Object Storage Service (OSS) uses RESTful API operations to provide services and assigns a default endpoint to each bucket.
Format
All requests to OSS over OSS domain names, except GetService (ListBuckets) and DescribeRegions requests, contain bucket information in the domain names.
The domain name used to access a bucket is in the BucketName.Endpoint format, in which BucketName is the name of the bucket and Endpoint is the endpoint of the region in which the bucket is located.
OSS endpoints include internal endpoints, public endpoints, and acceleration endpoints. For example, the following endpoints are used to access buckets located in the China (Hangzhou) region:
Public endpoints
You can use public endpoints without additional configurations.
oss-cn-hangzhou.aliyuncs.comInternal endpoints
You can use internal endpoints without additional configurations.
oss-cn-hangzhou-internal.aliyuncs.comAcceleration endpoints
Acceleration endpoints include the global acceleration endpoint and the acceleration endpoint of regions outside the Chinese mainland.
Global acceleration endpoint
oss-accelerate.aliyuncs.comAcceleration endpoint of regions outside the Chinese mainland
oss-accelerate-overseas.aliyuncs.com
Access OSS over the public network
The public network is the Internet. OSS allows you to upload or write data to OSS over the Internet free of charge. You are charged when you download or read data from OSS.
For more information about the pricing and billing rules of OSS, see OSS pricing and Billing overview.
You can use one of the following methods to access OSS over the Internet:
Method 1: Use a URL to access an OSS object
If you use a URL to access an OSS object, the access control list (ACL) that is configured for the object determines whether you can read and write the object.
Object ACL | Public-read or public-read-write | Private |
URL format |
|
|
Parameter description |
| The URLs used to access private objects have all parameters of the URLs of public-read and public-read-write objects plus the signature information. The signature information of a URL includes the Expires, AccessKey ID, and Signature parameters. The Expires parameter specifies the expiration time of the URL. For more information about how to add a signature to an object URL, see Add signatures to URLs. |
Example | You create a bucket named examplebucket in the China (Hangzhou) region. The bucket contains the example.txt object. The object is in the exampledir directory and allows anonymous access. In this case, the object URL is | You create a bucket named examplebucket in the China (Hangzhou) region. The bucket contains the example.txt object. The object is in the exampledir directory. The ACL of the object is set to private. In this case, the object URL is |
Method 2: Use an OSS SDK to configure a public endpoint
An OSS SDK concatenates the endpoint that you specify for each operation. You must specify the endpoint based on the region in which the bucket on which you want to perform the operation is located.
The following sample code provides an example on how to use OSS SDK for Java to specify an endpoint. In this example, the endpoint is specified when OSSClient is created to manage a bucket located in the China (Hangzhou) region.
import com.aliyun.oss.common.auth.*;
EnvironmentVariableCredentialsProvider credentialsProvider = CredentialsProviderFactory.newEnvironmentVariableCredentialsProvider();
String endpoint = "oss-cn-hangzhou.aliyuncs.com";
OSS ossClient = new OSSClientBuilder().build(endpoint, credentialsProvider);Access OSS over the internal network
You can use an internal endpoint to communicate between Alibaba Cloud services located within the same region over the internal network. For example, you can access an OSS bucket from an Elastic Compute Service (ECS) instance over the internal network if the OSS bucket and the ECS instance are located within the same region. You are not charged for the traffic generated over the internal network. However, you are charged for requests that you send.
For more information about OSS fees, see OSS pricing and Billing overview.
You can use one of the following methods to access OSS over the internal network:
Method 1: Use a URL to access an OSS object
If you use a URL to access an OSS object, the ACL that is configured for the object determines whether you can read and write the object.
Object ACL | Public-read or public-read-write | Private |
URL format |
|
|
Parameter description |
| The URLs used to access private objects have all parameters of the URLs of public-read and public-read-write objects plus the signature information. The signature information of a URL includes the Expires, AccessKey ID, and Signature parameters. The Expires parameter specifies the expiration time of the URL. For more information about how to add a signature to an object URL, see Add signatures to URLs. |
Example | You create a bucket named examplebucket in the China (Hangzhou) region. The bucket contains the example.txt object. The object is in the exampledir directory and allows anonymous access. The object URL is | You create a bucket named examplebucket in the China (Hangzhou) region. The bucket contains the example.txt object. The object is in the exampledir directory. The ACL of the object is set to private. In this case, the object URL is |
Method 2: Use an OSS SDK to configure an internal endpoint and access OSS from an ECS instance over the internal network
The following sample code provides an example on how to use OSS SDK for Java to specify an internal endpoint. In this example, the endpoint is set to the internal endpoint of the China (Hangzhou) region to manage a bucket located in the China (Hangzhou) region.
import com.aliyun.oss.common.auth.*;
EnvironmentVariableCredentialsProvider credentialsProvider = CredentialsProviderFactory.newEnvironmentVariableCredentialsProvider();
String endpoint = "oss-cn-hangzhou-internal.aliyuncs.com";
OSS ossClient = new OSSClientBuilder().build(endpoint, credentialsProvider);If the OSS bucket and the ECS instance are located in the same region, you can use the internal endpoint to access the OSS bucket from the ECS instance over the internal network. If the OSS bucket and the ECS instance are located in different regions, you cannot use the internal endpoint to access the OSS bucket from the ECS instance over the internal network. For example, you have two OSS buckets and you purchased an ECS instance located in the China (Beijing) region.
One bucket is named srcbucket and located in the China (Beijing) region. You can use
https://srcbucket.oss-cn-beijing-internal.aliyuncs.comto access resources in srcbucket from the ECS instance located in the China (Beijing) region.The other bucket is named destbucket and located in the China (Qingdao) region. You cannot use
https://destbucket.oss-cn-qingdao-internal.aliyuncs.comto access resources in destbucket from the ECS instance located in the China (Beijing) region. To access resources in destbucket from the ECS instance located in the China (Beijing) region, you must usehttps://destbucket.oss-cn-qingdao.aliyuncs.com to access resources in destbucket over the Internet.
Use an acceleration endpoint to access OSS
OSS provides the transfer acceleration feature to accelerate date transfers of data uploads and downloads across countries and regions. To use an acceleration endpoint to access a bucket in OSS, you must enable transfer acceleration for the bucket. After you enable transfer acceleration for a bucket, you can use the acceleration endpoint instead of the public endpoint to access the bucket and accelerate data transfers.
For example, you want to access the myphoto.jpg object in the root directory of the examplebucket bucket from a browser and use the global acceleration endpoint to accelerate your access. The ACL of the object is public-read or public-read-write. In this case, the URL of the object is https://examplebucket.oss-accelerate.aliyuncs.com/myphoto.jpg.
If the ACL of the myphoto.jpg object is private, you must add signature information to the object URL. Example: https://examplebucket.oss-accelerate.aliyuncs.com/myphoto.jpg?OSSAccessKeyId=nz2p***********&Expires=1141889120&Signature=vjbyPxybdZaNmGa%2ByT272Y********. For more information about how to add a signature to an object URL, see Add signatures to URLs.
References
Different regions are accessed by using different endpoints. For more information, see Regions and endpoints.
The endpoints listed in this topic are IPv4 domain names. If you want to access OSS buckets over IPv6, you must use endpoints that support IPv6. For more information, see Use an endpoint that supports IPv6 to access OSS.
To access an OSS bucket over the internal network from an ECS instance in a different region or a device in an on-premises data center, you can use Cloud Enterprise Network (CEN), Express Connect, leased lines, or virtual private networks (VPNs) to connect to the internal network of the region in which the OSS bucket is located. Then, you can configure a route that directs to the virtual IP address (VIP) ranges of the internal network. For more information, see Internal OSS endpoints and VIP ranges.
You can map a custom domain name to a bucket and use the domain name to access the resources in the bucket. For example, you can map the
static.example.comcustom domain name to a bucket and then use the domain name to access the resources in the bucket.To access an object, you must include the path of the object in an OSS domain name. For example, if you use examplebucket.oss-cn-hangzhou.aliyuncs.com to access an object without including the path of the object in the OSS domain name, an error is reported. To use an OSS endpoint to access an object without including the path of the object, configure static website hosting.Static website hosting