Core Concepts
Before working with Object Storage it helps to understand the building blocks: buckets, objects, regions, endpoints, and access via API Credentials.
Buckets
A bucket is a container for objects. Every object you upload lives in exactly one bucket.
- Bucket names are globally unique within IBEE Object Storage.
- A bucket’s location is fixed at creation and cannot be changed — to use a different location, create a new bucket and migrate your objects.
- Use multiple buckets to separate environments, projects, or access boundaries.
Bucket names must be 3 to 63 characters, lowercase, and contain only letters, numbers, and hyphens. They must start and end with a letter or number. See Buckets for the full naming rules and the create flow.
Objects
An object is a single file plus its metadata. Each object has:
- A key — the path-like name within the bucket (
reports/2026-05.pdf). - The object data — up to 5 TiB per object.
- A type (MIME type, e.g.
image/jpeg) and storage class (Standard). - System metadata — size, last-modified, ETag.
There’s no real folder hierarchy — only keys with / separators. The portal renders prefixes as folders. See Objects for upload, download, and management.
Regions
A region is a physical data center where buckets live. Pick the region closest to your users or your compute.
When creating a bucket, choose Automatic (Asia Pacific) for the closest available region or Specify jurisdiction to pin the bucket to a specific country. See Regions & Locations.
Endpoints
The endpoint is the HTTPS URL S3-compatible clients connect to. Each organization has an organization-scoped S3 endpoint:
Use this with the AWS CLI, AWS SDKs, s3cmd, rclone, or any S3-compatible tool — paired with the Access Key ID and Secret Access Key from an API Credentials.
For browser delivery from a public bucket, use the bucket’s Public Access URL or a Custom Domain instead. See Buckets → Policies and Buckets → Custom Domains.
Access
To call the API programmatically you create an API token scoped to Object Storage. A token gives you three credentials:
Tokens can be scoped to all buckets in the organization or specific buckets only, with permission levels ranging from Object Read only to Admin Read & Write. See API Credentials for the full flow.
Public access and Object Lock
Two bucket-level access settings control how objects can be read and written:
- Public Access — when enabled, objects can be served unauthenticated via the bucket’s Public Access URL. Toggled from Settings → General.
- Object Lock — prevents objects from being deleted or overwritten while a retention period is in effect. Permanent setting that must be enabled at bucket creation under Advanced options. See Objects → Locking.
