On this page

Using the Qencode S3 API

Managing Access Keys

You can generate multiple Access Keys as needed. Each key grants full access to your Qencode S3 account, and they can all remain valid concurrently.

Generating an Access Key

  1. Sign in to your Qencode account.
  2. In the left navigation menu click Media storage and then select Access Keys.
  3. Click Generate new key.
  4. After generating the key, ensure to copy the secret part of the Access Key immediately. It is crucial to store this secret securely, as it will not be displayed again.

Managing Access Keys

  • You can rename, regenerate, or delete Access Keys.
  • The Access Key Name is solely for identification and does not impact its function. Renaming it will not affect any behavior.
  • Regenerating an Access Key will replace the secret while keeping the Access Key ID unchanged. This is helpful in maintaining security in case the secret is compromised.
  • If you regenerate or delete an Access Key, it's critical to update all applications with the new Access Key immediately to prevent application integration issues.

Regions

Qencode S3 offers optimized data storage in two regions:

RegionLocations
us-westUSA: Sacramento CA, Phoenix AZ
eu-centralNetherlands: Amsterdam

Endpoints Overview

Endpoints for the Qencode S3 API follow this format:

https://[region].s3.qencode.com/[bucket]/[path]

All connections to these endpoints must be made via HTTPS, as non-secure HTTP connections will be denied. When using Amazon SDKs or similar integrations, a simple endpoint URL (excluding the bucket name) is typically sufficient.

Accessing Files via HTTPS

To access your files via HTTPS, use the format:

https://[bucket].media-storage.[region].qencode.com/path

For example:

https://my-bucket.media-storage.us-west.qencode.com/folder/output.mp4

Bucket Management

You can create and delete buckets using the Qencode web interface or a third-party S3 client applications.

All buckets in Qencode S3 storage are private, and public rights cannot be explicitly set for them. However, you can access the files in these buckets via CDN through direct links or signed URLs.

Create a Bucket using Qencode portal

  1. Sign in to your Qencode account.
  2. In the left navigation menu click Media storage and select Buckets.
  3. Click Create Bucket.
  4. Select a region.
  5. Enter a name for your bucket.
  6. Click Create button.

Delete a Bucket using Qencode portal

  1. Sign in to your Qencode account.
  2. In the left navigation menu click Media storage and select Buckets.
  3. Click Bucket Settings.
  4. Click Delete Bucket.

Change Bucket Authentication Policy

  1. Sign in to your Qencode account.
  2. In the left navigation menu click Media storage and select Buckets.
  3. For the bucket that you want to change permissions, click Bucket Settings.
  4. Enable CDN:
    • Toggle the ‘Enable CDN', by default it’s in the 'On' position.
    • This action activates the CDN for your bucket, leveraging the network of servers for content caching.
  5. Enable Authenticated Access:
    • Consider leaving 'Enable Authenticated Access' turned off if you wish to utilize CDN for public content delivery.
    • If you require secure access, toggle this option to 'On', and generate signed URLs as needed for secure content distribution.
  6. Save Settings: After adjusting the settings, ensure to save your changes to implement them.

Compatibility Overview

Although the Qencode S3 API and the Amazon S3 API are similar in many ways, there are some key naming convention differences to consider.

Bucket Naming Guidelines

When creating buckets in Qencode S3, please consider the following bucket name limitations:

  1. Global Uniqueness: The bucket name uniquely identifies your bucket across all accounts. For this reason, each bucket name must be globally unique. This avoids exposing your account name in URLs and API calls, unlike systems where bucket names only need to be unique within an single account.
  2. Acceptable Characters: Bucket names can include:
    • Upper-case letters (A-Z)
    • Lower-case letters (a-z)
    • Numbers (0-9)
    • Hyphens (-)
    note
    Please note
    Multi-byte characters and special characters other than hyphens are not supported. Specifically, underscores (_) are not permitted due to their incompatibility with DNS tables.
  3. Case Insensitivity: While you can use both upper-case and lower-case letters in your bucket names, remember that these names are case-insensitive. For example, "MyBucket" and "mybucket" would be considered the same.
  4. Length Requirements: The length of a bucket name must be at least 6 characters but no more than 63 characters.
  5. Immutability of Names: Once you have named a bucket, it cannot be renamed. Choose your bucket names carefully!

Examples

Here are some examples of valid bucket names:

  • mediaBucket
  • bucket-29172h42

These guidelines ensure that your bucket names are not only unique but also conform to our system's standards for functionality and security.

File Naming Guidelines

In addition to bucket naming guidelines, consider the following file naming guidelines.

Names should be a UTF-8 string up to 1024 bytes with the following exceptions:

  • Character codes below 32 are not allowed.
  • DEL characters (127) are not allowed.
  • Backslashes are not allowed.
  • File names cannot start with /, end with /, or contain //.

Examples

The following examples are valid file names:

  • Kitten Videos
  • users/beatrice/kitten.jpg
  • 自由.txt
note
Please note
File names are set at the point when you upload a file. After a file is uploaded, the name cannot be changed.

Access Control Lists (ACLs)

The Qencode S3 API provides limited support for ACLs, focusing on bucket-level permissions while not supporting object-level ACLs. For example, a 'Get Object ACL' query will return the ACL for the bucket containing the object, rather than for the individual object.

Our design ensures enhanced security by making all Qencode S3 buckets private by default. Consequently, setting “public-read” permissions is not supported. This decision prioritizes data security and aligns with best practices in cloud storage.

For managing access to bucket contents, we utilize the Content Delivery Network (CDN). By default, file URLs in a bucket are publicly accessible. However, you can enable authenticated access through the bucket settings in the UI or via the PUT /v1/buckets/<bucket_name>/policy/<policy_name> CDN API method. This approach allows for flexible and secure distribution of content. For detailed instructions on setting up and managing these policies, please refer to our comprehensive tutorial.

Authentication Method The S3-Compatible API exclusively supports v4 signatures for authentication. v2 signatures are currently not supported. For detailed information on S3 authentication methods, refer to relevant S3 documentation.

Supported API Calls The S3-Compatible API processes requests similarly to Amazon's S3 API, with slight variances. Supported operations include:

  • Abort Multipart Upload (DELETE)
  • Complete Multipart Upload (POST)
  • Copy Object (PUT)
  • Create Bucket (PUT)
  • Create Multipart Upload (POST)
  • Delete Bucket
  • Delete Bucket Cors
  • Delete Bucket Encryption
  • Delete Object
  • Delete Objects (POST)
  • Get Bucket ACL
  • Get Bucket Cors
  • Get Bucket Encryption
  • Get Bucket Location
  • Get Bucket Versioning
  • Get Object
  • Get Object ACL
  • Get Object Legal Hold
  • Get Object Lock Configuration
  • Get Object Retention
  • Head Bucket
  • Head Object
  • List Buckets (GET)
  • List Multipart Uploads (GET)
  • List Object Versions (GET)
  • List Objects (GET)
  • List Objects V2 (GET)
  • List Parts (GET)
  • Put Bucket ACL
  • Put Bucket Cors
  • Put Bucket Encryption
  • Put Object
  • Put Object ACL
  • Put Object Legal Hold
  • Put Object Lock Configuration
  • Put Object Retention
  • Upload Part (PUT)
  • Upload Part Copy (PUT) 

Currently, the Qencode S3 API does not support:

  • Object Tagging
  • Bucket Logging
  • Website Configuration
  • ACLs (excluding limited support mentioned above)
  • IAM Roles
  • Lifecycle Rules
  • Browser-based uploads via POST to pre-signed URLs
  • Requests with checksum HTTP headers like x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, x-amz-checksum-sha256, x-amz-checksum-algorithm, and x-amz-checksum-mode will be rejected with a 400 Bad Request response.

Need More Help?

For additional information, tutorials, or support, visit the Qencode Documentation pageLink or contact Qencode Support at support@qencode.com.