Before working with Object Storage it helps to understand the building blocks: buckets, objects, regions, endpoints, and access via API tokens.
A bucket is a container for objects. Every object you upload lives in exactly one bucket.
Bucket names must be 3 to 63 characters, lowercase, and contain only letters, numbers, and hyphens. They must start and end with a letter or number. See Buckets for the full naming rules and the create flow.
An object is a single file plus its metadata. Each object has:
reports/2026-05.pdf).image/jpeg) and storage class (Standard).There’s no real folder hierarchy — only keys with / separators. The portal renders prefixes as folders. See Objects for upload, download, and management.
A region is a physical data center where buckets live. Pick the region closest to your users or your compute.
When creating a bucket, choose Automatic (Asia Pacific) for the closest available region or Specify jurisdiction to pin the bucket to a specific country. See Regions & Locations.
The endpoint is the HTTPS URL S3-compatible clients connect to. Each project has a project-scoped S3 endpoint:
Use this with the AWS CLI, AWS SDKs, s3cmd, rclone, or any S3-compatible tool — paired with the Access Key ID and Secret Access Key from an API token.
For browser delivery from a public bucket, use the bucket’s Public Access URL or a Custom Domain instead. See Buckets → Policies and Buckets → Custom Domains.
To call the API programmatically you create an API token scoped to Object Storage. A token gives you three credentials:
Tokens can be scoped to all buckets in the project or specific buckets only, with permission levels ranging from Object Read only to Admin Read & Write. See API Tokens for the full flow.
Two bucket-level access settings control how objects can be read and written: