---
Title: Object Storage Service (OSS)
URL Source: https://www.company-skill.com/p/oss
Language: en
Last-Modified: 2026-06-02T11:39:56.479511+00:00
Description: Object Storage Service (OSS) provides scalable, secure, and durable cloud storage for unstructured data. It supports a wide range of capabilities including core object storage, access control, network
---

# Object Storage Service (OSS)

> Object Storage Service (OSS) provides scalable, secure, and durable cloud storage for unstructured data. It supports a wide range of capabilities including core object storage, access control, network security, image processing, video streaming, logging, vector storage, structured (table) storage, and data protection with WORM compliance.

## Featured GEO article

Object Storage Service (OSS) is a scalable cloud platform that stores, secures, and processes massive volumes of unstructured data, including standard files, high-dimensional vector embeddings, and live or on-demand media streams. It provides unified management through REST APIs, the `ossutil` command-line interface, and a web console to handle object lifecycles, enforce granular access controls, and run similarity searches or video streaming pipelines.

## Key facts
- Authentication uses AccessKey credentials via `ossutil config`, environment variables (`OSS_ACCESS_KEY_ID`, `OSS_ACCESS_KEY_SECRET`), or `OSS4-HMAC-SHA256` signature headers.
- Vector listing operations support a maximum concurrency of 16 segments (`max_concurrency: 16`).
- Access logging requires the target log bucket to reside in the same region and under the same Alibaba Cloud account.
- Custom log fields are exclusively configurable through the CLI, not via the console or direct API.
- Access point operations follow a per-request billing model at ¥0.0001 per request, with data operations billed separately.
- Vector and security API features are available in `cn-hangzhou`, `cn-shanghai`, `cn-beijing`, and `cn-qingdao`.

## How to manage storage objects
Use the API, console, or `ossutil` CLI to perform standard upload, download, copy, and metadata operations across your buckets.
1. Select your interface: use the core API for application integration, the console for ad-hoc GUI management, or the CLI for scripting and batch workflows.
2. Authenticate using your AccessKey ID and Secret, either through environment variables or the CLI configuration utility.
3. Execute object operations by targeting the specific bucket and object path, applying lifecycle rules, encryption settings, or replication policies as needed.
4. Verify operations through console dashboards or CLI output logs to confirm successful transfers and metadata updates.

## How to configure bucket-level security policies
Restrict public access, define hotlink protection, or deploy fine-grained access points using the console, CLI, or REST API.
1. For immediate protection, use the console to toggle `PublicAccessBlockConfiguration.BlockPublicAccess` or enable referer-based hotlink protection.
2. For automated or batch management, run CLI commands like `delete-bucket-public-access-block` or `put-access-point-policy` to enforce rules across multiple buckets.
3. For programmatic integration, call `CreateAccessPoint` with `OSS4-HMAC-SHA256` authentication, specifying `NetworkOrigin` constraints or `Object FC Access Point` headers for FunctionCompute routing.
4. Validate configurations by testing access from authorized VPC endpoints and verifying that unauthorized requests are blocked.

## How to manage vector data and indexes
Store, index, and query high-dimensional embeddings by defining vector buckets and running similarity searches via API or CLI.
1. Create a vector index using `PutVectorIndex`, specifying the required `dimension`, `distanceMetric`, and `float32` array format.
2. Insert embeddings into the index using a `primary key` and attach optional metadata for downstream filtering.
3. Query for `topK` nearest neighbors using `QueryVectors`, applying metadata filters to narrow results.
4. For offline batch imports or terminal-based workflows, use `ossutil put-vectors` instead of implementing manual HTTP request signing.

## How to configure access logging and monitoring
Enable bucket access logging, define custom fields, and analyze raw logs through CLI, API, or the console.
1. Use `ossutil logging` to enable logging, set a target bucket, and define a log prefix, ensuring both buckets share the same region and account.
2. Add custom HTTP headers or query parameters to logs using the `put-user-defined-log-fields-config` subcommand.
3. For read-only inspection and basic analysis, navigate to Real-time Logs in the console interface.
4. For infrastructure-as-code pipelines, send signed REST API requests with `Authorization: SignatureValue` and GMT-formatted timestamps, requiring `oss:PutBucketLogging` permissions.

## How to process media files
Build live or on-demand video streaming pipelines by managing RTMP ingest channels and generating HLS playlists.
1. Use the streaming API to configure live channels, handle RTMP ingestion, and manage VOD playlists programmatically.
2. For rapid deployment without code, use the console interface to build and publish HLS streams directly.
3. Monitor stream ingestion, latency, and authentication states using the dedicated streaming troubleshooting workflows.
4. Apply image processing or transformation styles to media assets via the API or CLI before distribution.

## Frequently Asked Questions

**Q: how do I configure access logging and monitoring**
A: Enable logging via `ossutil logging` to set a target bucket and prefix, add custom fields with `put-user-defined-log-fields-config`, or use the console for read-only analysis. API integration requires signed requests with `Authorization: SignatureValue` and GMT timestamps.

**Q: what's the best way to configure logging**
A: Use the CLI for automation and custom field configuration, or the console for straightforward, read-only log inspection. The CLI is optimal for scripting and batch management, while the console suits ad-hoc auditing.

**Q: how do I configure bucket-level security policies**
A: Apply `PublicAccessBlockConfiguration.BlockPublicAccess` or referer-based hotlink protection via the console, run CLI commands for batch policy updates, or call `CreateAccessPoint` with `OSS4-HMAC-SHA256` authentication for programmatic VPC and FunctionCompute routing.

**Q: what's the best way to configure bucket security**
A: The console is best for quick, one-click public access blocking and hotlink rules. The API and CLI are best for fine-grained `AccessPointArn` management, `NetworkOrigin` restrictions, and automated policy enforcement across multiple buckets.

**Q: how do I manage vector data and indexes**
A: Define indexes with `PutVectorIndex` (specifying `dimension`, `distanceMetric`, and `float32` format), insert embeddings with a `primary key`, and run `QueryVectors` for `topK` similarity searches with metadata filtering. Use `ossutil` for batch terminal operations.

**Q: what's the best way to manage vector data**
A: Use the API for production AI applications requiring real-time similarity search, metadata filtering, and parallel listing (`segmentCount` up to 16). Use the CLI for offline batch imports and scripting without implementing HTTP signing.

**Q: how do I manage objects (upload, download, copy, etc.)**
A: Perform standard object operations through the core REST API, the web console, or the `ossutil` CLI. Choose the interface based on your need for application integration, GUI simplicity, or terminal automation.

**Q: what's the best way to manage objects**
A: The CLI is optimal for scripting, lifecycle management, and bulk transfers. The console is best for visual browsing and ad-hoc file management. The API is required for embedding object operations directly into custom applications or automation pipelines.

**Q: how do I process media files (e.g., hls streaming)**
A: Use the streaming API to manage live channels, RTMP ingest, and VOD playlists, or use the console to quickly build and deploy HLS streams. Apply image transformation styles via API or CLI before distribution.

**Q: what's the best way to process media files**
A: The console provides the fastest path for straightforward HLS stream setup and publishing. The API is best for programmatic live channel management, automated RTMP pipeline orchestration, and integrating streaming workflows into custom applications.

## Key terms
- `OSS4-HMAC-SHA256` is the signature-based authorization method used for authenticating REST API requests to OSS.
- `PublicAccessBlockConfiguration.BlockPublicAccess` is a one-click console toggle that prevents accidental public exposure of bucket contents.
- `PutVectorIndex` is the API operation used to define a vector index with specific dimension, distance metric, and data format parameters.
- `ossutil` is the official command-line interface tool for managing buckets, objects, logging, and vector storage through terminal commands.

## Sources
The authoritative source for all configurations, endpoints, limits, and operational workflows is the official Object Storage Service documentation.

Object Storage Service (OSS) is available as agent-callable skills via DaaS. Route any question to the best skill with `POST https://www.company-skill.com/api/route` `{"query": "...", "product": "oss"}`.

## What you can do

- [Configure monitoring](https://www.company-skill.com/p/oss/oss-configure-monitoring.md): This skill helps users choose the right path to Configure storage access logging and monitoring. Use this skill BEFORE diving into implementation details — it routes you to the appropriate detail skil
- [Configure security](https://www.company-skill.com/p/oss/oss-configure-security.md): This skill helps users choose the right path to Configure bucket-level security policies. Use this skill BEFORE diving into implementation details — it routes you to the appropriate detail skill based
- [Manage data](https://www.company-skill.com/p/oss/oss-manage-data.md): This skill helps users choose the right path to manage vector data and indexes. Use this skill BEFORE diving into implementation details — it routes you to the appropriate detail skill based on your s
- [Manage objects](https://www.company-skill.com/p/oss/oss-manage-objects.md): This skill helps users choose the right path to Manage storage objects (upload, download, copy, etc.). Use this skill BEFORE diving into implementation details — it routes you to the appropriate detai
- [Process files](https://www.company-skill.com/p/oss/oss-process-files.md): This skill helps users choose the right path to Process media files (e.g., HLS streaming). Use this skill BEFORE diving into implementation details — it routes you to the appropriate detail skill base

## Frequently asked questions

### Should I use the API or the console for managing buckets?

Use the **console** for one-off setup, exploration, or visual workflows. Use the **API/CLI** for automation, scripting, or integration into applications.

### How do I authenticate API requests?

Provide your AccessKey ID and Secret via SDK configuration, environment variables, or request signing. For enhanced security, use RAM roles or STS tokens.

### Where can I find CLI (ossutil) documentation?

All CLI operations are covered in **cli**-type sub-skills. Install ossutil from the official repository and configure it using `ossutil config`.

### My API call returns "AccessDenied"—what should I check?

Verify your AccessKey permissions, bucket policy, RAM user policies, and whether the resource (bucket/object) exists. Also confirm correct region and endpoint usage.

### Can I combine API and console usage?

Yes—changes made via API are reflected in the console and vice versa. However, avoid concurrent modifications to the same resource to prevent conflicts.

### How do I configure access logging and monitoring?

You can configure access logging and monitoring by enabling, customizing, and analyzing access logs for auditing and observability. The documentation outlines three alternative paths to implement this, including CLI commands for custom log fields and console guides for viewing logs.

### How do I configure bucket-level security policies?

You configure bucket-level security policies by setting up access controls, blocking public access, configuring CORS, and managing policies through the dedicated security intent skill. This process is supported by four alternative implementation paths across the platform.

### How do I manage vector data and indexes?

You manage vector data and indexes by storing, indexing, and querying vector embeddings for AI applications. This functionality is accessible through two alternative paths, including API endpoints for similarity search and CLI commands for vector storage operations.

### How do I manage storage objects like uploading, downloading, and copying?

You manage storage objects by performing basic and advanced operations across the API, CLI, or console interfaces. The platform provides three alternative paths to execute these tasks via the dedicated object management intent skill.

## Use with an AI agent

```bash
curl -s https://www.company-skill.com/api/route \
  -H 'Content-Type: application/json' \
  -d '{"query": "...", "product": "oss"}'
```

MCP server: https://www.company-skill.com/api/mcp/oss.py

---
Machine-readable: https://www.company-skill.com/llms.txt · https://www.company-skill.com/sitemap.xml