Cloud Storage API
VK Cloud provides a RESTful XML API for programmatically manipulating stored data using standard HTTP requests. The API is compatible with the Amazon AWS S3 API, allowing you to interact with the service using familiar tools.
The Cloud Storage API is designed to interact with the Amazon AWS S3 API. In most cases, when using the client library, setting the "endpoint" or "base" URL hb.vkcs.cloud and creating the Cloud Storage key pair will allow the Cloud Storage service.
Cloud Storage provides support for create, read, update, and delete operations for both buckets and objects, as well as the ability to define access control lists (ACLs). Some S3 features are not supported, as shown in the table below:
Function | Support | Note |
Bucket Create, Read, Update, Delete | Yes | |
Object Create, Read, Update, Delete | Yes | |
Multipart Uploads | Yes | |
Pre-Signed URLs | Yes | Both v2 and v4 signature types are supported |
Bucket ACLs | Yes | |
Object ACLs | Yes | |
Identity and Access Management (IAM) | No | |
Security Token Service (STS) | No | |
Multi-factor Authentication | No | |
Public Access Block | No | |
Bucket Policies | No | |
Object Policies | No | |
Bucket Versioning | No | |
Bucket Replication | No | |
Bucket Notifications | No | |
Bucket Tagging | No | |
Object Tagging | Yes | |
Request Payment | No | |
Bucket Lifecycle | Yes | Object expiration and removal of incomplete compound downloads are supported. Lifecycle policies based on tagging objects are not supported. |
Bucket Inventory | No | |
Bucket Access Logging | No | |
Bucket Metrics | No | |
Bucket Analytics | No | |
Bucket Accelerate | No | |
Bucket Encryption Configuration | No | |
Bucket Websites | No | |
Object Torrent | No | |
Object Lock | No |
API requests for S3 functions that are not currently supported by VK Cloud will receive an S3-compliant NotImplemented error response in XML format.
Python example
import boto3from botocore.client import Config# Initialize session to Cloud Storage.session = boto3.session.Session ()client = session.client ('s3',region_name = 'ru-msk',endpoint_url = 'https: //hb.vkcs.cloud',aws_access_key_id = 'urvt4LXPwoSL9s6ieGTLT5',aws_secret_access_key = '5JogfQUsWzzBE9xG1mbBkMkgW7pxY4TGyHgefSC9n2Xx')# Create a new bucket.client.create_bucket (Bucket = 'my-test-bucket1')# View the list of buckets in the project.response = client.list_buckets ()buckets = [bucket ['Name'] for bucket in response ['Buckets']]print ("Bucket List:% s"% buckets)
Go example
package mainimport ("context""fmt""log""os""github.com/minio/minio-go""github.com/minio/minio-go/pkg/credentials")func main () {accessKey: = os.Getenv ("VK Cloud_KEY")secKey: = os.Getenv ("VK Cloud_SECRET")endpoint: = "hb.vkcs.cloud"bucketName: = "my-test-bucket1" // Bucket names must be unique for all VK Cloud projectsssl: = trueif accessKey == "" || secKey == "" {log.Fatal ("Must provide VK Cloud_KEY and VK Cloud_SECRET environment variables!")}// Connect to Cloud Storageclient, err: = minio.New (endpoint, & minio.Options {Creds: credentials.NewStaticV4 (accessKey, secKey, ""),Secure: ssl,})if err! = nil {log.Fatal (err)}// Create a new bucket.err = client.MakeBucket (context.TODO (), bucketName, minio.MakeBucketOptions {Region: "ru-msk"})if err! = nil {log.Fatal (err)}// Show a list of all buckets.buckets, err: = client.ListBuckets (context.TODO ())if err! = nil {log.Fatal (err)}fmt.Println ("List of all buckets for this access key:")for _, bucket: = range buckets {fmt.Println (bucket.Name)}}
Requests to the Cloud Storage APIs must include the HTTP-Authorization header. The AWS v4 signature type is supported, as well as the AWS v2 signature type for compatibility with legacy customers. The examples below use v4 signatures. When using the client library, signatures will be generated automatically.
You can create the required access key and secret key in the "Accounts" menu of the "Object Storage" service of the graphical interface of the VK Cloud panel.
When creating an account, an Access Key ID and Secret Key values will be generated that are required for use.
The v4 signature consists of several parts. The table below describes each part of the example separately:
Parameter | Description |
AWS4-HMAC-SHA256 | AWS Version 4 Signature (AWS4) and Signature Algorithm (HMAC-SHA256) |
Credential | Contains an access key and request information in the format: $ {ACESS_KEY} / $ {YYYMMDD} / $ {REGION_SLUG} / s3 / aws4_request |
SignedHeaders | A lowercase list of request header names used in signature computation, for example: host; x-amz-acl; x-amz-content-sha256; x-amz-date |
Signature | A signed hash consisting of the hash of the request body, the secret key, and information about the request (canonical request). To demonstrate how this is calculated, a "pseudo-code" example is provided. |
Authorization header example
Authorization: AWS4-HMAC-SHA256Credential = urvt4LXPwoSL9s6ieGTLT5 / 20200831 / ru-msk / s3 / aws4_request,SignedHeaders = host; x-amz-acl; x-amz-content-sha256; x-amz-date,Signature = 6cab03bef74a80a0441ab7fd33c829a2cdb46bba07e82da518cdb78ac238fda5
Signature example (pseudo code)
canonicalRequest = \`{HTTPMethod} \ n{canonicalURI} \ n{canonicalQueryString} \ n{canonicalHeaders} \ n{signedHeaders} \ n{hashedPayload}\`stringToSign = "AWS4-HMAC-SHA256" + "\ n" +date (format = ISO08601) + "\ n" +date (format = YYYYMMDD) + "/" + "ru-msk" + "/" + "s3 / aws4_request" + "\ n" +Hex (SHA256Hash (canonicalRequest))dateKey = HMAC-SHA256 ("AWS4" + {SECRET_KEY}, date (format = YYYYMMDD))dateRegionKey = HMAC-SHA256 (dateKey, "ru-msk")dateRegionServiceKey = HMAC-SHA256 (dateRegionKey, "s3")signingKey = HMAC-SHA256 (dateRegionServiceKey, "aws4_request")signature = Hex (HMAC-SHA256 (signingKey, stringToSign))
The canonical request included in the signature consists of:
- The HTTP request method to use.
- Path component of the request URI.
- Query string parameters included in the request.
- A list of request headers and their values, separated by a newline, in lowercase and without spaces.
- A list of header names without values, sorted alphabetically, in lowercase, and separated by semicolons.
- The SHA256 hash of the request body.
For example, for the following query:
GET /? Acl HTTP / 1.1Host: my-test-bucket1.hb.vkcs.cloudx-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855x-amz-date: 20200831T221549Z
This is the canonical query:
GET/acl =host: my-test-bucket1.hb.vkcs.cloudx-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855x-amz-date: 20200831T221549Zhost; x-amz-content-sha256; x-amz-datee3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Common headers that can be used in most requests:
Name | Description |
Authorization | Authorization details for request in AWS Signature Version 4 or AWS Signature Version 2 format |
Content-Length | The length of the request body in bytes. Required for PUT requests containing an XML body. |
Content-Type | The MIME type of the request body (e.g. text / plain) |
Date | Current date and time in Coordinated Universal Time (UTC) format in RFC 2822 format. Example: Mon, 10 Jul 2017 19:05:09 +0000 |
Host | The target host for the request (for example, my-test-bucket1.hb.vkcs.cloud). |
x-amz-content-sha256 | The SHA256 hash of the request payload. Required when using AWS Signature Version 4 for authentication. |
x-amz-date | The current date and time in Coordinated Universal Time (UTC) using the ISO 8601 format:% Y% m% dT% H% M% SZ (for example 20200831T172753Z). If provided, it takes precedence over the Date heading. |
These general headers can also be found in most of the answers:
Name | Description |
Content-Length | Response body length in bytes |
Content-Type | The MIME type of the request body (e.g. text / plain) |
Connection | Indicator of whether the connection to the server is open or closed |
Date | Date and time of response, in Coordinated Universal Time (UTC) |
Etag | Object tag containing the MD5 hash of the object |
x-amz-request-id | Unique request ID |