Search

myQNAPcloud Object S3 API Guide

最后修订日期: 2025-04-28

Applicable Products

myQNAPcloud Object

What is myQNAPcloud Object?

myQNAPcloud Object is a cloud-based object storage service designed to provide high-performance, reliable, and secure data storage for a broad range of applications and use cases. This service is built to be fully compatible with the Amazon Web Service Simple Storage Service (AWS S3) API, ensuring seamless integration with S3-compatible applications and gateway devices.

myQNAPcloud Object is tailored for individuals and organizations seeking a cost-effective and efficient data storage infrastructure. Designed to work with S3-compatible applications, myQNAPcloud Object enables users to leverage familiar tools and workflows while benefiting from the reliability and flexibility of QNAP’s ecosystem.

  • Compatibility: myQNAPcloud Object is designed to be fully compatible with the AWS S3 API, ensuring that existing AWS S3-compatible applications can work seamlessly.
  • Performance: myQNAPcloud Object offers a high-performance storage solution optimized for reliability and efficiency.

About myQNAPcloud Object S3 API Guide

While myQNAPcloud Object aligns closely with AWS S3, certain features may have been enhanced or implemented differently. This guide aims to clarify these nuances to help users maximize the potential of myQNAPcloud Object.

This guide uses examples involving access to buckets in specific myQNAPcloud Object regions. For more information about region-specific endpoints and service URLs, see "Service URLs for myQNAPcloud Object Storage Regions".

Note
  • Regional URLs: When accessing buckets, ensure that you use URLs specific to the myQNAPcloud Object storage region where your bucket is created. Using the incorrect URL may allow GET requests but could result in errors for PUT or DELETE operations. Refer to the [Service URLs for myQNAPcloud Object Storage Regions].
  • ASW IAM: Unlike AWS, myQNAPcloud Object does not include support for AWS IAM (Identity and Access Management). Therefore, this guide focuses exclusively on S3 API compatibility and does not reference IAM-related capabilities.

REST API Introduction

Host Designation

myQNAPcloud Object supports both path-style and virtual-style requests, similar to AWS S3. A unique host name is required (for example, s3.us-east-1.myqnapcloud.io versus s3.amazonaws.com). We recommend using path-style requests, as shown in all examples in this guide (e.g., http://s3.us-east-1.myqnapcloud.io/my-bucket/my-object) because path-style requests provide greater flexibility in bucket naming, avoiding domain name conflicts.

Always Consistent

Unlike the strong consistency model of AWS S3, myQNAPcloud Object provides an "always consistent" view of all operations. This ensures that any operation following another will produce consistent results. For instance, after deleting an object (DELETE operation), performing a subsequent HEAD request will always confirm the object's deletion, eliminating the need for additional programming to wait for operation completion.

Authenticating Requests

myQNAPcloud Object supports both autonomous and signature versions 2 and 4, compatible with AWS S3, for headers and query parameters. While signature version 4 offers better security, it requires more computational resources due to the overhead of calculating the SHA256 hash. If performance is critical, signature version 2 may be used, with MD5 (returned as the ETag header) ensuring data integrity.

For version 4 signing requests, all regions are supported for myQNAPcloud Object signing requests.

myQNAPcloud Object does not support signature signing for browser-based uploads or HTML form requests, as these operations are not currently supported.

For version 2 signing, the following sub-resource keys are specified as query parameters in requests:

  • append
  • compose
  • force_delete=true

These query parameters must be included when calculating the signature for PutObject and DeleteBucket operations.

Error Responses

Wherever possible, myQNAPcloud Object uses error responses compatible with AWS S3. Additional error codes may also be provided for enhanced functionality.

HTTP Error Codes

Error CodemyQNAPcloud Object DescriptionHTTP Status Code
UnavailableTemporarily unavailable503
UnrecoverableData Unrecoverable
Not ImplementedNot Implemented501
DB Entity Not foundNo such entity404
DB Entity FoundEntity Already Exists409
Disconnect ErrorConnection Closed410
Status Internal Server ErrorInternal Error: We encountered an internal error. Please contact customer support.500
Status ForbiddenAccess Denied403
Access Forbidden
Account Not Activated
Account Problem
Authentication Lockout: There have been too many attempts to access the account with the wrong credentials. Please try again in five minutes.
Invalid Access Key ID: The AWS Access Key ID you provided does not exist in our records.
Invalid Authentication Code: Authentication code for device is not valid.
Request Time Too Skewed: The difference between the request time and the current time is too large.
Invalid Object State: The operation is not valid for the current state of the object.
Status Bad RequestAuthorization Header Malformed400
Authorization Query Parameters Error
Bad Digest: The Content-MD5 you specified did not match what we received.
Bad Request: An error occurred when parsing the HTTP request.
Incomplete Signature: Request must contain a signature that conforms to AWS standards.
Invalid Action
Invalid Argument
Invalid Digest: The Content-MD5 you specified was invalid.
Invalid Input
Invalid Parameter Value: An invalid or out-of-range value was supplied for the input parameter.
Invalid Request
Malformed Policy
Malformed Policy Document
Password Policy Violation
Validation Error
X Amz Content SHA256 Mismatch: The provided 'x-amz-content-sha256' header does not match what was computed.
Encryption Not Allowed: User provided encryption keys are not allowed in this operation. 
The object was stored using a form of Server Side Encryption. The correct parameters must be provided to retrieve the object.
Entity Too Large: Your proposed upload is larger than the maximum allowed size.
Entity Too Small: Your proposed upload is smaller than the minimum allowed size.
Illegal Compliance Request
Illegal Versioning Configuration Exception: The versioning configuration specified in the request is not valid.
Incomplete Body: You did not provide the number of bytes specified by the Content-Length HTTP header.
Invalid ACL Request: You must provide only one of either ACL headers or an XML body when setting ACLs.
Invalid Argument
Invalid Bucket Name: The specified bucket is not valid.
Invalid Encryption Algorithm Error: The Encryption request you specified is not valid. Supported value: AES256.
Invalid Part Order: The list of parts was not in ascending order. Parts must be ordered by part number.
Invalid Part: One or more of the specified parts could not be found. The part may not have been uploaded, or the specified entity tag may not match the part's entity tag.
Invalid Policy Document: The content of the form does not meet the conditions specified in the policy document.
Key Too Long Error: Your key is too long.
Logging Bucket Same Owner: The logging target bucket must have the same owner as the bucket being logged.
Malformed XML: The XML you provided was not well formed or did not validate against our published schema.
Meta data Too Large: Your metadata headers exceed the maximum allowed metadata size.
Request Timeout: Your socket connection to the server was not read from or written to within the timeout period.
Too Many Buckets: You have attempted to create more buckets than allowed.
Too Many Components: A composite object may not have more than 1024 components.
Unresolvable Grant By Email Address: The email address you provided does not match any account on record.
Storage Quota Exceeded: Your account has surpassed its storage limit.
Bucket Account Inactive: The account that owns this bucket is not active.
Status GoneConnection Closed: Network connection was closed.410
Status Unprocessable EntityData Unrecoverable: The data in the request is unrecoverable. Please contact customer support.422
Status ConflictDelete Conflict409
Entity Already Exists
Entity Temporarily Unmodifiable: The entity is temporarily unmodifiable. Please try again later.
Limit Exceeded
Operation Aborted: A conflicting conditional operation is currently in progress against this resource. Please try again.
Bucket Already Exists
Bucket Not Empty 
Compliance Settings Locked: The compliance settings are now locked and cannot be changed.
Status Not FoundNo Such Entity404
No Such Lifecycle Configuration: The lifecycle configuration does not exist.
No Such Bucket: The specified bucket does not exist.
No Such Bucket Policy: The bucket policy does not exist.
No Such Key: The specified key does not exist.
No Such Replication Configuration: The replication configuration does not exist.
No Such Tag Set Error: There is no tag set associated with the bucket.
No Such Upload: The specified upload does not exist. The upload ID may be invalid, or the upload may have been aborted or completed.
No Such Version: The specified version does not exist.
Status Not ImplementedNot Implemented: A header you provided implies functionality that is not implemented.501
Status Service UnavailableTemporarily Unavailable: Resources for this operation are temporarily unavailable. Please try again later.503
Status FoundKey Already Exists302
Status Method Not AllowedMethod Not Allowed: This method is not allowed for other than the account owner.405
Method Not Allowed: The specified method is not allowed against this resource.
Status Length RequiredMissing Content Length: You must provide the Content-Length HTTP header.411

TCP Error Codes

myQNAPcloud Object supports the following TCP error codes:

  • Unexpected EOF
  • Broken Pipe
  • Connection reset by Peer

Not Supported in myQNAPcloud Object

OperationDescription
SOAPAWS S3 has deprecated support for SOAP, and myQNAPcloud Object does not support any SOAP operations.

Operations on Buckets with myQNAPcloud Object S3 API

Operations on buckets include: deleting, renaming, and logging buckets as well as cross-origin resource sharing (CORS) support, lifecycle policy, object locking, and compliance.

Force Delete Bucket

AWS S3 will not allow you to delete a bucket if it contains objects that have not been deleted.

myQNAPcloud Object provides a force delete option that first deletes all the objects in the bucket and then deletes the bucket. The deletion of objects is subject to policy and compliance requirements on the bucket.

To use the force delte option, simply add it as a query string. For example:

DELETE http://s3.us-east-1.myqnapcloud.io/my-bucket?force_delete=true HTTP/1.1

Renaming a Bucket

AWS S3 does not support renaming of buckets. It only supports renaming of objects in a bucket.

myQNAPcloud Object supports the renaming of buckets. The new bucket name must not be in use for the renaming to be successful. The caller must have the s3:CreateBucket policy permission to rename a bucket.

To rename a bucket, use the HTTP method MOVE along with the header field “Destination” to give the new bucket name. For example: 

MOVE http://s3.us-east-1.myqnapcloud.io/my_old_bucket HTTP/1.1
Destination: my_new_bucket

MFA (Multi-Factor Authentication) Delete

myQNAPcloud Object supports the “x-amz-mfa” header while:

  • configuring versioning on a bucket, or
  • deleting objects with object deletion requests compatible with AWS S3.

myQNAPcloud Object does not require the “x-amz-mfa” header if the user's access credentials signing the request were authenticated with MFA. myQNAPcloud Object only supports virtual MFA devices.

Maximum Number of Buckets

Standard AWS S3 supports only 100 buckets.

myQNAPcloud Object allows for a maximum of 1000 buckets per account and this number may be increased by contacting myQNAPcloud Object Customer Support.

Bucket Logging

myQNAPcloud Object supports bucket logging, which creates a text log file of all access to a bucket. The format of the log file is identical to the AWS S3 log file.

myQNAPcloud Object bucket logging does not require any ACL permission settings to store logs in a target bucket. Although you can give permission settings in the logging request or in an ACL, they are not required for logging to work in myQNAPcloud Object. However, the bucket that is a target for log files must be inside the same account as the bucket being logged.

Bucket Cross-Origin Resource Sharing (CORS) Support

For compatibility with browser access to myQNAPcloud Object as a web server, the myQNAPcloud Object server will return CORS headers when the header “Origin” is given in an HTTP request. Additionally, the server supports the HTTP method OPTIONS on either buckets or objects to return the CORS headers needed for a browser pre-flight test before accessing myQNAPcloud Object.

Different from AWS, myQNAPcloud Object returns the settings that will allow the browser full access to myQNAPcloud Object. Hence, myQNAPcloud Object does not support the AWS functions that allow a PUT and GET on a bucket with the “cors” parameter in the URL. Note that allowing browser full access to data does not affect the security of access to any objects and all access policies will still be enforced.

The following are the HTTP headers returned by default when the header “Origin” is given in an HTTP request:

Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, MOVE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 86400

Lifecycle Policy

The Lifecyle feature establishes a Lifecycle policy with rules to define actions that you want myQNAPcloud Object to take during the life of an object. This feature replaces the need to manually delete an object after a retention period.

Configuring Lifecycle Settings 

The lifecycle settings for a bucket are configuring with the "put-bucket-lifecycle-configuration" command. For example: 

$ aws s3api put-bucket-lifecycle-configuration --bucket 1-1-1-1 --endpoint-url https://s3.us-east-1.myqnapcloud.io --lifecycle-configuration file://lifecycle.json
{

    "Rules": [
        {
            "Expiration": {
                "Days": 1
            },
            "ID": "lifecycle_rule_1",
            "Filter": {
                "And": {
                    "ObjectSizeGreaterThan": 1,
                    "ObjectSizeLessThan": 21474836480
                }
            },
            "Status": "Enabled"
        },
        {
            "Expiration": {
                "Days": 1
            },
            "ID": "object_lifecycle_rule_bucket_6807766",
            "Filter": {
                "Prefix": "1"
            },
            "Status": "Enabled"
        }
    ]
}

Here is another example:  

PUT https://s3.us-east-1.myqnapcloud.io/1-1-1-1?lifecycle
<LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <Rule>
        <Expiration>
            <Days>1</Days>
        </Expiration>
        <ID>lifecycle_rule_1</ID>
        <Filter>
            <And>
                <ObjectSizeGreaterThan>1</ObjectSizeGreaterThan>
                <ObjectSizeLessThan>21474836480</ObjectSizeLessThan>
            </And>
        </Filter>
        <Status>Enabled</Status>
    </Rule>
    <Rule>
        <Expiration>
            <Days>1</Days>
        </Expiration>
        <ID>object_lifecycle_rule_bucket_6807766</ID>
        <Filter>
            <Prefix>1</Prefix>
        </Filter>
        <Status>Enabled</Status>
    </Rule>
</LifecycleConfiguration>

There is no response body for this call.

Retrieving Lifecycle Settings

The lifecycle settings for a bucket can be retrieved with the "get-bucket-lifecycle-configuration" command. For example:

$ aws s3api get-bucket-lifecycle-configuration --bucket 1-1-1-1 --endpoint-url https://s3.us-east-1.myqnapcloud.io
{
    "Rules": [
        {
            "Expiration": {
                "Days": 1
            },
            "ID": "lifecycle_rule_1",
            "Filter": {
                "And": {
                    "ObjectSizeGreaterThan": 1,
                    "ObjectSizeLessThan": 21474836480
                }
            },
            "Status": "Enabled"
        },
        {
            "Expiration": {
                "Days": 1
            },
            "ID": "object_lifecycle_rule_bucket_6807766",
            "Filter": {
                "Prefix": "1"
            },
            "Status": "Enabled"
        }
    ]
}

Here is another example:

GET https://s3.us-east-1.myqnapcloud.io/1-1-1-1?lifecycle
<?xml version="1.0" encoding="UTF-8"?>
<LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <Rule>
        <Expiration>
            <Days>1</Days>
        </Expiration>
        <ID>lifecycle_rule_1</ID>
        <Filter>
            <And>
                <ObjectSizeGreaterThan>1</ObjectSizeGreaterThan>
                <ObjectSizeLessThan>21474836480</ObjectSizeLessThan>
            </And>
        </Filter>
        <Status>Enabled</Status>
    </Rule>
    <Rule>
        <Expiration>
            <Days>1</Days>
        </Expiration>
        <ID>object_lifecycle_rule_bucket_6807766</ID>
        <Filter>
            <Prefix>1</Prefix>
        </Filter>
        <Status>Enabled</Status>
    </Rule>
</LifecycleConfiguration>

Deleting Lifecycle Settings

The lifecycle settings for a bucket can be deleted with the "delete-bucket-lifecycle" command. For example:

$ aws s3api delete-bucket-lifecycle --bucket 1-1-1-1 --endpoint-url https://s3.us-east-1.myqnapcloud.io

There is no response body for this call.

Object Lock

myQNAPcloud Object supports an object lock that prevents the deletion or overwrite of object versions for a fixed amount of time or indefinitely.

TagDescription
ObjectLockConfigurationThis is the mandatory root level tag for object lock configuration.
ObjectLockEnabledThis tag must be configured as Enabled.
RuleThis specifies the object lock rule for a bucket. It requires both a mode and a period. The period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time.
Mode should be either COMPLIANCE or GOVERNANCE.

The object lock settings for a bucket are specified using the “?object-lock” query string along with the object lock settings as the XML body in the request. For example:

PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/?object-lock HTTP/1.1
<ObjectLockConfiguration>
     <ObjectLockEnabled>Enabled</ObjectLockEnabled>
     <Rule>
          <DefaultRetention>
               <Mode>COMPLIANCE</Mode>
               <Days>10</Days>
          </DefaultRetention>
     </Rule>
</ObjectLockConfiguration>

The object lock settings for a bucket can be retrieved by getting the bucket with the “?object-lock” query string. For example:

GET https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/?object-lock HTTP/1.1

Response body:

<?xml version="1.0" encoding="UTF-8"?>
<ObjectLockConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
     <ObjectLockEnabled>Enabled</ObjectLockEnabled>
     <Rule>
          <DefaultRetention>
               <Mode>COMPLIANCE</Mode>
               <Days>10</Days>
          </DefaultRetention>
     </Rule>
</ObjectLockConfiguration>

There are also object lock settings for each object described in Operations on Objects.

The object lock settings for a bucket can be cleared using "?object-lock" query string. For example:

PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/?object-lock HTTP/1.1

Response body:

<ObjectLockConfiguration>
     <ObjectLockEnabled>Enabled</ObjectLockEnabled>
          <Rule>
               <DefaultRetention>
                    <Mode></Mode>
                    <Days></Days>
          </DefaultRetention>
     </Rule>
</ObjectLockConfiguration>

myQNAPcloud Object Compliance

myQNAPcloud Object supports a compliance policy that prevents the deletion of objects and provides additional information to prove that the original data is not modified since the time written. The compliance feature may be required for certain regulatory needs, but is also useful to prevent accidental data deletion.

Compliance is different from the object locking setting for a bucket.

You can set the compliance policy on any bucket controlling all the objects that are stored in that bucket. Specify the bucket compliance policy with the following XML tags.

TagDescription
StatusEither "enabled" or "disabled" to turn compliance on and off, respectively. Enabling will immediately apply to all objects in the bucket.
LockTimeThe time at which the compliance settings are "locked"-the settings cannot be reduced by any API call. Once the settings are locked, they cannot be unlocked without the intervention of QNAP Customer Support. The lock time allows you to support two use cases:
  1. Testing that your software works properly before locking the compliance feature; or
  2. Never locking which means that data can be deleted with an additional step of an administrator turning compliance off.
The lock time parameter may be:
  • An ISO date (for example, 2016-11-07T15:08:05Z),
  • The string "now" to force immediate locking, or
  • The string "off to not lock the compliance settings. This is the default.
RetentionDaysAn integer for the minimum number of days that objects are always retained after their creation date or release from conditional hold. You can extend the retention date for any individual object, but may not shorten the date. This parameter is always required.
ConditionalHoldA Boolean value ("true" or "false") indicating if newly created objects are placed on conditional hold, meaning that they cannot be deleted until the conditional hold is explicitly turned off. The default is false if this parameter is not given. Note that this setting may be changed even after the settings are locked.

The compliance settings for a bucket are specified using the “?compliance” query string along with the compliance settings as the XML body in the request. For example:

PUT http://s3.us-east-1.myqnapcloud.io/my-bucket?complianceHTTP./1.1
<BucketComplianceConfiguration>
     <Status>enabled</Status>
     <LockTime>off</LockTime>
     <RetentionDays>365</RetentionDays>
     <DeleteAfterRetention>true</DeleteAfterRetention>
</BucketComplianceConfiguration>

After compliance is enabled for a bucket, the policy is immediately applied to all objects in the bucket. An attempt to delete an object before the retention period will return an error.


The compliance settings for a bucket can be retrieved by getting the bucket with the “?compliance” query string. For example:

GET http://s3.us-east-1.myqnapcloud.io/my-buck?complianceHTTP/1.1

Response body:

<BucketComplianceConfiguration xml ns="http://s3.amazonaws.com/doc/2006-03-01/">
     <Status>enabled</Status>
     <LockTime>2016-11-07T15:08:05Z</LockTime>
     <IsLocked>false</IsLocked>
     <RetentionDays>0</RetentionDays>
     <ConditionalHold>false</ConditionalHold>
     <DeleteAfterRetention>false</DeleteAfterRetention>
</BucketComplianceConfiguration>

There are also compliance settings for each object described in Operations on Objects.

Operations on Buckets Not Supported in myQNAPcloud Object

OperationDescription
Bucket TaggingBucket tagging is currently unavailable in myQNAPcloud Object.
Bucket WebsiteWebsite configuration is unavailable in myQNAPcloud Object. Given the nature of myQNAPcloud Object as a long-term object store, we do not expect to support website operations to buckets. The header "x-amz-website-redirect-location" is ignored in any object requests.
Bucket AcceleratemyQNAPcloud Object does not implement the AWS S3 bucket accelerate subresource.
Bucket Request PaymentmyQNAPcloud Object does not support the use of the "requestPayment" subresource for buckets.
Metrics ConfigurationmyQNAPcloud Object does not support the operation to receive one-minute CloudWatch metrics, set CloudWatch alarms, and access CloudWatch dashboards to view near-real-time operations and performance of your Amazon S3 storage.

S3 Block Public Access

myQNAPcloud Object does not support the operation to centrally block existing public access (whether it is made possible via an ACL or a policy) and make sure newly created items are not inadvertently granted public access.
S3 SelectmyQNAPcloud Object does not support the S3 Select API.

Operations on Objects With myQNAPcloud Object S3 API


Operations on Objects include renaming, composing, appending, and deleting objects as well as encryption, storage class, object locking, and compliance.

Renaming Objects

myQNAPcloud Object supports functionality to move an object-in effect, renaming the object by changing the key. This eliminates the two-step process of first copying an object and then deleting the original object. The caller must have s3:PutObject policy permission on the bucket to rename objects.

To rename objects, use the HTTP method MOVE along with the following parameters in the request headers that affect the move operation.

OverwriteA Boolean value that, when “true,” allows overwriting destination objects with the same key. Otherwise, an error is generated and the original key is not changed.
X-Wasabi-QuietA Boolean value that, when “true,” causes the XML status return body to only display the keys that encounter errors. Otherwise, all objects renamed are given in the status. The default value is “false.”
X-Wasabi-PrefixA Boolean value that, when “true,” means that the values given for the source in the URL and the destination are prefixes—they match the left-most part of keys. Conceptually, think of the prefix as a folder of objects. Otherwise, only the objects (including all versions) that exactly match the key are renamed. The default value is “false.”

The call will return the results as an XML body of the response. The results include the following for each object renamed:

  • original source key,
  • renamed destination key,
  • version ID of the object, and
  • any error in the rename operation.

The quiet option will cause the results to list only the keys that encountered an error.

Below is an example, which renames all objects that start with the prefix “TestMove-Dir2/” to have the new prefix “TestMove-Dir2-Renamed/

MOVE http://s3.us-east-1.myqnapcloud.io/my_bucket/TestMove-Dir2/HTTP/1.1 Destination:TestMove-Dir2-Renamed/X-Wasabi-Prefix:true

Response body:

<MoveObjectResult> <SourcePrefix>TestMove-Dir2/SourcePrefix> <DestinationPrefix>TestMove-Dir2-Renamed/DestinationPrefix> <MoveObject> <SourceKey>TestMove-Dir2/SourceKey> <DestinationKey>TestMove-Dir2-Renamed/DestinationKey> MoveObject> <MoveObject> <SourceKey>TestMove-Dir2/Dir1/SourceKey> <DestinationKey>TestMove-Dir2-Renamed/Dir1/DestinationKey> MoveObject> <MoveObject> <SourceKey>TestMove-Dir2/Dir1/Obj1SourceKey> <DestinationKey>TestMove-Dir2-Renamed/Dir1/Obj1DestinationKey> MoveObject> <MoveObject> <SourceKey>TestMove-Dir2/Dir1/Obj2SourceKey> <DestinationKey>TestMove-Dir2-Renamed/Dir1/Obj2DestinationKey> MoveObject> <MoveObject> <SourceKey>TestMove-Dir2/Dir2/SourceKey> <DestinationKey>TestMove-Dir2-Renamed/Dir2/DestinationKey> MoveObject> <MoveObject> <SourceKey>TestMove-Dir2/Dir2/Obj1SourceKey> <DestinationKey>TestMove-Dir2-Renamed/Dir2/Obj1DestinationKey> MoveObject> <MoveObject> <SourceKey>TestMove-Dir2/Dir2/Obj2SourceKey> <DestinationKey>TestMove-Dir2-Renamed/Dir2/Obj2DestinationKey> MoveObject> <MoveCount>7MoveCount> MoveObjectResult>

Composing Objects


myQNAPcloud Object provides a feature to create a new object that is composed of other objects. A composed object is formed not by copying the original data objects, but rather by linking the composed object to the data objects. This is in contrast to AWS S3, which does not offer a way to compose objects. myQNAPcloud Object operation is much faster and does not require multiple copies of the original data. The original composed objects may be deleted at any time, and the system will retain the original data as long as there are any links to the data.


Composing objects is an alternative to using the multi-part upload feature for creating objects larger than 5 GB. The caller must have s3:PutObject policy permission on the bucket to compose objects. Composed objects may be created from other composed objects as well as original data objects. However, the total number of original data objects may not exceed 32 in any one composed object. Composed objects may only link to other objects in the same bucket.


The compose operation is done using the HTTP method PUT with the query string parameter “?compose” to indicate that the object is composed of objects given in the XML body. The XML body contains a list of object keys and, optionally, the version IDs that form the new object. If the version ID is not given, the latest version of the object is used. The new object will appear to be one object with all the linked data objects concatenated. The new composed object does not have an ETag (i.e, MD5) value, which is the MD5 of the concatenated objects, but rather the result of hashing all the data object MD5s together (like the calculation done when multi-part objects are completed). Composed objects may not have user provided encryption keys. However, all data is stored encrypted at rest.


There is a charge only for the metadata used in composed objects. The original data used in linked objects is charged at the normal rate until all composed objects that link to the original data object are deleted.


Below is an example that composes a new object “TestComp from three objects: “TestCompose-Data-1”, “TestCompose-Data-2”, and “TestCompose-Data-3”.

PUT http://s3.wasabisys.com/my_bucket/TestCompose-Object-1?composeHTTP/1.1Content-Type:text/xml
<ComposeRequest>
<Component>
<Key>TestCompose-Data-1</Key>
</Component>
<Component>
<Key>TestCompose-Data-2</Key>
</Component>
<Component>
<Key>TestCompose-Data-3</Key>
</Component>
</ComposeRequest>

Appending to Objects


AWS S3 does not offer a way to append to objects.

Appending to an existing object is a different form of composing an object (see Composing Objects). The call uploads the data in the body to a temporary object and then creates a new composed object consisting of the data from the original object with the newly uploaded data appended. If the bucket is versioned, a new version of the composed object is created while keeping the original data. When not versioned, the newly composed object replaces the original object. The caller must have s3:PutObject policy permission on the bucket to append to objects. Additionally for a bucket without versioning, the s3:DeleteObject policy permission may be required to replace the original object.


Like composed objects, you can append only 1023 times to any object since each creates a link to the uploaded data. Be careful not to simply append small amounts of data many times to an object since each append data uploaded creates a new object subject to minimum size charges, and can slow down the performance due to a small data read. The append operation is done using the HTTP method PUT with the query string parameter “?append”. The data to be appended is uploaded in the body of the request.

Below is an example that appends the string “<appended data>” to an existing object “TestAppend-Object”.

PUT http://s3.us-east-1.myqnapcloud.io/my-bucket/TestAppend-Object?appendHTTP/1.1Content-Length:15

PUT Object Copy Uses Link

Normally, to rename objects using AWS S3 protocol, an object is uploaded with one key value. Then, a PUT operation with the new key value copied from the original key value is given, and the object for the original key value is deleted.

myQNAPcloud Object automatically optimizes this sequence by linking the new key value object to the original data from the copy key value. This avoids making another copy of the data, which would result in higher storage charges. Because myQNAPcloud Object uses links to the original data, any size object up to the 5 TB limit may be copied and does not require the use of a multi-part upload.

Delete Object MFADelete

If the MFADelete option is turned on in the bucket versioning, the “x-amz-mfa” is not required if the access credentials were signed using MFA (see also MFA (Multi-Factor Authentication) Delete).

If bucket logging is enabled, deleting multiple objects will create a separate log entry for each object that is deleted.

GET Object Response Headers

Any header in the GET object request that starts with “response-” will be returned as a response header (minus the string “response-”).

Object Server-Side Encryption

myQNAPcloud Object encrypts all data stored at rest regardless of the requested encryption. The system will use any caller provided encryption keys when given, or generate a random key encryption key for each object if no customer key is provided. If the customer provides the encryption key, similar to AWS S3, myQNAPcloud Object will not keep a copy of the customer key in the metadata and the caller must provide the encryption key to read the data. No action on the part of the caller is needed if myQNAPcloud Object provides the encryption key.


The caller may provide the encryption key using the headers x-amz-server-side-encryption-customer-algorithm, x-amz-server-side-encryption-customer-key, and x-amz-server-side-encryption-customer-key-MD5. These parameters work identical to AWS S3.

myQNAPcloud Object does not support a key management service. Hence, the “x-amz-server-side-encryption” is not supported along with all the “aws:kms” functionality. myQNAPcloud Object stores an MD5 for the data that is always the uploaded data regardless of server-side encryption.

Object Storage Class

myQNAPcloud Object only provides a single storage class which is most like the standard AWS S3 storage class. Where the storage class is returned in any operation, myQNAPcloud Object will return the standard AWS S3 storage class.

Operations on Objects Not Supported in myQNAPcloud Object

Object RESTOREmyQNAPcloud Object does not support multiple classes of storage and does not support the POST object RESTORE request used to restore objects from a different class of storage.
Select Object ContentmyQNAPcloud Object does not support the operation to filter the contents of an Amazon S3 object based on a simple structured query language (SQL) statement.
S3 Batch OperationsmyQNAPcloud Object does not support S3 Batch Operations for object management.


Compliance with myQNAPcloud Object S3 API


The compliance settings for any one object in a bucket with compliance can also be changed within the limits of the compliance on the bucket. Specify the object compliance settings with the following XML tags.

LegalHoldA Boolean value “true” or “false” to set the legal hold status. When an object has a legal hold status of true, the object cannot be deleted regardless of the retention period.
RetentionTimeAn ISO time giving a new retention time for the object in which the object cannot be deleted before this time. Note that the new retention time must be past the retention period given by the bucket policy or an error is returned.

The following is an example of setting the compliance on an object:

PUT http://s3.us-east-1.myqnapcloud.io/my-bucket/my-object?complianceHTTP/1.1
<ObjectComplianceConfiguration>
     <ConditionalHold>false</ConditionalHold>
     <RetentionTime>2018-03-13T10:45:00Z</RetentionTime>
</ObjectComplianceConfiguration>

The compliance settings for any specific object can also be retrieved using the “?compliance” query string. In addition to the object compliance settings above, the query returns the calculated SHA256 hash for the object, which can be used to determine that the object has not been modified. Note that the SHA256 value is only available for objects that are uploaded as a single object and is not available for multi-part or composed objects.


The following is an example of getting the compliance on an object:

GET http://s3.us-east-1.myqnapcloud.io/my-bucket/my-object?complianceHTTP/1.1

Response body:

<ObjectComplianceConfiguration xml ns="http://s3.amazonaws.com/doc/2006-03-01/">
     <RetentionTime>2016-10-31T15:08:05Z</RetentionTime>
     <ConditionalHold>false</ConditionalHold>
     <LegalHold>false</LegalHold>

<SHA256>14b4be3894e92166b508007b6c2e4fb6e88d3d0ad652c76475089a50ebe6e33b</SHA256>
</ObjectComplianceConfiguration>

The object compliance settings also appear in the bucket listings when the bucket has compliance enabled.


Object Lock with myQNAPcloud Object S3 API


You can add or update the object lock settings for an object using the tags described below.

RetainUntilDateThis defines the retention time for an object. The object cannot be deleted before this time. Note that the retention time must be in the future.
LegalHoldThis should be either ON or OFF, which is not case-sensitive.

The following is an example of setting the object locking configuration on an object:

PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/beta_vpn.png?retention&versionId= 001617181245457483475-4ylsTbqqvP

<Retention>
     <Mode>compliance</Mode>
     <RetainUntilDate>2021-04-06T09:00:45Z</RetainUntilDate>
</Retention>

The following is an example of setting legal hold for an object:

PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/beta_vpn.png?legal-hold&versionId=001617181245457483475-4ylsTbqqvP

<LegalHold>
     <Status>ON</Status>
</LegalHold>

The following is an example of setting governance mode for an object:

PUT https://s3.us-east-1.myqnapcloud.io/qa.objectlock.002/public/ACL.PNG?retention
<Retention>
     <Mode>governance</Mode>
     <RetainUntilDate>2021-05-20T09:00:45Z</RetainUntilDate>
</Retention>

The “x-amz-bypass-governance-retention =true” header must be included whenever you want to override governance settings for an object.

Service URLs for myQNAPcloud Object Storage Regions


The myQNAPcloud service URLs for myQNAPcloud Object's different storage regions are:

Americas

   Region Service URL
US East 1 (N. Virginia)s3 .us-east-1.myqnapcloud.io
US Central 1 (Texas)s3.us-central-1. myqnapcloud.io
US West 1 (Oregon)s3.us-west-1. myqnapcloud.io
CA Central 1 (Toronto)s3.ca-central-1. myqnapcloud.io

EMEA

EU Central 1 (Amsterdam)s3.eu-central-1. myqnapcloud.io
EU Central 2 (Frankfurt)s3.eu-central-2. myqnapcloud.io
EU West 1 (London)s3.eu-west-1. myqnapcloud.io
EU West 2 (Paris)s3.eu-west-2. myqnapcloud.io
EU West 3 (London)s3.eu-west-3. myqnapcloud.io
EU South 1 (Milan)s3.eu-south-1. myqnapcloud.io

APAC

AP Northeast 1 (Tokyo)s3.ap-northeast-1. myqnapcloud.io
AP Northeast 2 (Osaka)s3.ap-northeast-2. myqnapcloud.io
AP Southeast 1 (Singapore)s3.ap-southeast-1. myqnapcloud.io
AP Southeast 2 (Sydney)s3.ap-southeast-2. myqnapcloud.io

The myQNAPcloud Object Management Console can be reached through myQNAPcloud Portal.

If you are looking for the correct service URL to use with your third-party storage application, you should choose the one that matches your bucket location.

When working with third-party storage applications, you should be aware that these applications have different methods to handle storage region service URLs. These methods include:

  1. Applications that allow you to explicitly enter in the service URL. These applications are the most flexible because you can easily configure new service URLs as they become available.
  2. Applications that only allow you to choose from a pre-built list of storage regions. These applications are the least flexible because, if a storage provider implements a new region, you have to wait for an application update to get access to the new region. If your storage application does not support all of the myQNAPcloud Object storage regions on their predefined region lists, contact the application vendor (not QNAP) to ask them for support.
  3. Applications that only allow you to enter in your API key set and then offer up all of the buckets in your account. These applications provide flexibility but do require some automatic redirects to perform at the HTTP level.

Object Replication with myQNAPcloud Object S3 API

GET Object Tagging

myQNAPcloud Object supports functionality to fetch the tag set of an object when the object:

  • Does not have any tags
  • Does have tags

When the Object Does Not Have Any Tags

GET https://s3.myqnapcloud.io/my_bucket/Test-object1.txt?tagging

Response body:

<?xml version="1.0" encoding="UTF-8"?>
<Tagging>
   <TagSet></TagSet>
</Tagging>
Status 200 OK

When the Object Has Tags

GET https://s3.myqnapcloud.io/my_bucket/Test-object2.pdf?tagging

Response body:

<!--?xml version="1.0" encoding="UTF-8"?-->
<Tagging>
   <TagSet>
      <Tag>
         <Key>key2</Key>
         <Value>value2</Value>
      </Tag>
      <Tag>
         <Key>key1</Key>
         <Value>value1</Value>
      </Tag>
   </TagSet>
</Tagging>

PUT Object Tagging

myQNAPcloud Object supports functionality for:

  • Adding the tag value of an existing object in a bucket
  • Appending the tag value of an existing object in a bucket

Adding the Tag Value of an Existing Object in a Bucket

PUT https://s3.myqnapcloud.io/my_bucket/Test-object3.pdf?tagging
Content-Type: text/xml

Response body:

<Tagging xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
   <TagSet>
      <Tag>
         <Key>tag1</Key>
         <Value>value1</Value>
      </Tag>
   </TagSet>
</Tagging>

Appending the Tag Value of an Existing Object in a Bucket

In this example, an existing object already has the tag value of “key5” –“value5”, You can append a new tag pairs along with the existing pair.

PUT https://s3.myqnapcloud.io/my_bucket/Test-object4.jpg?tagging
Content-Type: text/xml

Response body:

<Tagging xmlns="http://s3.myqnapcloud.io/doc/2006-03-01/">
   <TagSet>
      <Tag>
         <Key>key5</Key>
         <Value>value5</Value>
      </Tag>
      <Tag>
         <Key>key6</Key>
         <Value>value6</Value>
      </Tag>
   </TagSet>
</Tagging>
Status 200 OK

To PUT tags of any other version, use the versionId query parameter.

DELETE Object Tagging

This removes the entire tag set from the specified object.

DELETE https://s3.myqnapcloud.io/my_bucket/Test-object5.pdf?tagging

Response body:

<empty>
Status 204 No Content

To delete tags of any other version, use the versionId query parameter.


Further Reading

Given its compatibility with AWS S3, the official AWS documentation for S3 serves as a complementary resource when working with myQNAPcloud Object. Refer to the Amazon Simple Storage Service API Reference for details on the API version 2006-03-01:

Amazon Simple Storage Service API Reference

这篇文章有帮助吗?

谢谢您,我们已经收到您的意见。

请告诉我们如何改进这篇文章:

如果您想提供其他意见,请于下方输入。

选择规格

      显示更多 隐藏更多
      open menu
      back to top