object Using POST

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
POST / HTTP/1.1
Date: WED, 01 Jul 2015 04:15:23 GMT
Host: examplebucket.obs.region.example.com
Content-Type: multipart/form-data; boundary=7db143f50da2
Content-Length: 2424
Origin: www.example.com
Access-Control-Request-Headers:acc_header_1

--7db143f50da2
Content-Disposition: form-data; name="key"

object01
--7db143f50da2
Content-Disposition: form-data; name="acl"

public-read
--7db143f50da2 
Content-Disposition: form-data; name="content-type"

text/plain
--7db143f50da2
Content-Disposition: form-data; name="expires"

WED, 01 Jul 2015 04:16:15 GMT
--7db143f50da2
Content-Disposition: form-data; name="AccessKeyId"

14RZT432N80TGDF2Y2G2
--7db143f50da2
Content-Disposition: form-data; name="policy"

ew0KICAiZXhaaXJhdGlvbiI6ICIyMDE1LTA3LTAxVDEyOjAwOjAwLjAwMFoiLA0KICAiY29uZGl0aW9ucyI6IFsNCiAgICB7ImJ1Y2tldCI6ICJleG1hcGxlYnVja2V0IiB9LA0KICAgIHsiYWNsIjogInB1YmxpYy1yZWFkIiB9LA0KICAgIHsiRXhaaXJlcyI6ICIxMDAwIiB9LA0KICAgIFsiZXEiLCAiJGtleSIsICJvYmplY3QwMSJdLA0KICAgIFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJ0ZXh0LyJdLA0KICBdDQp9DQo=
--7db143f50da2
Content-Disposition: form-data; name="signature"

Vk6rwO0Nq09BLhvNSIYwSJTRQ+k=
--7db143f50da2
Content-Disposition: form-data; name="x-obs-persistent-headers"
 
test:dmFsdWUx
--7db143f50da2
Content-Disposition: form-data; name="x-obs-grant-read"
 
id=52f24s3593as5730ea4f722483579xxx
--7db143f50da2
Content-Disposition: form-data; name="x-obs-server-side-encryption"
 
http://www.example.com/
--7db143f50da2
Content-Disposition: form-data; name="file"; filename="C:\Testtools\UpLoadFiles\object\1024Bytes.txt"
Content-Type: text/plain

01234567890
--7db143f50da2
Content-Disposition: form-data; name="submit"

Upload
--7db143f50da2--

Sample Response: Uploading an Object Using POST

After CORS is configured for a bucket, the response contains the Access-Control-* information.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
HTTP/1.1 204 No Content
x-obs-request-id: 90E2BA00C26C00000133B442A90063FD
x-obs-id-2: OTBFMkJBMDBDMjZDMDAwMDAxMzNCNDQyQTkwMDYzRkRBQUFBQUFBQWJiYmJiYmJi
Access-Control-Allow-Origin: www.example.com
Access-Control-Allow-Methods: POST,GET,HEAD,PUT
Access-Control-Allow-Headers: acc_header_01
Access-Control-Max-Age: 100
Access-Control-Expose-Headers: exp_header_01
Content-Type: text/xml
Location: http://examplebucket.obs.region.example.com/object01
Date: WED, 01 Jul 2015 04:15:23 GMT
ETag: "ab7abb0da4bca5323ab6119bb5dcd296"

Sample Request: Using a Token for Authentication

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
POST / HTTP/1.1
Content-Type:multipart/form-data; boundary=9431149156168
Content-Length: 634
Host: examplebucket.obs.region.example.com
 
--9431149156168
Content-Disposition: form-data; name="key"
obj01
 
--9431149156168
Content-Disposition: form-data; name="token"
UDSIAMSTUBTEST002538:XsVcTzR2/A284oE4VH9qPndGcuE=:eyJjb25kaXRpb25zIjogW3siYnVja2V0IjogInRlc3QzMDAzMDU4NzE2NjI2ODkzNjcuMTIifSwgeyJDb250ZW50LVR5cGUiOiAiYXBwbGljYXRpb24veG1sIn0sIFsiZXEiLCAiJGtleSIsICJvYmoudHh0Il1dLCAiZXhwaXJhdGlvbiI6ICIyMDIyLTA5LTA5VDEyOjA5OjI3WiJ9
 
--9431149156168
Content-Disposition: form-data; name="file"; filename="myfile"
Content-Type: text/plain
01234567890
 
--9431149156168--
Content-Disposition: form-data; name="submit"
Upload to OBS

Sample Response: Using a Token for Authentication

1
2
3
4
5
6
7
HTTP/1.1 204 No Content
Server: OBS
Location: http://examplebucket.obs.region.example.com/my-obs-object-key-demo
ETag: "7eda50a430fed940023acb9c4c6a2fff"
x-obs-request-id: 000001832010443D80F30B649B969C47
x-obs-id-2: 32AAAUgAIAABAAAQAAEAABAAAQAAEAABCTj0yO9KJd5In+i9pzTgCDVG9vMnk7O/
Date: Fri,09Sep 2022 02: 24:40 GMT

Sample Request: Specifying an Object Expiration Time

POST / HTTP/1.1 
Date: WED, 01 Jul 2015 04:15:23 GMT 
Host: examplebucket.obs.region.example.com 
Content-Type: multipart/form-data; boundary=148828969260233905620870
Content-Length: 1639 
Origin: www.example.com 
Access-Control-Request-Headers:acc_header_1 
 
--148828969260233905620870 
Content-Disposition: form-data; name="key" 
 
object01
--148828969260233905620870
Content-Disposition: form-data; name="ObsAccessKeyId"
 
55445349414d5354554254455354303030303033
--148828969260233905620870
Content-Disposition: form-data; name="signature"
 
396246666f6f42793872792f7a3958524f6c44334e4e69763950553d--7db143f50da2 
--148828969260233905620870
Content-Disposition: form-data; name="policy" 
 
65794a6c65484270636d463061573975496a6f694d6a41794d7930774e6930784e565178...
--148828969260233905620870
Content-Disposition: form-data; name="x-obs-expires"
 
4
--148828969260233905620870
Content-Disposition: form-data; name="file"; filename="test.txt"
Content-Type: text/plain 
 
01234567890
--148828969260233905620870
Content-Disposition: form-data; name="submit" 
 
Upload 
--148828969260233905620870--

Sample Response: Specifying an Object Expiration Time

 
HTTP/1.1 204 No Content 
Server: OBS 
Date: Thu, 15 Jun 2023 12:39:03 GMT
Connection: keep-alive
Location: http://examplebucket.obs.region.example.com/my-obs-object-key-demo 
x-obs-expiration: expiry-date="Tue, 20 Jun 2023 00:00:00 GMT"
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-obs-request-id: 00000188BF11049553064911000FC30D
x-obs-id-2: 32AAAUJAIAABAAAQAAEAABAAAQAAEAABCSwj2PcBE0YcoLHUDO7GSj+rVByzjflA 
x-forward-status: 0x40020000000001
x-dae-api-type: REST.POST.OBJECT

Sample Request: Specifying a Status Code

Set the status code of a successful action to 200.

POST /srcbucket HTTP/1.1
User-Agent: PostmanRuntime/7.26.8
Accept: */*
Postman-Token: 667dcc44-1c48-41ba-9e41-9f87d8975089
Host: obs.region.example.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: multipart/form-data; boundary=--------------------------285613759795901770404350
Content-Length: 1134
 
----------------------------285613759795901770404350
Content-Disposition: form-data; name="key"
 
obj
----------------------------285613759795901770404350
Content-Disposition: form-data; name="ObsAccessKeyId"
 
XXXXXXXXXXXXXXX000003
----------------------------285613759795901770404350
Content-Disposition: form-data; name="signature"
 
9rc4bVhDPQ7eHtw17hWtYxLnBWU=
----------------------------285613759795901770404350
Content-Disposition: form-data; name="policy"
 
eyJleHBpcmF0aW9uIjoiMjAyMy0wNi0xNVQxNDoxMTozNFoiLCAiY29uZGl0aW9ucyI6W3siYnVja2V0Ijoic3JjYnVja2V0MiJ9LHsic3VjY2Vzc19hY3Rpb25fc3RhdHVzIjoiMjAwIn0seyJjb250ZW50LXR5cGUiOiJ0ZXh0L3BsYWluIn0seyJrZXkiOiIzMzMifSxdfQ==
----------------------------285613759795901770404350
Content-Disposition: form-data; name="success_action_status"
 
200
----------------------------285613759795901770404350
Content-Disposition: form-data; name="file"; filename="test.txt"
Content-Type: text/plain
 
 
----------------------------285613759795901770404350
Content-Disposition: form-data; name="submit"
 
Upload to OBS
----------------------------285613759795901770404350--

Sample Response: Specifying a Status Code

Response to the configuration of success status code 200

HTTP/1.1 200 OK
Server: OBS
Date: Thu, 15 Jun 2023 13:12:51 GMT
Content-Length: 0
Connection: keep-alive
Location: http://obs.region.example.com/srcbucket/obj
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-obs-request-id: 00000188BF2FF55F5306426E000FE366
x-obs-id-2: 32AAAUJAIAABAAAQAAEAABAAAQAAEAABCScDjcXgZ7oMYSVnZnk4+HrClVwLVPTi
x-forward-status: 0x40020000000001
x-dae-api-type: REST.POST.OBJECT