Core Concepts

Before working with Object Storage it helps to understand the building blocks: buckets, objects, regions, endpoints, and access via API Credentials.

Buckets

A bucket is a container for objects. Every object you upload lives in exactly one bucket.

  • Bucket names are globally unique within IBEE Object Storage.
  • A bucket’s location is fixed at creation and cannot be changed — to use a different location, create a new bucket and migrate your objects.
  • Use multiple buckets to separate environments, projects, or access boundaries.

Bucket names must be 3 to 63 characters, lowercase, and contain only letters, numbers, and hyphens. They must start and end with a letter or number. See Buckets for the full naming rules and the create flow.

Objects

An object is a single file plus its metadata. Each object has:

  • A key — the path-like name within the bucket (reports/2026-05.pdf).
  • The object data — up to 5 TiB per object.
  • A type (MIME type, e.g. image/jpeg) and storage class (Standard).
  • System metadata — size, last-modified, ETag.

There’s no real folder hierarchy — only keys with / separators. The portal renders prefixes as folders. See Objects for upload, download, and management.

Regions

A region is a physical data center where buckets live. Pick the region closest to your users or your compute.

RegionCodeStatus
Amaravati, IndiaVGAAvailable
Hyderabad, IndiaHYDPreorder
Ashburn, USAIADPreorder

When creating a bucket, choose Automatic (Asia Pacific) for the closest available region or Specify jurisdiction to pin the bucket to a specific country. See Regions & Locations.

Endpoints

The endpoint is the HTTPS URL S3-compatible clients connect to. Each organization has an organization-scoped S3 endpoint:

https://{workspaceId}.blob.ibeestorage.com

Use this with the AWS CLI, AWS SDKs, s3cmd, rclone, or any S3-compatible tool — paired with the Access Key ID and Secret Access Key from an API Credentials.

For browser delivery from a public bucket, use the bucket’s Public Access URL or a Custom Domain instead. See Buckets → Policies and Buckets → Custom Domains.

Access

To call the API programmatically you create an API token scoped to Object Storage. A token gives you three credentials:

CredentialUse
Bearer TokenThe IBEE REST API
Access Key IDS3-compatible tools (AWS CLI, SDKs, rclone)
Secret Access KeyS3-compatible tools — shown once only

Tokens can be scoped to all buckets in the organization or specific buckets only, with permission levels ranging from Object Read only to Admin Read & Write. See API Credentials for the full flow.

Public access and Object Lock

Two bucket-level access settings control how objects can be read and written:

  • Public Access — when enabled, objects can be served unauthenticated via the bucket’s Public Access URL. Toggled from Settings → General.
  • Object Lock — prevents objects from being deleted or overwritten while a retention period is in effect. Permanent setting that must be enabled at bucket creation under Advanced options. See Objects → Locking.