Object Storage

Object Storage Keys List

get
https://api.linode.com/v4/object-storage/keys

Returns a paginated list of Object Storage Keys for authenticating to the Object Storage S3 API.

Request Samples

curl -H "Authorization: Bearer $TOKEN" \
  https://api.linode.com/v4/object-storage/keys

Response Samples

{
  "data": [
    {
      "id": "",
      "label": "my-key",
      "access_key": "KVAKUTGBA4WTR2NSJQ81",
      "secret_key": "OiA6F5r0niLs3QA2stbyq7mY5VCV7KqOzcmitmHw",
      "limited": true,
      "bucket_access": []
    }
  ],
  "page": 1,
  "pages": 1,
  "results": 1
}

Responses

200: A paginated list of Object Storage Keys

data
array of objects
id
integer

This keypair's unique ID

label
string

The label given to this key. For display purposes only.

access_key
string

This keypair's access key. This is not secret.

secret_key
string

This keypair's secret key. Only returned on key creation.

limited
boolean

Whether or not this key is a limited access key. Will return false if this key grants full access to all buckets on the user's account.

bucket_access
array

Defines this key as a Limited Access Key. Limited Access Keys restrict this Object Storage key's access to only the bucket(s) declared in this array and define their bucket-level permissions.

Limited Access Keys can:

  • list all buckets available on this Account, but cannot perform any actions on a bucket unless it has access to the bucket.
  • create new buckets, but do not have any access to the buckets it creates, unless explicitly given access to them.

Note: You can create an Object Storage Limited Access Key without access to any buckets. This is achieved by sending a request with an empty bucket_access array.

Note: If this field is omitted, a regular unlimited access key is issued.

page
integer

The current page.

pages
integer

The total number of pages.

results
integer

The total number of results.

default: Error

errors
array of objects
reason
string

What happened to cause this error. In most cases, this can be fixed immediately by changing the data you sent in the request, but in some cases you will be instructed to open a Support Ticket or perform some other action before you can complete the request successfully.

field
string

The field in the request that caused this error. This may be a path, separated by periods in the case of nested fields. In some cases this may come back as "null" if the error is not specific to any single element of the request.

Object Storage Key Create

post
https://api.linode.com/v4/object-storage/keys

Provisions a new Object Storage Key on your account.

Accounts with negative balances cannot access this command.

  • To create a Limited Access Key with specific permissions, send a bucket_access array.

  • To create a Limited Access Key without access to any buckets, send an empty bucket_access array.

  • To create an Access Key with unlimited access to all clusters and all buckets, omit the bucket_access array.

Request Body Schema

bucket_access
array

Defines this key as a Limited Access Key. Limited Access Keys restrict this Object Storage key's access to only the bucket(s) declared in this array and define their bucket-level permissions.

Limited Access Keys can:

  • list all buckets available on this Account, but cannot perform any actions on a bucket unless it has access to the bucket.
  • create new buckets, but do not have any access to the buckets it creates, unless explicitly given access to them.

Note: You can create an Object Storage Limited Access Key without access to any buckets. This is achieved by sending a request with an empty bucket_access array.

Note: If this field is omitted, a regular unlimited access key is issued.

label
string

The label given to this key. For display purposes only.

Request Samples

curl -H "Content-Type: application/json" \
    -H "Authorization: Bearer $TOKEN" \
    -X POST -d '{
      "label": "my-object-storage-key",
      "bucket_access": [
        {
          "cluster": "ap-south-1",
          "bucket_name": "bucket-example-1",
          "permissions": "read_write"
        },
        {
          "cluster": "us-east-1",
          "bucket_name": "bucket-example-2",
          "permissions": "read_only"
        }
      ]
    }' \
  https://api.linode.com/v4/object-storage/keys

Response Samples

{
  "id": 1234,
  "label": "my-key",
  "access_key": "KVAKUTGBA4WTR2NSJQ81",
  "secret_key": "OiA6F5r0niLs3QA2stbyq7mY5VCV7KqOzcmitmHw",
  "limited": true,
  "bucket_access": [
    {
      "cluster": "ap-south-1",
      "bucket_name": "example-bucket",
      "permissions": "read_only"
    }
  ]
}

Responses

200: The new keypair. **This is the only time** the secret key is returned.

id
integer

This keypair's unique ID

label
string

The label given to this key. For display purposes only.

access_key
string

This keypair's access key. This is not secret.

secret_key
string

This keypair's secret key. Only returned on key creation.

limited
boolean

Whether or not this key is a limited access key. Will return false if this key grants full access to all buckets on the user's account.

bucket_access
array of objects

Defines this key as a Limited Access Key. Limited Access Keys restrict this Object Storage key's access to only the bucket(s) declared in this array and define their bucket-level permissions.

Limited Access Keys can:

  • list all buckets available on this Account, but cannot perform any actions on a bucket unless it has access to the bucket.
  • create new buckets, but do not have any access to the buckets it creates, unless explicitly given access to them.

Note: You can create an Object Storage Limited Access Key without access to any buckets. This is achieved by sending a request with an empty bucket_access array.

Note: If this field is omitted, a regular unlimited access key is issued.

cluster
string

The Object Storage cluster where a bucket to which the key is granting access is hosted.

bucket_name
string

The unique label of the bucket to which the key will grant limited access.

permissions
string
Enum: "read_write""read_only"

This Limited Access Key's permissions for the selected bucket.

default: Error

errors
array of objects
reason
string

What happened to cause this error. In most cases, this can be fixed immediately by changing the data you sent in the request, but in some cases you will be instructed to open a Support Ticket or perform some other action before you can complete the request successfully.

field
string

The field in the request that caused this error. This may be a path, separated by periods in the case of nested fields. In some cases this may come back as "null" if the error is not specific to any single element of the request.