Updated on 2024-09-29 GMT+08:00

Uploading an Object - POST

Functions

This API allows you to upload an object to a bucket. This requires the write permission for the bucket.

The name of each object in a bucket must be unique.

If a bucket has versioning disabled, and you upload an object that has the same name as an existing object, the new object overwrites the existing one. You can also use Content-MD5 in the form to verify in-transit integrity. OBS calculates an MD5 after the object is uploaded and checks if this MD5 matches the MD5 carried in the form. If they do not match, an error is reported. You can also use x-obs-acl to control access to objects.

You can also upload an object using the POST method.

A single upload allows at most 5 GB of objects. To upload more than 5 GB of objects, see Operations on Multipart Upload.

This API supports server-side encryption.

Differences Between PUT and POST Methods

PUT requests include parameters in the header; POST requests in the form.

In the URL, PUT requests require object names be specified; POST requests only require bucket domain names. Request lines of PUT and POST are as follows:

PUT /ObjectName HTTP/1.1
POST / HTTP/1.1

For details about PUT upload, see Uploading an Object - PUT.

Versioning

If versioning is enabled for a bucket, each object uploaded has a unique version ID. If versioning is suspended, the version ID is null. Version IDs are returned in the x-obs-version-id header of the response. For details about versioning, see Configuring Versioning for a Bucket.

WORM

If a bucket has WORM enabled, you can configure WORM for its objects. To do so, use x-obs-object-lock-mode and x-obs-object-lock-retain-until-date in the request when uploading an object. If these two elements are not specified, objects uploaded use the default bucket WORM policy (if any). You can also configure or update WORM after an object was uploaded.

If WORM is enabled, versioning is automatically enabled. WORM is based on the object version. Versions of an object not protected by WORM can be deleted. For example, assume version test.txt 001 of an object is protected by WORM. You upload a new version test.txt 002 for the same object with no WORM configured. In such case, test.txt 002 is not protected and can be deleted. If you download an object without specifying a version ID, the latest version — test.txt 002 — is downloaded.

Request Syntax

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
POST / HTTP/1.1 
Host: bucketname.obs.region.myhuaweicloud.com 
User-Agent: browser_data
Accept: file_types
Accept-Language: Regions
Accept-Encoding: encoding
Accept-Charset: character_set
Keep-Alive: 300 
Connection: keep-alive 
Content-Type: multipart/form-data; boundary=9431149156168 
Content-Length: length


--9431149156168 
Content-Disposition: form-data; name="key" 

acl 
--9431149156168 
Content-Disposition: form-data; name="success_action_redirect"
 
success_redirect 
--9431149156168 
Content-Disposition: form-data; name="content-Type" 

content_type 
--9431149156168 
Content-Disposition: form-data; name="x-obs-meta-uuid" 

uuid 
--9431149156168 
Content-Disposition: form-data; name="x-obs-meta-tag" 

metadata 
--9431149156168 
Content-Disposition: form-data; name="AccessKeyId" 

access-key-id 
--9431149156168 
Content-Disposition: form-data; name="policy" 

encoded_policy 
--9431149156168 
Content-Disposition: form-data; name="signature" 

signature= 
--9431149156168 
Content-Disposition: form-data; name="file"; filename="MyFilename" 
Content-Type: image/jpeg 

file_content 
--9431149156168 
Content-Disposition: form-data; name="submit" 

Upload to OBS 
--9431149156168--

Request Parameters

This request contains no parameters.

Request Headers

This request uses common headers. For details, see Table 3.

If you want to get CORS settings, use the headers in Table 1.

Table 1 Request headers for obtaining CORS configuration

Header

Type

Mandatory (Yes/No)

Description

Origin

String

Yes

Explanation:

Where a cross-domain request is from (usually a domain name), specified in a preflight request

Restrictions:

None

Value range:

An HTTP-compliant header value

Default value:

None

Access-Control-Request-Headers

String

No

Explanation:

HTTP headers in a request. Multiple headers can be included.

Restrictions:

None

Value range:

An HTTP-compliant header value

Default value:

None

If an error is still displayed after CORS has been configured, rectify the fault by referring to Why Is an Error Reported Even If CORS Has Been Configured?

Request Elements

This request uses form elements. Table 2 describes the form elements.

Table 2 Form elements

Element

Type

Mandatory (Yes/No)

Description

file

Binary or text

Yes

Explanation:

Object content to upload. Both the file name and path are ignored and will not be used as the object name. The object name is the value of parameter key.

Restrictions:

  • This parameter must be the last to specify. Otherwise, the parameters that follow it will be discarded.
  • A request can contain only one file parameter.

Value range:

None

Default value:

None

key

String

Yes

Explanation:

Name of the object to be created. An object is uniquely identified by an object name in a bucket. An object name is a complete path that does not contain the bucket name.

For example, if the access path is examplebucket.obs.ap-southeast-1.myhuaweicloud.com/folder/test.txt, the object name is folder/test.txt.

Restrictions:

For details, see Object Overview.

Value range:

1 to 1,024 characters

Default value:

None

AccessKeyId

String

Yes when the restrictions are met

Explanation:

Access key ID (AK) of the requester.

Restrictions:

This parameter is mandatory if there is security policy parameter policy or signature in the request.

Value range:

AK of a user.

Default value:

None

policy

String

Yes when the restrictions are met

Explanation:

A security policy

Restrictions:

This parameter is mandatory if AccessKeyId or signature is provided in the form.

Value range:

For the policy format, see Signing Browser-Based Upload Requests.

Default value:

None

signature

String

Yes when the restrictions are met

Explanation:

A signature string calculated based on StringToSign.

Restrictions:

This parameter is mandatory if AccessKeyId or policy is provided in the form.

Value range:

None

Default value:

None

token

String

No

Explanation:

Specifies the access key, signature, and security policy of the requester all together.

Restrictions:

The priority of a token is higher than that of a separately specified AK, signature, or security policy.

Example:

In HTML: <input type= "text" name="token" value="ak:signature:policy" />

Value range:

The value must be in the ak:signature:policy format.

Default value:

None

x-obs-acl

String

No

Explanation:

Used to set a pre-defined ACL when creating an object

Examples:

In POLICY: {"acl": "public-read" }

In HTML: <input type="text" name="acl" value="public-read" />

Restrictions:

None

Value range:

  • private
  • public-read
  • public-read-write
  • public-read-delivered
  • public-read-write-delivered

For details about each policy, see the "Configuring an ACL Using Header Fields" section in ACLs.

Default value:

private

x-obs-grant-read

String

No

Explanation:

Used to — when creating an object — grant all users in a domain the permissions to read the object and obtain the object metadata

Examples:

In POLICY: {'grant-read': 'id=domainId1' },

In HTML: <input type="text" name="grant-read" value="id=domainId1" />

Restrictions:

Use commas (,) to separate multiple domains.

Value range:

The value of domainId must be valid. For details about how to obtain the ID, see Obtaining Account, IAM User, Project, User Group, Region, and Agency Information.

Default value:

None

x-obs-grant-read-acp

String

No

Explanation:

Used to — when creating an object — grant all users in a domain the permission to obtain the object ACL.

Examples:

In POLICY: {"grant-read-acp": "id=domainId1" },

In HTML: <input type="text" name="grant-read-acp" value="id=domainId1" />

Restrictions:

None

Value range:

The value of domainId must be valid. For details about how to obtain the ID, see Obtaining Account, IAM User, Project, User Group, Region, and Agency Information.

Default value:

None

x-obs-grant-write-acp

String

No

Explanation:

Used to — when creating an object — grant all users in a domain the permission to write the object ACL.

Examples:

In POLICY: {"grant-write-acp": "id=domainId1" },

In HTML: <input type="text" name="grant-write-acp" value="id=domainId1" />

Restrictions:

None

Value range:

The value of domainId must be valid. For details about how to obtain the ID, see Obtaining Account, IAM User, Project, User Group, Region, and Agency Information.

Default value:

None

x-obs-grant-full-control

String

No

Explanation:

When creating an object, you can use this header to grant all users in an account the permissions to read the object, obtain the object metadata and ACL, and write the object ACL.

Examples:

In POLICY: {"grant-full-control": "id=domainId1" },

In HTML: <input type="text" name="grant-full-control" value="id=domainId1" />

Restrictions:

None

Value range:

The value of domainId must be valid. For details about how to obtain the ID, see Obtaining Account, IAM User, Project, User Group, Region, and Agency Information.

Default value:

None

x-obs-storage-class

String

No

Explanation:

Used to — when creating an object — specify its storage class.

Examples:

In POLICY: {"storage-class": "STANDARD" },

In HTML: <input type="text" name="x-obs-storage-class" value="STANDARD" />

Restrictions:

The value is case-sensitive.

Value range:

  • STANDARD
  • WARM
  • COLD
  • DEEP_ARCHIVE

Default value:

If you do not use this header, the object storage class is the default storage class of the bucket.

Cache-Control

String

No

Explanation:

Standard HTTP header, returned in the response if a user downloads the object or makes a Head Object request.

Restrictions:

None

Value range:

See the HTTP requirements for the Cache-Control header.

Default value:

None

Content-Type

String

No

Explanation:

Standard HTTP header, returned in the response if a user downloads the object or makes a Head Object request.

Example:

In POLICY: ["starts-with", "$Content-Type", "text/"],

In HTML: <input type="text" name="content-type" value="text/plain" />

Restrictions:

None

Value range:

See the HTTP requirements for the Content-Type header.

Default value:

None

Content-Disposition

String

No

Explanation:

Standard HTTP header, returned in the response if a user downloads the object or makes a Head Object request.

Restrictions:

None

Value range:

See the HTTP requirements for the Content-Disposition header.

Default value:

None

Content-Encoding

String

No

Explanation:

Standard HTTP header, returned in the response if a user downloads the object or makes a Head Object request.

Restrictions:

None

Value range:

See the HTTP requirements for the Content-Encoding header.

Default value:

None

Expires

String

No

Explanation:

Standard HTTP header, returned in the response if a user downloads the object or makes a Head Object request.

Restrictions:

None

Value range:

See the HTTP requirements for the Expires header.

Default value:

None

success_action_redirect

String

No

Explanation:

Where a successful request is redirected

  • If the value is valid and the request is successful, OBS returns status code 303. Location contains success_action_redirect as well as the bucket name, object name, and object ETag.
  • If the value is invalid, OBS ignores this parameter. Location contains the object address, and OBS returns the response code based on the actual result.

Examples:

In POLICY: {"success_action_redirect": "http://123458.com"},

In HTML: <input type="text" name="success_action_redirect" value="http://123458.com" />

Restrictions:

The value must start with http or https.

Value range:

URL

Default value:

None

x-obs-meta-*

String

No

Explanation:

Used when creating an object to define metadata. The defined metadata is returned in the response when you obtain the object or query its metadata. For details, see User-Defined Object Metadata.

Examples:

In POLICY: {" x-obs-meta-test ": " test metadata " },

In HTML: <input type="text" name=" x-obs-meta-test " value=" test metadata " />

Restrictions:

None

Value range:

For details, see Managing Object Metadata.

Default value:

None

x-obs-persistent-headers

String

No

Explanation:

Used when creating an object to define one or more response headers. The user-defined response headers are returned when you obtain the object or query its metadata.

Restrictions:

  • User-defined headers cannot contain the x-obs- prefix. For example, you should use key1 instead of x-obs-key1.
  • Do not use standard HTTP headers, such as host, content-md5, origin, range, and Content-Disposition.
  • The total length of this header and the custom metadata cannot exceed 8 KB.
  • If multiple values are passed for the same key, they are separated by commas (,) and returned all at once for that key.
  • The server does not decode a value that would contain non-US-ASCII or unrecognizable characters after being decoded. Instead, the server encapsulates such a value using ?UTF-8?B?<(str)>?=. For instance, key1:abbc will be returned as key1: =?UTF-8?B?abbc?=.
  • The values cannot contain spaces, equal signs (=), commas (,), semicolons (;), colons (:), or periods (.). If such characters are required, use URL or Base64 encoding.
  • Format: x-obs-persistent-headers: key1:base64_encode(value1),key2:base64_encode(value2)...

    key1 and key2 indicate user-defined headers. If they contain non-ASCII or unrecognizable characters, they can be encoded using URL or Base64. The server processes these headers as character strings, but does not decode them. value1 is the value of key1; value2 of key2. base64_encode indicates Base64 encoding. A key and its Base64-encoded value are connected using a colon (:) to form a pair. Key-value pairs are separated with commas (,) and carried in the x-obs-persistent-headers header. The server then decodes the uploaded value.

    Examples:

    In POLICY: {"x-obs-persistent-headers": "key1:dmFsdWUx,key2:dmFsdWUy" },

    In HTML: <input type="text" name="x-obs-persistent-headers" value="key1:dmFsdWUx,key2:dmFsdWUy" />

    When downloading the object or obtaining its metadata, key1:value1 and key2:value2 are returned.

Value range:

None

Default value:

None

success_action_status

String

No

Explanation:

The status code returned for a successful request.

Examples:

In POLICY: ["starts-with", "$success_action_status", ""],

In HTML: <input type="text" name="success_action_status" value="200" />

Restrictions:

  • If this parameter is set to 200 or 204, the response body is left blank.
  • If this parameter is set to 201, the response message contains an XML document that describes the response.
  • If this parameter is not specified or is invalid, the status code is 204.

Value range:

  • 200
  • 201
  • 204

Default value:

None

x-obs-website-redirect-location

String

No

Explanation:

If a bucket is configured with static website hosting, requests for one object in this bucket can be redirected to another object in the same bucket or to an external URL. OBS stores the value of this header in the object metadata.

Restrictions:

The value must start with a slash (/), http://, or https:// and cannot exceed 2K.

Value range:

None

Default value:

None

x-obs-server-side-encryption

String

No. This header is required when SSE-KMS is used.

Explanation:

Indicates that SSE-KMS is used for server-side encryption.

Example: x-obs-server-side-encryption:kms

Restrictions:

None

Value range:

  • kms
  • AES256

Default value:

None

x-obs-server-side-encryption-kms-key-id

String

No

Explanation:

ID of a specified key used for SSE-KMS encryption. For details about how to obtain a key ID, see Viewing a Key.

Restrictions:

This header can only be used when you specify kms for the x-obs-server-side-encryption header.

Default value:

If you specify kms for encryption but do not specify a key ID, the default master key will be used. If there is not a default master key, OBS will create one and use it.

x-obs-server-side-encryption-customer-algorithm

String

No. This header is required when SSE-C is used.

Explanation:

The algorithm used for encryption.

Example: x-obs-server-side-encryption-customer-algorithm:AES256

Restrictions:

  • This header is used only when SSE-C is used.
  • This header must be used with x-obs-server-side-encryption-customer-key and x-obs-server-side-encryption-customer-key-MD5.

Value range:

AES256

Default value:

None

x-obs-server-side-encryption-customer-key

String

No. This header is required when SSE-C is used.

Explanation:

The key used for encrypting an object.

Example: x-obs-server-side-encryption-customer-key:K7QkYpBkM5+hca27fsNkUnNVaobncnLht/rCB2o/9Cw=

Restrictions:

  • This header is used only when SSE-C is used.
  • This header is a Base64-encoded 256-bit key. It must be used with x-obs-server-side-encryption-customer-algorithm and x-obs-server-side-encryption-customer-key-MD5.

Value range:

None

Default value:

None

x-obs-server-side-encryption-customer-key-MD5

String

No. This header is required when SSE-C is used.

Explanation:

The MD5 value of the key used for encryption. Used to check whether any error occurs during the key transmission.

Example: x-obs-server-side-encryption-customer-key-MD5:4XvB3tbNTN+tIEVa0/fGaQ==

Restrictions:

  • This header is used only when SSE-C is used.
  • This header is a Base64-encoded 128-bit MD5 value. It must be used with x-obs-server-side-encryption-customer-algorithm and x-obs-server-side-encryption-customer-key.

Value range:

MD5 value of the key.

Default value:

None

x-obs-expires

Integer

No

Explanation:

When an object expires and is deleted (how many days after the last update).

You can configure this parameter when uploading an object. You can also modify it after the object is uploaded by using the metadata modification API.

Example: x-obs-expires:3

Restrictions:

The value must be greater than the number of days that have passed since the object was created. For example, if the object was uploaded 10 days ago, you must specify a value greater than 10.

Value range:

The value is an integer greater than 0.

Default value:

None

x-obs-object-lock-mode

String

No, but required when x-obs-object-lock-retain-until-date is present.

Explanation:

WORM mode applied to the object.

Example: x-obs-object-lock-mode:COMPLIANCE

Restrictions:

Currently, only COMPLIANCE (compliance mode) is supported.

This parameter must be used with x-obs-object-lock-retain-until-date.

Value range:

COMPLIANCE

Default value:

None

x-obs-object-lock-retain-until-date

String

No, but required when x-obs-object-lock-mode is present.

Explanation:

When the WORM policy of the object expires.

Example: x-obs-object-lock-retain-until-date:2015-07-01T04:11:15Z

Restrictions:

The value must be a UTC time that complies with the ISO 8601 standard. Example: 2015-07-01T04:11:15Z

This parameter must be used with x-obs-object-lock-mode.

Value range:

The time must be later than the current time.

Default value:

None

Response Syntax

1
2
3
4
5
HTTP/1.1 status_code
Content-Type: application/xml 
Location: location
Date: date
ETag: etag

Response Headers

The response to the request uses common headers. For details, see Table 1.

In addition to the common response headers, the headers listed in Table 3 may be used.

Table 3 Additional response headers

Header

Type

Description

x-obs-version-id

String

Explanation:

Object version ID.

Restrictions:

  • If versioning is enabled for the bucket, the object version ID will be returned.
  • If versioning is suspended for the bucket, a string null is returned.

Value range:

The value is automatically generated by the server.

Default value:

None

Access-Control-Allow-Origin

String

Explanation:

Returned if the request origin meets the CORS configured on the server.

Restrictions:

None

Value range:

The value that complies with the CORS

Default value:

None

Access-Control-Allow-Headers

String

Explanation:

Returned if the request headers meet the CORS configured on the server.

Restrictions:

None

Value range:

The value that complies with the CORS

Default value:

None

Access-Control-Max-Age

Integer

Explanation:

Value of MaxAgeSeconds in the CORS configuration on the server when CORS is configured for buckets.

Restrictions:

None

Value range:

An integer greater than or equal to 0, in seconds

Default value:

3000

Access-Control-Allow-Methods

String

Explanation:

If a bucket has CORS configured, and Access-Control-Request-Method in the request meets the CORS configuration on the server, the specified methods in the rule are returned.

Restrictions:

None

Value range:

  • GET
  • PUT
  • HEAD
  • POST
  • DELETE

Default value:

None

Access-Control-Expose-Headers

String

Explanation:

ExposeHeader in the CORS rules of the bucket. It specifies additional headers allowed in the response by a CORS rule. These headers provide extra information to clients. By default, a browser can access only headers Content-Length and Content-Type. If the browser needs to access other headers, you need to configure them as additional headers.

Restrictions:

Spaces, asterisks (*), ampersands (&), colons (:), less-than signs (<), and full-width characters are not allowed.

Value range:

None

Default value:

None

x-obs-server-side-encryption

String

Explanation:

The encryption method used by the server.

Example: x-obs-server-side-encryption:kms

Restrictions:

This header is included in a response if SSE-KMS is used.

Value range:

  • kms
  • AES256

Default value:

None

x-obs-server-side-encryption-kms-key-id

String

Explanation:

ID of a specified key used for SSE-KMS encryption. For details about how to obtain a key ID, see Viewing a Key.

Restrictions:

This header can only be used when you specify kms for the x-obs-server-side-encryption header.

Default value:

If you specify kms for encryption but do not specify a key ID, the default master key will be used. If there is not a default master key, OBS will create one and use it.

x-obs-server-side-encryption-customer-algorithm

String

Explanation:

The algorithm used for encryption.

Example: x-obs-server-side-encryption-customer-algorithm:AES256

Restrictions:

Only for SSE-C server-side encryption.

Value range:

AES256

Default value:

None

x-obs-server-side-encryption-customer-key-MD5

String

Explanation:

The MD5 value of the key used for encryption.

Example: x-obs-server-side-encryption-customer-key-MD5:4XvB3tbNTN+tIEVa0/fGaQ==

Restrictions:

Only for SSE-C server-side encryption.

Value range:

MD5 value of the key.

Default value:

None

Response Elements

This response contains no elements.

Error Responses

No special error responses are returned. For details about error responses, see Table 2.

Sample Request: Uploading an Object Using POST

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
POST / HTTP/1.1
Date: WED, 01 Jul 2015 04:15:23 GMT
Host: examplebucket.obs.region.myhuaweicloud.com
Content-Type: multipart/form-data; boundary=7db143f50da2
Content-Length: 2424
Origin: www.example.com
Access-Control-Request-Headers:acc_header_1

--7db143f50da2
Content-Disposition: form-data; name="key"

object01
--7db143f50da2
Content-Disposition: form-data; name="acl"

public-read
--7db143f50da2 
Content-Disposition: form-data; name="content-type"

text/plain
--7db143f50da2
Content-Disposition: form-data; name="expires"

WED, 01 Jul 2015 04:16:15 GMT
--7db143f50da2
Content-Disposition: form-data; name="AccessKeyId"

14RZT432N80TGDF2Y2G2
--7db143f50da2
Content-Disposition: form-data; name="policy"

ew0KICAiZXhaaXJhdGlvbiI6ICIyMDE1LTA3LTAxVDEyOjAwOjAwLjAwMFoiLA0KICAiY29uZGl0aW9ucyI6IFsNCiAgICB7ImJ1Y2tldCI6ICJleG1hcGxlYnVja2V0IiB9LA0KICAgIHsiYWNsIjogInB1YmxpYy1yZWFkIiB9LA0KICAgIHsiRXhaaXJlcyI6ICIxMDAwIiB9LA0KICAgIFsiZXEiLCAiJGtleSIsICJvYmplY3QwMSJdLA0KICAgIFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJ0ZXh0LyJdLA0KICBdDQp9DQo=
--7db143f50da2
Content-Disposition: form-data; name="signature"

Vk6rwO0Nq09BLhvNSIYwSJTRQ+k=
--7db143f50da2
Content-Disposition: form-data; name="x-obs-persistent-headers"
 
test:dmFsdWUx
--7db143f50da2
Content-Disposition: form-data; name="x-obs-grant-read"
 
id=52f24s3593as5730ea4f722483579xxx
--7db143f50da2
Content-Disposition: form-data; name="x-obs-server-side-encryption"
 
kms
--7db143f50da2
Content-Disposition: form-data; name="x-obs-website-redirect-location"
 
http://www.example.com/
--7db143f50da2
Content-Disposition: form-data; name="file"; filename="C:\Testtools\UpLoadFiles\object\1024Bytes.txt"
Content-Type: text/plain

01234567890
--7db143f50da2
Content-Disposition: form-data; name="submit"

Upload
--7db143f50da2--

Sample Response: Uploading an Object Using POST

After CORS is configured for a bucket, the response contains the Access-Control-* information.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
HTTP/1.1 204 No Content
x-obs-request-id: 90E2BA00C26C00000133B442A90063FD
x-obs-id-2: OTBFMkJBMDBDMjZDMDAwMDAxMzNCNDQyQTkwMDYzRkRBQUFBQUFBQWJiYmJiYmJi
Access-Control-Allow-Origin: www.example.com
Access-Control-Allow-Methods: POST,GET,HEAD,PUT
Access-Control-Allow-Headers: acc_header_01
Access-Control-Max-Age: 100
Access-Control-Expose-Headers: exp_header_01
Content-Type: text/xml
Location: http://examplebucket.obs.region.myhuaweicloud.com/object01
Date: WED, 01 Jul 2015 04:15:23 GMT
ETag: "ab7abb0da4bca5323ab6119bb5dcd296"

Sample Request: Uploading an Object (with x-obs-acl and a Storage Class Specified)

Upload an object with the x-obs-acl, storage class, and redirection header fields carried in the request message.

Before encoding, the policy content is as follows:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
{
    "expiration":"2018-07-17T04:54:35Z",
    "conditions":[
        {
            "content-type":"text/plain"
        },
        {
            "x-obs-storage-class":"WARM"
        },
        {
            "success_action_redirect":"http://www.example.com"
        },
        {
            "x-obs-acl":"public-read"
        },
        [
            "starts-with",
            "$bucket",
            ""
        ],
        [
            "starts-with",
            "$key",
            ""
        ]
    ]
}

Sample request:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
POST / HTTP/1.1
Host: examplebucket.obs.region.myhuaweicloud.com
Accept-Encoding: identity
Content-Length: 947
Content-Type: multipart/form-data; boundary=9431149156168
User-Agent: OBS/Test

--9431149156168
Content-Disposition: form-data; name="x-obs-acl"

public-read
--9431149156168
Content-Disposition: form-data; name="AccessKeyId"

H4IPJX0TQTHTHEBQQCEC
--9431149156168
Content-Disposition: form-data; name="key"

my-obs-object-key-demo
--9431149156168
Content-Disposition: form-data; name="signature"

WNwv8P1ZiWdqPQqjXeLmAfzPDAI=
--9431149156168
Content-Disposition: form-data; name="policy"

eyJleHBpcmF0aW9uIjoiMjAxOC0wNy0xN1QwODozNDoyM1oiLCAiY29uZGl0aW9ucyI6W3siY29udGVudC10eXBlIjoidGV4dC9wbGFpbiJ9LHsieC1vYnMtYWNsIjoicHVibGljLXJlYWQifSxbInN0YXJ0cy13aXRoIiwgIiRidWNrZXQiLCAiIl0sWyJzdGFydHMtd2l0aCIsICIka2V5IiwgIiJdXX0=
--9431149156168
Content-Disposition: form-data; name="content-type"

text/plain
--9431149156168
Content-Disposition: form-data; name="file"; filename="myfile"
Content-Type: text/plain

c2c6cd0f-898e-11e8-aab6-e567c91fb541
52b8e8a0-8481-4696-96f3-910635215a78

--9431149156168--

Sample Response: Uploading an Object (with x-obs-acl and a Storage Class Specified)

1
2
3
4
5
6
7
HTTP/1.1 204 No Content
Server: OBS
Location: http://examplebucket.obs.region.myhuaweicloud.com/my-obs-object-key-demo
ETag: "17a83fc8d431273405bd266114b7e034"
x-obs-request-id: 5DEB00000164A728A7C7F4E032214CFA
x-obs-id-2: 32AAAUJAIAABAAAQAAEAABAAAQAAEAABCSwj2PcBE0YcoLHUDO7GSj+rVByzjflA
Date: Tue, 17 Jul 2018 07:33:36 GMT

Sample Request: Using a Token for Authentication

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
POST / HTTP/1.1
Content-Type:multipart/form-data; boundary=9431149156168
Content-Length: 634
Host: examplebucket.obs.region.myhuaweicloud.com
 
--9431149156168
Content-Disposition: form-data; name="key"
obj01
 
--9431149156168
Content-Disposition: form-data; name="token"
UDSIAMSTUBTEST002538:XsVcTzR2/A284oE4VH9qPndGcuE=:eyJjb25kaXRpb25zIjogW3siYnVja2V0IjogInRlc3QzMDAzMDU4NzE2NjI2ODkzNjcuMTIifSwgeyJDb250ZW50LVR5cGUiOiAiYXBwbGljYXRpb24veG1sIn0sIFsiZXEiLCAiJGtleSIsICJvYmoudHh0Il1dLCAiZXhwaXJhdGlvbiI6ICIyMDIyLTA5LTA5VDEyOjA5OjI3WiJ9
 
--9431149156168
Content-Disposition: form-data; name="file"; filename="myfile"
Content-Type: text/plain
01234567890
 
--9431149156168--
Content-Disposition: form-data; name="submit"
Upload to OBS

Sample Response: Using a Token for Authentication

1
2
3
4
5
6
7
HTTP/1.1 204 No Content
Server: OBS
Location: http://examplebucket.obs.region.myhuaweicloud.com/my-obs-object-key-demo
ETag: "7eda50a430fed940023acb9c4c6a2fff"
x-obs-request-id: 000001832010443D80F30B649B969C47
x-obs-id-2: 32AAAUgAIAABAAAQAAEAABAAAQAAEAABCTj0yO9KJd5In+i9pzTgCDVG9vMnk7O/
Date: Fri,09Sep 2022 02: 24:40 GMT

Sample Request: Specifying an Object Expiration Time

POST / HTTP/1.1 
Date: WED, 01 Jul 2015 04:15:23 GMT 
Host: examplebucket.obs.cn-north-4..com 
Content-Type: multipart/form-data; boundary=148828969260233905620870
Content-Length: 1639 
Origin: www.example.com 
Access-Control-Request-Headers:acc_header_1 
 
--148828969260233905620870 
Content-Disposition: form-data; name="key" 
 
object01
--148828969260233905620870
Content-Disposition: form-data; name="ObsAccessKeyId"
 
55445349414d5354554254455354303030303033
--148828969260233905620870
Content-Disposition: form-data; name="signature"
 
396246666f6f42793872792f7a3958524f6c44334e4e69763950553d--7db143f50da2 
--148828969260233905620870
Content-Disposition: form-data; name="policy" 
 
65794a6c65484270636d463061573975496a6f694d6a41794d7930774e6930784e565178...
--148828969260233905620870
Content-Disposition: form-data; name="x-obs-expires"
 
4
--148828969260233905620870
Content-Disposition: form-data; name="file"; filename="test.txt"
Content-Type: text/plain 
 
01234567890
--148828969260233905620870
Content-Disposition: form-data; name="submit" 
 
Upload 
--148828969260233905620870--

Sample Response: Specifying an Object Expiration Time

 
HTTP/1.1 204 No Content 
Server: OBS 
Date: Thu, 15 Jun 2023 12:39:03 GMT
Connection: keep-alive
Location: http://examplebucket.obs.cn-north-4..com/my-obs-object-key-demo 
x-obs-expiration: expiry-date="Tue, 20 Jun 2023 00:00:00 GMT"
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-obs-request-id: 00000188BF11049553064911000FC30D
x-obs-id-2: 32AAAUJAIAABAAAQAAEAABAAAQAAEAABCSwj2PcBE0YcoLHUDO7GSj+rVByzjflA 
x-forward-status: 0x40020000000001
x-dae-api-type: REST.POST.OBJECT

Sample Request: Specifying a Status Code

Set the status code of a successful action to 200.

POST /srcbucket HTTP/1.1
User-Agent: PostmanRuntime/7.26.8
Accept: */*
Postman-Token: 667dcc44-1c48-41ba-9e41-9f87d8975089
Host: obs.cn-north-4..com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: multipart/form-data; boundary=--------------------------285613759795901770404350
Content-Length: 1134
 
----------------------------285613759795901770404350
Content-Disposition: form-data; name="key"
 
obj
----------------------------285613759795901770404350
Content-Disposition: form-data; name="ObsAccessKeyId"
 
XXXXXXXXXXXXXXX000003
----------------------------285613759795901770404350
Content-Disposition: form-data; name="signature"
 
9rc4bVhDPQ7eHtw17hWtYxLnBWU=
----------------------------285613759795901770404350
Content-Disposition: form-data; name="policy"
 
eyJleHBpcmF0aW9uIjoiMjAyMy0wNi0xNVQxNDoxMTozNFoiLCAiY29uZGl0aW9ucyI6W3siYnVja2V0Ijoic3JjYnVja2V0MiJ9LHsic3VjY2Vzc19hY3Rpb25fc3RhdHVzIjoiMjAwIn0seyJjb250ZW50LXR5cGUiOiJ0ZXh0L3BsYWluIn0seyJrZXkiOiIzMzMifSxdfQ==
----------------------------285613759795901770404350
Content-Disposition: form-data; name="success_action_status"
 
200
----------------------------285613759795901770404350
Content-Disposition: form-data; name="file"; filename="test.txt"
Content-Type: text/plain
 
 
----------------------------285613759795901770404350
Content-Disposition: form-data; name="submit"
 
Upload to OBS
----------------------------285613759795901770404350--

Sample Response: Specifying a Status Code

Response to the configuration of success status code 200

HTTP/1.1 200 OK
Server: OBS
Date: Thu, 15 Jun 2023 13:12:51 GMT
Content-Length: 0
Connection: keep-alive
Location: http://obs.cn-north-4..com/srcbucket/obj
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-obs-request-id: 00000188BF2FF55F5306426E000FE366
x-obs-id-2: 32AAAUJAIAABAAAQAAEAABAAAQAAEAABCScDjcXgZ7oMYSVnZnk4+HrClVwLVPTi
x-forward-status: 0x40020000000001
x-dae-api-type: REST.POST.OBJECT

Sample Request: Uploading an Object (with a WORM Retention Policy Configured)

POST /srcbucket HTTP/1.1
User-Agent: PostmanRuntime/7.26.8
Accept: */*
Postman-Token: 4c2f4c7e-2e0b-46c0-b1a7-4a5da560b6a1
Host: obs.cn-north-4..com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: multipart/form-data; boundary=--------------------------940435396775653808840608
Content-Length: 1409
 
----------------------------940435396775653808840608
Content-Disposition: form-data; name="key"
 
obj
----------------------------940435396775653808840608
Content-Disposition: form-data; name="ObsAccessKeyId"
 
XXXXXXXXXXXXXXX000003
----------------------------940435396775653808840608
Content-Disposition: form-data; name="signature"
 
X/7QiyMYUvxUWk0R5fToeTcgMMU=
----------------------------940435396775653808840608
Content-Disposition: form-data; name="policy"
 
eyJleHBpcmF0aW9uIjoiMjAyMy0wNi0xNVQxNDoyMjo1MVoiLCAiY29uZGl0aW9ucyI6W3sieC1vYnMtb2JqZWN0LWxvY2stcmV0YWluLXVudGlsLWRhdGUiOiJUaHUsIDIwIEp1biAyMDIzIDEzOjEyOjUxIEdNVCJ9LHsieC1vYnMtb2JqZWN0LWxvY2stbW9kZSI6IkNPTVBMSUFOQ0UifSx7ImJ1Y2tldCI6InNyY2J1Y2tldDIifSx7ImNvbnRlbnQtdHlwZSI6InRleHQvcGxhaW4ifSx7ImtleSI6IjMzMyJ9LF19
----------------------------940435396775653808840608
Content-Disposition: form-data; name="x-obs-object-lock-mode"
 
COMPLIANCE
----------------------------940435396775653808840608
Content-Disposition: form-data; name="x-obs-object-lock-retain-until-date"
 
Thu, 20 Jun 2023 13:12:51 GMT
----------------------------940435396775653808840608
Content-Disposition: form-data; name="file"; filename="test.txt"
Content-Type: text/plain
 
 
----------------------------940435396775653808840608
Content-Disposition: form-data; name="submit"
 
Upload to OBS
----------------------------940435396775653808840608--

Sample Response: Uploading an Object (with a WORM Retention Policy Configured)

HTTP/1.1 204 No Content
Server: OBS
Date: Thu, 15 Jun 2023 13:24:03 GMT
Connection: keep-alive
Location: http://obs.cn-north-4..com/srcbucket/obj
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-obs-request-id: 00000188BF3A36EE5306427D000FEE0A
x-obs-id-2: 32AAAUJAIAABAAAQAAEAABAAAQAAEAABCS/5pj0p0hAQcDVI3B6E5y167zy4eAQv
x-forward-status: 0x40020000000001
x-dae-api-type: REST.POST.OBJECT